The following section describes the steps for configuring single sign-on (SSO) to Concur. Configuring SAML SSO involves configuring both the PingFederate SP connection and Concur.

Note: Configuring SSO is optional for outbound provisioning.
  1. Create a new SP connection or select an existing SP connection from the SP Configuration menu.
  2. On the Connection Template screen, select the Use a template for this connection option and choose Concur from the Connection Template drop-down list. When asked during the connection configuration steps, import the saml-metadata.xml packaged with this connector.
    An image of the Connection Template screen.
  3. On the Connection Type screen, ensure that the Browser SSO Profiles check box is selected.
  4. On the General Info screen, the default values are taken from the metadata file you selected in step 2. We recommend using the metadata default values.
    An image of the General Info screen.
  5. Click Next to continue the Browser SSO configuration. For more information, see the following sections under Identity provider SSO configuration:
    Important: The SAML_SUBJECT configured on the IdP Adapter Mapping > Attribute Contract Fulfillment screen must match the user's loginId configured in Concur.
  6. On the Credentials > Digital Signature Settings screen, select the signing certificate.
  7. On the Activation & Summary screen, set Connection Status to Active, then click Save.
    Tip: If you are not ready to complete the SSO configuration, you can click Save and return to the configuration page later. To return to the configuration page, select the connection from Identity Provider > SP Connections > Manage All.