Concur Provisioner

Configure provisioning

About this task

To configure a connection for outbound provisioning to Concur, follow the instructions in this section.

Outbound provisioning details are managed within an SP connection. You can configure outbound provisioning with or without Browser SSO, WS-Trust STS, or both when you create a new SP connection. You can also add outbound provisioning to an existing SP connection.

Steps

  1. In the PingFederate administrator console, configure the data store that PingFederate will use as the source of user data. For instructions, see Datastores in the PingFederate documentation.

    • When targeting users and groups for provisioning, exclude the user account that you will use to administer users in your connection to Concur. This prevents the PingFederate provisioning engine from interfering with the account that provisions users and groups.

  2. Create a new SP connection or select an existing SP connection from the SP Configuration menu.

  3. On the Connection Template screen, select Use a template for this connection and choose Concur from the Connection Template drop-down list. When asked during the connection configuration steps, import the saml-metadata.xml packaged with this connector.

    An image of the Connection Template screen.

    If this selection is not available, verify the connector installation and restart PingFederate.

  4. On the Connection Type screen, ensure the Outbound Provisioning check box is selected, and the Browser SSO Profiles check box is cleared (if appropriate).

  5. On the General Info screen, the default values are taken from the metadata file you selected in step 2. We recommend using the metadata default values.

    An image of the General Info screen.
  6. Follow the connection wizard to configure the connection.

  7. On the Outbound Provisioning screen, click Configure Provisioning.

  8. On the Target screen, enter the values for each field as required by the Concur Connector.

    An image of the Target screen.
    Field Name Description

    OAUTH_ACCESS_TOKEN

    The OAuth access token for the Concur account.

    For more information, see Obtain key and secret and Generate OAuth access token.

  9. Click Next to continue the provisioning configuration. For more information, see the following sections under Outbound provisioning for IdPs in the PingFederate documentation: