• No results found

Quick Connection Guide

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Quick Connection Guide"

Copied!
13
0
0

Loading.... (view fulltext now)

Download now ( 13 Page )

Full text

(1)

Concur Connector

Version 1.0

(2)

© 2015 Ping Identity® Corporation. All rights reserved. PingFederate Concur Connector Quick Connection Guide Version 1.0

May, 2015

Ping Identity Corporation 1001 17th Street, Suite 100 Denver, CO 80202

U.S.A.

Phone: 877.898.2905 (+1 303.468.2882 outside North America) Fax: 303.468.2909

Web Site: www.pingidentity.com Trademarks

Ping Identity, the Ping Identity logo, PingFederate, PingOne, PingConnect, and PingEnable are registered trademarks of Ping Identity Corporation ("Ping Identity"). All other trademarks or registered trademarks are the property of their respective owners.

Disclaimer

The information provided in this document is provided "as is" without warranty of any kind. Ping Identity disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Ping Identity or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Ping Identity or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Document Lifetime

Ping Identity may occasionally update online documentation between releases of the related software.

Consequently, if this PDF was not downloaded recently, it may not contain the most up-to-date information. Please refer to documentation.pingidentity.com for the most current information.

From the Web site, you may also download and refresh this PDF if it has been updated, as indicated by a change in this date: May 15, 2015.

(3)

Contents

Introduction ... 4

Supported Features ... 4

System Requirements ... 4

ZIP Manifest... 4

Installation and Setup ... 4

Getting Started ... 4

Installing the Connector... 9

Configuring Server Settings ... 9

Configuring a Connection ... 9

Complete Setup of SAML SSO to Concur... 12

Attribute Index ... 12

(4)

Introduction

This document assumes you have read the Introduction section of the SaaS Connector User Guide. (http://documentation.pingidentity.com/display/SaaSQCG/Introduction)

Supported Features

• Outbound User Provisioning

• Browser-based IDP-initiated SSO

System Requirements

The Concur Connector requires installation of PingFederate 7.2.1 or higher and the Common Provisioning Layer (CPL) 2.0.2 or higher (prov-cpl-2.0.2.jar).

ZIP Manifest

The distribution ZIP file for the Connector contains the following:

• ReadMeFirst.pdf – contains links to this online documentation. • saml-metadata.xml – The metadata used for Browser SSO • /legal:

– Legal.pdf – copyright and license information. • /dist – contains libraries needed for the Connector:

– pf-concur-quickconnection-1.0.jar – PingFederate Concur Connector

– prov-cpl-2.0.2.jar – PingFederate Common Provisioning Layer

Installation and Setup

The following sections explain how to obtain the necessary information required for installing and configuring this SaaS Connector. Please follow these sections completely and in order.

Getting Started

Before you can configure this Connector, you will need to complete the following steps.

Tip: Some of the following steps result in information to be used at a later time in this User Guide. It is recommended that you copy this information to a secure location to reference in later steps.

(5)

Obtain Your OAuth 2.0 Access Token

The Concur Connectors Outbound Provisioning functionality is built using Concur’s REST API, which requires an OAuth 2.0 access token for authentication. To obtain the access token, you will need to first obtain your Consumer Key and Secret from Concur.

To Obtain Your Consumer Key & Secret from Concur:

Note: Concur provides Web Services such as provisioning as an optional extra to its customers. Check with Concur that you have Web Services available as part of your setup. Concur will provide you with the OAuth key and secret you require.

1. Log into Concur as an administrative user. 2. Go to the WebServices Admin panel 3. Select the Register Partner Application

4. Create a new or modify an existing application and ensure it is configured as follows:  Enter any descriptive name into the Name field.

 Enter any description or “PingFederate Concur Connector Outbound Provisioning” into the

Description field.

 Ensure the Active status is set to Active.

 Ensure the Users- Add or Update User Accounts option is enabled in the APIs list.

