Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Create New Account in SAP Concur

ghrk
New Contributor
New Contributor

We have requirement to integrate SAP Concur for operations account creation, update, disable and enable operations.

As per the documentation the account creation operation does not supported, even it is confirmed in the forum post.
Could you please let us know the Saviynt option/Solution to create SAP Concur Account.

https://docs.saviyntcloud.com/bundle/SAPConcur-v24x/page/Content/Supported-Features-v2022x.htm 

https://forums.saviynt.com/t5/identity-governance/createaccount-json-sap-concur/m-p/93382#M60822

Thanks

 

19 REPLIES 19

rushikeshvartak
All-Star
All-Star

You can use external Jar


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Rajatlm10
New Contributor III
New Contributor III

@ghrk 

The create for SAP will work thru the Saviynt. I also worked on SAP concur integration and was able to get the createAccount working. 

If you are able to get the account created thru postman then you should be able to create it through Saviynt. 

Can you share working json


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Rajatlm10
New Contributor III
New Contributor III

@rushikeshvartak 

{
"accountIdPath": "call1.message.id",
"call": [
{
"name": "call1",
"connection": "acctAuth",
"url": "https://xyz/Users",
"httpMethod": "POST",
"httpParams": "{\"schemas\":[\"urn:ietf:params:scim:schemas:core:2.0:User\"],\"emails\":[{ \"value\":\${user.email}\",\"type\": \"work\"}],\"active\":true,\"userName\":\"${user.email}\",\"name\":{\"formatted\":\"abc\",\"familyName\":\"abc\",\"givenName\":\"abc\"},\"urn:ietf:params:scim:schemas:extension:spend:2.0:User\":{\"ledgerCode\":\"abc\",\"country\":\"US\",\"locale\":\"en_US\",\"reimbursementCurrency\":\"USD\",\"customData\": [ {\"id\":\"custom21\",\"value\":\"US\"}, {\"id\":\"orgUnit1\",\"value\":\"xyz\"},{\"id\":\"custom20\",\"value\":\"xyz\"},{\"id\":\"orgUnit4\",\"value\":\"xyz\"},{\"id\":\"orgUnit2\",\"value\":\"xyz\"},{\"id\":\"custom1\",\"value\":\"apitest@xyz.com\"}]},\"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User\":{\"employeeNumber\":\"${user.email}\", \"companyId\":\"xyz\"},\"urn:ietf:params:scim:schemas:extension:spend:2.0:Role\":{\"roles\":[{\"roleName\": \"role1\"},{\"roleName\": \"role2\"},{\"roleName\": \"role3\"},{\"roleName\": \"role4\"}]}}",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200
]
},
"unsuccessResponses": {
"statusCode": [
400,
401,
404,
500,
501,
502,
503,
504
]
}
}
]
}

Hi @ghrk @Rajatlm10 @rushikeshvartak ,

This seems to be a simple straight forward JSON to create users in SAP concur via Saviynt. Do you have any idea why this is not documented in the supported features list in the documentation?

Hi @Darshanjain , can you please share your inputs here.

Thanks


Thanks & Regards,
Haardik Verma

Provide feedback on documentation


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

rajsannidhi
Regular Contributor
Regular Contributor

Hi @Rajatlm10 @haardik_verma 

We are also looking for concur integration, just wanted to confirm if create account and adding access (roles/entitlements) supported or not. Were you able to implement these use cases successfully. We are on version 24.5. Thank You!

Hi @rajsannidhi ,

The create account part is supported on Concur API v4.
The Saviynt documentation Supported Software Versions (saviyntcloud.com) has mentioned the usage of Concur API v3 and hence it says that create account is not supported.

But since we are using a plain ootb REST connector in Saviynt for Concur, we can achieve create account by using v4 APIs of concur; I believe that's what @Rajatlm10 has used.

I am not sure if adding access (roles/entitlements) is supported or not, but if APIs are available, it should work.


Thanks & Regards,
Haardik Verma

Can we directly integrate with concur PROD instance, does concur allow us to test API calls directly in PROD?

Is it mandatory for setting 3rd party app integration with a sandbox environment first, test API calls and then promote the app to PROD.

This is ideal practice you should first validate all application with sandbox then move to PROD. to avoid large user impact


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

I agree with you, just checking because our customer doesn't have concur test instance, so wanted to know if concur allows to do it or not, based on what I found I think they would want us to test with sandbox first. Just looking for confirmation.

rajsannidhi
Regular Contributor
Regular Contributor

@haardik_verma Thank you for providing the details.
@rushikeshvartak Provided Feedback on the documentation.

rajsannidhi
Regular Contributor
Regular Contributor

Hi @haardik_verma @rushikeshvartak 

Our customer has created a sandbox environment, I tried using Application Integration, what is the x-consumer key, is it client secret?

rajsannidhi_0-1726850871018.png

can you please confirm which authentication should we use, is it Authorization grant or Password Grant. Can you please share a sample connection JSON if we can use Authorization Grant. Thank you for help and support. 

[This post has been edited by a Moderator to remove sensitive information.]

 

  • x-consumer key: This is typically the API key or client ID provided when you register your application. It is not the same as the client secret.

  • Authentication Method: The choice between Authorization Grant and Password Grant depends on your application's requirements.

    • Authorization Code Grant is more secure and is used when you need to authenticate users via a web interface.
    • Password Grant is simpler and used when you trust the client to handle user credentials directly.

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

rajsannidhi
Regular Contributor
Regular Contributor

@rushikeshvartak Thank for quick response. So, we can update the connection JSON after the connection is created accordingly with the grant type we are using.

Because the application onboarding only has username and password options but with authorization grant, we need to provide access and refresh tokens. Can you please review below connection JSON for authorization grant, based on SAP Concur Developer Center | Authentication I think we don't need Authorization in "httpHeaders":

{
"authentications": {
"acctAuth": {
"authType": "oauth2",
"url": "https://*****.api.concursolutions.com",
"httpMethod": "POST",
"httpParams": {
"grant_type": "refresh_token",
"refresh_token": "${refresh_token}"
},
"httpHeaders": {
"Content-Type": "application/x-www-form-urlencoded",
"Authorization": "Basic xxxxxxyyyyyyyyzzzzzz"
},
"httpContentType": "application/x-www-form-urlencoded",
"expiryError": "ExpiredAuthenticationToken",
"authError": [
"USER_AUTHENTICATION_FAILED",
"PARTNER_AUTHENTICATION_FAILED",
"AuthenticationFailed"
],
"refreshType": "RefreshToken",
"refreshTokenResponsePath":"refresh_token",
"refreshToken":"xxxxxxyyyyyyyyzzzzzz",
"timeOutError": "Read timed out",
"errorPath": "errorCode",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Bearer",
"retryFailureStatusCode": [
401
],
"accessToken":"Bearer xxxxxxyyyyyyyyzzzzzz"
}
}
}

[This post has been edited by a Moderator to remove sensitive information.]

Refer https://docs.saviyntcloud.com/bundle/SAPConcur-v24x/page/Content/Establishing-Connection-with-SAP-Co...


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

@rushikeshvartak In the documentation, connection JSON only has username and password options but no JSON for authorization grant. Also, create account JSON is not available. Can this be added to the documentation. Thank You!

Please add feedback on documentation page https://docs.saviyntcloud.com/bundle/Doc-Site-Help/page/Content/Sharing-your-feedback.htm


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

rajsannidhi
Regular Contributor
Regular Contributor

@rushikeshvartak Provided feedback. Thank you!