<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7UvjSAFOkta Classic EngineOkta Integration NetworkAnswered2024-11-25T09:00:27.000Z2015-11-30T14:29:58.000Z2020-02-13T18:28:14.000Z

  • j5v7c (j5v7c)

    We use it, and you're right, the way Concur has implemented delegated auth for the mobile app is clunky. The user has to open the app and click on the link labeled something like "sign in using SSO". They are then asked for their company code, which can be found in their Concur profile. After entering the company code, you are redirected to your IDP (Okta). I'm not sure why Concur is using a company code rather than email address domain, but assuming you know the code the process works (for us).
    Expand Post

  • qsldk (qsldk)

    Thanks for the response Mark!

     

    After we enter this information we also get redirected to the Okta log in screen the first time. From there on out that doesn't happen again unless the user logs out of their device. Do you experience this as well?

  • Parth Swadas (Customer)

    Hello,

     

    We are planning for Concur SSO integration this week. As per my knowledge, Concur supports two modes for SSO :

     

    1) Mixed mode : Supports both concur login and company login

    If you click on login using company code then users will be redirected to OKTA embed login link otherwise users can login with concur username/password.

    2) Enforced SSO : Supports login only through OKTA

    Enter e-mail address -> Click on company sign-in -> Request will be redirected to OKTA for login.

     

    How is the SSO working for Concur mobile? Anything to be taken care duering implementation or post-implementation?
    Expand Post

  • qsldk (qsldk)

    Hello Parth, We are doing enforced SSO. However the login seems clunky in general. There is no passing of credentials, just a redirect to a different site.

  • Parth Swadas (Customer)

    Hi,

     

    We are observing session time-out issue with Mobile SSO.

     

    Without SSO : Concur has local username/password. So even after the session tiome-out (max. 120 minutes as per concur), concur can re-authenticates users as they Save Sign In and Automatically Sign in options enabled.

     

    OKTA SSO : With SSO enabled, neither Concur/OKTA has the password (We are having AD delegated authentication). So concur re-directs to OKTA every 120 minutes for re-authentication. so users are not having a mobile friendly login as they have to login very frequenlty(after every 120 idle minutes) with mobile SSO enabled.

     

    Is there any work-around for this? I am pretty sure many of us would have faced this issue.
    Expand Post

  • Parth Swadas (Customer)

    Hi,

     

    Has anyone observed session time-out issue? As per concur team, they have max. time-out of 120 minutes. So after every 120 idle minutes, user has to login to SSO. (Without SSO, concur has local credentials so it keeps user logged-in which is not the case for SSO).
    Expand Post

  • f4lsf (f4lsf)

    Has anyone else figured out a way to have a better experience on the iPad and iPhone with Concur and enforce SSO? Our IdP session timeouts are set in excess of 120 minutes for Concur, yet we are still be prompted more frequently. Actually on the iPad it seems to be even more frequently than on the iPhone. Our sales people use concur 3-4 times a day, and we are trying to find a way for them to only login once a day.

     

    I was told that if you enfore SSO that 120 minutes is the max timeout that Concur can provide? Has anyone else figured how to increase the time-out with SSO enforced on mobile devices?
    Expand Post

  • RyanK.26316 (Customer)

    Very old post, but just a heads up that enabling Touch ID / Face ID in the Concur Mobile app settings gets around the timeout issue for iOS devices. No good workaround found yet for Android

This question is closed.
Loading
Concur Mobile App and Okta SSO