 Copy the Application Authorization’s Key and Secret value to use in the next section.

(6)
(7)

1. Visit Ping Identity’s OAuth Configuration Service (OCS) here.

(https://oauth.pingone.com/ocs/ppm/rest/v1/oauth/oasrequestform)

2. Select the Concur Web Connector option from the select menu. 3. Enter your Concur Consumer Key in the ClientID text box.

4. Enter your Concur Consumer Secret in the Client Secret text box. 5. Click the Connect button.

6. Log into Concur with an administrative account.

Note: If you are already signed in to Concur, you will not be asked to log in again. Please be sure that the account you are signed in under is an administrative account. 7. You will be informed that your Application is requesting access to Add or update Concur user

accounts. Click the Allow button to continue.

8. You should have been redirected back to the OCS and presented with an Access Token. Make note of the Access Token to use in a later step when Cofiguring your connection.

(8)

Obtain the Concur SAML 2.0 Metadata XML

This Connectors quick-connection template uses a metadata XML file to assist in configuring many settings in the SP Connection. When asked during the Connection configuration steps, import the

saml-metadata.xml packaged with this connector.

Synchronizing Existing Concur Users

Important: If your Concur account already has Users you wish to provision with the Concur connector, this is possible by following the steps below.

To provision existing User accounts on Concur:

Ensure that the value mapped to the empId attribute, (when configuring the connector) matches the

existing Concur Users EmployeeId exactly as it appears in Concur.

For example, if on the Attribute Mapping screen, the User empId attribute is mapped to the User employeeID attribute in your LDAP. This will synchronize a User that already exists on Concur with

an EmployeeId in Concur of 123abc to the User in your LDAP who has an employeeID attribute value

of 123abc.

When the Concur connector provisions for the first time, this address will be used to synchronize the User in your LDAP data store with the User in Concur.

(9)

Installing the Connector

To install the Concur Connector, please follow the instructions in the Installing the Connector section of the SaaS Connector User Guide.

(http://documentation.pingidentity.com/display/SaaSQCG/Installation+and+Setup# InstallationandSetup-pID0E0SC0HA)

Configuring Server Settings

To configure Server Settings in preparation of configuring the Concur Connector, please follow the instructions in the Configuring Server Settings section of the SaaS Connector Guide.

(http://documentation.pingidentity.com/display/SaaSQCG/Configuring+Server+Sett ings#ConfiguringServerSettings-pID0E0FC0HA)

Configuring a Connection

Important: This section directs you to the SaaS Connector User Guide for most of the steps to configure this Connector but contains additional steps that need to be followed to

successfully configure this Connector. Ensure you follow the additional steps below as directed.

To Configure a Connection using the Concur Connector, please follow the instructions in the

Configuring a Connection section of the SaaS Connector User Guide, making the adjustments listed in the following section.

(http://documentation.pingidentity.com/display/SaaSQCG/Configuring+a+Connectio n#ConfiguringaConnection-pID0E0VB0HA)

Additional Steps

• On the Connection Template screen, select Concur as the Connection Template to use for this SP Connection. You will be asked to provide the saml-metadata.xml file you obtained earlier in the

Getting Started section of this User Guide.

(10)

• On the General Info screen, the default values are taken from the metadata file you selected in an earlier step. We recommend using these default values.

(11)

• On the Target screen when configuring provisioning, enter the Access Token value you obtained in the Obtain Your OAuth 2.0 Access Token section of this User Guide into the

OAUTH_ACCESS_TOKEN field and click Done.

(12)

Complete Setup of SAML SSO to Concur

The following section describes the steps for configuring IDP-initiated SSO to Concur. 1. Obtain the base-64 x509 certificate that will be used for SSO in your SP Connection.

2. Contact your Concur account representative to obtain a work order which will enable the Concur technical team to assist you in setting up SSO for your organization. Be sure to include your base-64 x509 certificate in your request.

