Quick Connection Guide



Similar documents
Internet Information Services Integration Kit. Version 2.4. User Guide

PHP Integration Kit. Version User Guide

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1

Java Integration Kit. Version User Guide

PingFederate. Windows Live Cloud Identity Connector. User Guide. Version 1.0

Information on Syslog For more information on syslog, see RFC Released: December 2006 Interoperability issues: None. Table 1: Syslog at a Glance

PingFederate. Identity Menu Builder. User Guide. Version 1.0

HP Software as a Service. Federated SSO Guide

Using SAML for Single Sign-On in the SOA Software Platform

PingFederate. SSO Integration Overview

Strong Authentication for Juniper Networks

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Flexible Identity Federation

HP Software as a Service

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

INTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server

CA Nimsoft Service Desk

Syslog on Polycom Phones

Dell One Identity Cloud Access Manager How to Develop OpenID Connect Apps

Using Premium Automatic Call Distribution for Call Centers

Security Assertion Markup Language (SAML) Site Manager Setup

Configuration Guide - OneDesk to SalesForce Connector

INTEGRATION GUIDE. DIGIPASS Authentication for VMware Horizon Workspace

Google Drive. Administrator's Guide

PingFederate. IWA Integration Kit. User Guide. Version 3.0

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

Self Help Guides. Create a New User in a Domain

Technical Note: Setting Up Authorized Reference GL Account IDs for Use when Posting AP Invoices

Strong Authentication for Juniper Networks SSL VPN

Sage HRMS 2014 Sage Employee Self Service Tech Installation Guide for Windows 2003, 2008, and October 2013

PingFederate. OpenID Cloud Identity Connector. User Guide. Version 1.1

Ameritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines

PingFederate. IWA Integration Kit. User Guide. Version 2.6

SAP Cloud Identity Service Document Version: SAP Cloud Identity Service

Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP

Enabling Single Sign- On for Common Identity using F5

PingFederate. Integration Overview

Egnyte Single Sign-On (SSO) Installation for OneLogin

IBM WebSphere Application Server

SAML Authentication with BlackShield Cloud

OneLogin Integration User Guide

idp Connect for OutSystems applications

Sage Cloud Connector Getting Started Guide. January 2014

MiSync Personal for Beams

LDAP Synchronization Agent Configuration Guide for

Integration Overview. Web Services and Single Sign On

INTEGRATION GUIDE. DIGIPASS Authentication for SimpleSAMLphp using IDENTIKEY Federation Server

Document Exchange Server 2.5

Portal Administration. Administrator Guide

Intel Active Management Technology with System Defense Feature Quick Start Guide

Leverage Your EMC Storage Investment with User Provisioning for Syncplicity:

docs.rackspace.com/api

DIGIPASS as a Service. Google Apps Integration

ios Deployment Simplified FileMaker How To Guide

CA Nimsoft Service Desk

Front-Office Server 2.7

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN

Getting Started with Apple Pay on the Authorize.Net Platform

Foglight Experience Monitor and Foglight Experience Viewer

Dell Statistica Document Management System (SDMS) Installation Instructions

HOTPin Integration Guide: Google Apps with Active Directory Federated Services

FortiAuthenticator Agent for Microsoft IIS/OWA. Install Guide

InQFlow. Administrator Guide. March 2009 Constellation HomeBuilder Systems, Inc. All right reserved

Security Analytics Engine 1.0. Help Desk User Guide

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Salesforce

DIGIPASS CertiID. Getting Started 3.1.0

Business Portal for Microsoft Dynamics GP Field Service Suite

formerly Help Desk Authority HDAccess Administrator Guide

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Tableau Server

Configuring ADFS 3.0 to Communicate with WhosOnLocation SAML

Stone Edge Integration Guide

Using Enhanced Feature Keys and Configurable Soft Keys on Polycom Phones

Symantec Backup Exec TM 11d for Windows Servers. Quick Installation Guide

Business Portal for Microsoft Dynamics GP. Electronic Document Delivery Release 10.0

Dell One Identity Cloud Access Manager Installation Guide

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

VERITAS Backup Exec 9.1 for Windows Servers Quick Installation Guide

Dell One Identity Cloud Access Manager How to Configure vworkspace Integration

Polycom RSS 4000 / RealPresence Capture Server 1.6 and RealPresence Media Manager 6.6

Contents Firewall Monitor Overview Getting Started Setting Up Firewall Monitor Attack Alerts Viewing Firewall Monitor Attack Alerts

Xerox Security Bulletin XRX13-006

ACT! by Sage. Premium for Workgroups 2007 (9.0) Administrator s Guide to the ACT! Reader Utility

BlackBerry Web Desktop Manager. Version: 5.0 Service Pack: 4. User Guide

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

Dell Statistica Statistica Enterprise Installation Instructions

AIMS Installation and Licensing Guide

Symantec Backup Exec 2010 R2. Quick Installation Guide

Strong Authentication for Cisco ASA 5500 Series

Synology SSO Server. Development Guide

OAuth 2.0 Developers Guide. Ping Identity, Inc th Street, Suite 100, Denver, CO

Symantec Backup Exec Management Plug-in for VMware User's Guide

Self Help Guides. Setup Exchange with Outlook

SIMPLIFY MICROSOFT CRM AND QUICKBOOKS INTEGRATION Microsoft Dynamics CRM Online to QuickBooks Bidirectional

Active Directory Reporter Quick start Guide

Quick Guide to Using your Nokia Phone with Windows 95 Fax - Exchange for Windows 95 or Windows Messaging for Windows 95

Transcription:

Concur Connector Version 1.0 Quick Connection Guide

2015 Ping Identity Corporation. All rights reserved. PingFederate Concur Connector Quick Connection Guide Version 1.0 May, 2015 Ping Identity Corporation 1001 17th Street, Suite 100 Denver, CO 80202 U.S.A. Phone: 877.898.2905 (+1 303.468.2882 outside North America) Fax: 303.468.2909 Web Site: www.pingidentity.com Trademarks Ping Identity, the Ping Identity logo, PingFederate, PingOne, PingConnect, and PingEnable are registered trademarks of Ping Identity Corporation ("Ping Identity"). All other trademarks or registered trademarks are the property of their respective owners. Disclaimer The information provided in this document is provided "as is" without warranty of any kind. Ping Identity disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Ping Identity or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Ping Identity or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Document Lifetime Ping Identity may occasionally update online documentation between releases of the related software. Consequently, if this PDF was not downloaded recently, it may not contain the most up-to-date information. Please refer to documentation.pingidentity.com for the most current information. From the Web site, you may also download and refresh this PDF if it has been updated, as indicated by a change in this date: May 15, 2015. PingFederate Concur Connector 2 Quick Connection Guide

Contents Introduction... 4 Supported Features... 4 System Requirements... 4 ZIP Manifest... 4 Installation and Setup... 4 Getting Started... 4 Installing the Connector... 9 Configuring Server Settings... 9 Configuring a Connection... 9 Complete Setup of SAML SSO to Concur... 12 Attribute Index... 12 PingFederate Concur Connector 3 User Guide

Introduction This document assumes you have read the Introduction section of the SaaS Connector User Guide. (http://documentation.pingidentity.com/display/saasqcg/introduction) Supported Features Outbound User Provisioning Browser-based IDP-initiated SSO System Requirements The Concur Connector requires installation of PingFederate 7.2.1 or higher and the Common Provisioning Layer (CPL) 2.0.2 or higher (prov-cpl-2.0.2.jar). ZIP Manifest The distribution ZIP file for the Connector contains the following: ReadMeFirst.pdf contains links to this online documentation. saml-metadata.xml The metadata used for Browser SSO /legal: Legal.pdf copyright and license information. /dist contains libraries needed for the Connector: pf-concur-quickconnection-1.0.jar PingFederate Concur Connector prov-cpl-2.0.2.jar PingFederate Common Provisioning Layer Installation and Setup The following sections explain how to obtain the necessary information required for installing and configuring this SaaS Connector. Please follow these sections completely and in order. Getting Started Before you can configure this Connector, you will need to complete the following steps. Tip: Some of the following steps result in information to be used at a later time in this User Guide. It is recommended that you copy this information to a secure location to reference in later steps. PingFederate Concur Connector 4 Quick Connection Guide

Obtain Your OAuth 2.0 Access Token The Concur Connectors Outbound Provisioning functionality is built using Concur s REST API, which requires an OAuth 2.0 access token for authentication. To obtain the access token, you will need to first obtain your Consumer Key and Secret from Concur. To Obtain Your Consumer Key & Secret from Concur: Note: Concur provides Web Services such as provisioning as an optional extra to its customers. Check with Concur that you have Web Services available as part of your setup. Concur will provide you with the OAuth key and secret you require. 1. Log into Concur as an administrative user. 2. Go to the WebServices Admin panel 3. Select the Register Partner Application 4. Create a new or modify an existing application and ensure it is configured as follows: Enter any descriptive name into the Name field. Enter any description or PingFederate Concur Connector Outbound Provisioning into the Description field. Ensure the Active status is set to Active. Ensure the Users- Add or Update User Accounts option is enabled in the APIs list. Copy the Application Authorization s Key and Secret value to use in the next section. PingFederate Concur Connector 5 User Guide

To Obtain Your OAuth 2.0 Access Token: PingFederate Concur Connector 6 Quick Connection Guide

1. Visit Ping Identity s OAuth Configuration Service (OCS) here. (https://oauth.pingone.com/ocs/ppm/rest/v1/oauth/oasrequestform) 2. Select the Concur Web Connector option from the select menu. 3. Enter your Concur Consumer Key in the ClientID text box. 4. Enter your Concur Consumer Secret in the Client Secret text box. 5. Click the Connect button. 6. Log into Concur with an administrative account. Note: If you are already signed in to Concur, you will not be asked to log in again. Please be sure that the account you are signed in under is an administrative account. 7. You will be informed that your Application is requesting access to Add or update Concur user accounts. Click the Allow button to continue. 8. You should have been redirected back to the OCS and presented with an Access Token. Make note of the Access Token to use in a later step when Cofiguring your connection. PingFederate Concur Connector 7 User Guide

Obtain the Concur SAML 2.0 Metadata XML This Connectors quick-connection template uses a metadata XML file to assist in configuring many settings in the SP Connection. When asked during the Connection configuration steps, import the saml-metadata.xml packaged with this connector. Synchronizing Existing Concur Users Important: If your Concur account already has Users you wish to provision with the Concur connector, this is possible by following the steps below. To provision existing User accounts on Concur: Ensure that the value mapped to the empid attribute, (when configuring the connector) matches the existing Concur Users EmployeeId exactly as it appears in Concur. For example, if on the Attribute Mapping screen, the User empid attribute is mapped to the User employeeid attribute in your LDAP. This will synchronize a User that already exists on Concur with an EmployeeId in Concur of 123abc to the User in your LDAP who has an employeeid attribute value of 123abc. When the Concur connector provisions for the first time, this address will be used to synchronize the User in your LDAP data store with the User in Concur. PingFederate Concur Connector 8 Quick Connection Guide

