Update Oct 6 2017: if you are using Concur's secondary endpoint, the instructions will be the same, but please ensure you choose the "Secondary Endpiont" app from the catalog.
These steps will guide you through setting up the Single Sign-On functionality between OneLogin and Concur.
If you want to set up SSO for Concur using form-based authentication, see Adding a Form-Based Application.
Setting Up OneLogin
Starting in the OneLogin admin dashboard portal, do the following:
Go to to Apps > Add Apps.
Search for Concur and select it.
Ensure that SAML2.0 - user provisioning is selected under Connectors.
You can change the Display Name.
Click Save to display additional configuration tabs.
Select the Parameters tab.
Default mappings for SSO are as follows:
User ID -> Email
Select the SSO tab.
Copy the SAML 2.0 Endpoint (HTTP) URL.
- Click View Details.
- Select the Clipboard Icon to copy the entirety of the X.509 Certificate string.
Contact your OneLogin Account Manager to request enablement of this integration for your account.
Record the SAML 2.0 Endpoint (HTTP) and X.509 Certificate that you copied above.
Troubleshooting Email Mismatch
In some cases, the Concur account admin email may not match the OneLogin admin email. This can be remedied by doing the following:
- Go to Users > Account_Owner.
- Select the Applications tab.
- Select Concur to open the Edit Login pane.
Here you may overwrite the default fields for your Concur login and insert the correct information to match your OneLogin credentials with your Concur credentials.