Thank you for choosing Centrify!
The following is an end-to-end guide for integrating Concur with the Centrify Identity Service platform. The integration helps to eliminate identity silos with administrators having to manage user's access across multiple systems and end users having to remember multiple usernames and passwords. The integration allows administrators to manage user's access from one common directory (i.e. Active Directory), including inheritance of your active directory group policies to secure access to Concur. End users enjoy the benefit of single sign-on to Concur, leveraging a credential they already know and use on a daily basis - their active directory credentials.
Install time ~ 1-3 hours
1) Concur account
2) Centrify Identity Service account
3) Active Directory
4) Windows server for Centrify Connector (requirements below)
Let's get started
1) Log into your Centrify Identity Service tenant.
2) Once logged on, you will be presented with Centrify’s configuration wizard. You can choose to use the wizard for general setup, however, for purposes of this guide, you can check the ‘Don’t show this to me again’ box and close the window. This will stop the wizard from appearing during the configuration process.
3) Install the Centrify Connector following this guide:
4) Next, we must create roles in Centrify to contain the users of the Concur application. Concur has two roles a user can be assigned: (1) administrator or (2) end user. For the purposes of this guide, we will create an administrator role for all the Concur administrators and an end users role for all non-administrator users (e.g. employees of a company). To create a role, navigate to 'Roles' -> 'Add Role'. Name the role 'Concur Administrators'.
5) In the 'Members' tab, add the administrator users from your active directory. Members can be individual users or security groups with one or more users within the group. In this example, I've added the 'Domain Admins' group as the users who will have administrator access to Concur.
6) Add another role for Concur end users. Add the appropriate users from active directory as members to the role.
7) Next, navigate to the 'Apps' menu, click 'Add Web Apps', then search for the 'Concur' application. Choose the 'Concur SAML + Provisioning' template by clicking 'Add'.
8) Within the 'Application Settings' page, you will see the 'Identity Provider Logout URL' and 'Download Signing Certificate'. To enable single sign-on for Concur, you must contact your Concur customer success manager and provide them the following two configurations from your Centrify Identity Service console. Download the Centrify certificate and provide the file and the logout Identity Provider Logout URL to Concur. Concur will enable single sign-on and apply the settings to your Concur tenant.
9) Next, open the 'User Access' tab. Select the Centrify roles you've created for Concur and click 'Save'.
10) When Concur has completed enabling your Concur tenant for single sign-on, log into your Centrify Identity Service user portal. Click on the Concur application tile to confirm you are able to log into Concur.
We hope this guide was helpful. If you have any questions, please use this forum thread as a resource or contact Centrify - https://www.centrify.com/about-us/contact/
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.