Installing the Connector To install the Concur Connector, please follow the instructions in the Installing the Connector section of the SaaS Connector User Guide. (http://documentation.pingidentity.com/display/saasqcg/installation+and+setup# InstallationandSetup-pID0E0SC0HA) Configuring Server Settings To configure Server Settings in preparation of configuring the Concur Connector, please follow the instructions in the Configuring Server Settings section of the SaaS Connector Guide. (http://documentation.pingidentity.com/display/saasqcg/configuring+server+sett ings#configuringserversettings-pid0e0fc0ha) Configuring a Connection Important: This section directs you to the SaaS Connector User Guide for most of the steps to configure this Connector but contains additional steps that need to be followed to successfully configure this Connector. Ensure you follow the additional steps below as directed. To Configure a Connection using the Concur Connector, please follow the instructions in the Configuring a Connection section of the SaaS Connector User Guide, making the adjustments listed in the following section. (http://documentation.pingidentity.com/display/saasqcg/configuring+a+connectio n#configuringaconnection-pid0e0vb0ha) Additional Steps On the Connection Template screen, select Concur as the Connection Template to use for this SP Connection. You will be asked to provide the saml-metadata.xml file you obtained earlier in the Getting Started section of this User Guide. PingFederate Concur Connector 9 User Guide

On the General Info screen, the default values are taken from the metadata file you selected in an earlier step. We recommend using these default values. PingFederate Concur Connector 10 Quick Connection Guide

On the Target screen when configuring provisioning, enter the Access Token value you obtained in the Obtain Your OAuth 2.0 Access Token section of this User Guide into the OAUTH_ACCESS_TOKEN field and click Done. PingFederate Concur Connector 11 User Guide

Complete Setup of SAML SSO to Concur The following section describes the steps for configuring IDP-initiated SSO to Concur. 1. Obtain the base-64 x509 certificate that will be used for SSO in your SP Connection. 2. Contact your Concur account representative to obtain a work order which will enable the Concur technical team to assist you in setting up SSO for your organization. Be sure to include your base-64 x509 certificate in your request. Important: The SAML_SUBJECT configured in the Attribute Contract Fulfillment section of this SP Connection must match the user s loginid in Concur. Attribute Index The following table consists of the attributes that can be mapped on a User during provisioning. Important: Many fields are required based on your Concur account s configuration. Please ensure that you are sending data for all user fields that are required based on your configuration. Attribute loginid empid emailaddress Password firstname mi lastname crnkey Description The user's logon ID. This value must be unique. The unique identifier for the user. This value must be unique. The user's email address. The user's password. This element can be used to enter the password for a new user, but cannot be used to update the password for an existing user. The user's first name. The user's middle initial. The user's last name. The 3-letter ISO 4217 currency code for the user's reimbursement currency. (http://en.wikipedia.org/wiki/iso_4217) Example: The crnkey for the United States Dollar is USD. ctrycode The ISO 3166-1 alpha-2 country code. (http://en.wikipedia.org/wiki/iso_3166-1_alpha-2) Example: The ctrycode for the United States is US. ctrysubcode The user's two-character country code and two-character state or province code. PingFederate Concur Connector 12 Quick Connection Guide

Example: Washington State, United States is US-WA. ledgerkey The user's assigned account code ledger. Example: DEFAULT localename The user's language locale code. List of the Supported Locales. (https://developer.concur.com/node/640) Example: United States English is en_us. The supported languages vary by company but always include en_us. tripuser expenseuser expenseuserapprover invoiceuser invoiceuserapprover istestemp custom1 through custom21 orgunit1 through orgunit6 Whether the user has access to Travel. Valid values include: Y/N. Whether the user has access to Expense. Valid values include: Y/N. Whether the user is an Expense approver. Valid values include: Y/N. Whether the user has access to Invoice. Valid values include: Y/N. Whether the user is an Invoice approver. Valid values include: Y/N. Whether the user is a Test Employee. Valid values include: Y/N. The custom fields on the Employee form. Varies depending on configuration. There are two types of custom lists: simple lists and connected (multi-level) lists. We do not support connected lists. The custom organizational unit fields on the Employee form. Varies depending on configuration. PingFederate Concur Connector 13 User Guide

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information