Important: The SAML_SUBJECT configured in the Attribute Contract Fulfillment section of this SP Connection must match the user’s loginId in Concur.

Attribute Index

The following table consists of the attributes that can be mapped on a User during provisioning.

Important: Many fields are required based on your Concur account’s configuration. Please ensure that you are sending data for all user fields that are required based on your

configuration.

Attribute Description

loginId The user's logon ID. This value must be unique.

empId The unique identifier for the user. This value must be unique. emailAddress The user's email address.

Password The user's password. This element can be used to enter the password for a

new user, but cannot be used to update the password for an existing user.

firstName The user's first name.

mI The user's middle initial.

lastName The user's last name.

crnKey The 3-letter ISO 4217 currency code for the user's reimbursement

currency. (http://en.wikipedia.org/wiki/ISO_4217)

Example: The crnKey for the United States Dollar is USD. ctryCode The ISO 3166-1 alpha-2 country code.

(http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)

Example: The ctryCode for the United States is US.

ctrySubCode The user's two-character country code and two-character state or

(13)

Example: Washington State, United States is US-WA. ledgerKey The user's assigned account code ledger.

Example: DEFAULT

localeName The user's language locale code. List of the Supported Locales. (https://developer.concur.com/node/640)

Example: United States English is en_US. The supported languages vary by company but always include en_US.

tripUser Whether the user has access to Travel. Valid values include: Y/N. expenseUser Whether the user has access to Expense. Valid values include: Y/N. expenseUserApprover Whether the user is an Expense approver. Valid values include: Y/N. invoiceUser Whether the user has access to Invoice. Valid values include: Y/N. invoiceUserApprover Whether the user is an Invoice approver. Valid values include: Y/N. isTestEmp Whether the user is a Test Employee. Valid values include: Y/N. custom1 through

custom21

The custom fields on the Employee form. Varies depending on configuration. There are two types of custom lists: simple lists and connected (multi-level) lists. We do not support connected lists.

orgUnit1 through orgUnit6

The custom organizational unit fields on the Employee form. Varies depending on configuration.

References

Download now ( PDF - 13 Page - 443.56 KB )

Related documents

An Evaluation On The Effectiveness Of The Primary School Teachers' Professional Development Programme In Iran

Allen & Meyer (1990) juga menyatakan bahawa beberapa variabel berkorelasi terhadap komitmen ahli organisasi antaranya ialah keadilan dan kesukaran matlamat. Oleh

BlockDebitCard API GATEWAY DOC

JWT Access token to be passed in JSON wrapper as string value in “JWTokenValue” field.. The Token can be generated by subscribing to

The Effect of Circ Strategy and Achievement Motivation Toward Students/\u27 Reading Comprehension

CIRC strategy gives better contribution to WKH VWXGHQWV¶ reading comprehension than the conventional strategy; and (4) there is a significant difference in reading

State Legislated Actions on Tobacco Issues: 2007

Tobacco Control Program Funding Appropriated $2,500,000 for tobacco control and prevention programs from the state’s annual MSA payment in FY2008. The Nebraska Tobacco Settlement

\u3cem\u3eBut See Kohlheim\u3c/em\u3e: The Third Circuit Muddies the Water on the Compensability of Employee Meal Periods under the Fair Labor Standards Act in \u3cem\u3eBabcock v. Butler County\u3c/em\u3e

In reaching its holding in Babcock v. Butler County, the Third Circuit mischaracterized the status of the law on whether the U.S. Courts of Ap- peals uniformly apply the

HotListDebitCard API GATEWAY DOC

JWT Access token to be passed in JSON wrapper as string value in “JWTokenValue” field.. The Token can be generated by subscribing to

Larval distribution and survival of second generation European corn borer, Ostrinia nubilalis (H.ubner) (Lepidoptera: Crambidae) on Event 176 Bt Corn

nubilalis second generation larvae completing development on Event 176 hybrids in the field exhibited approximately 10% higher survival rates and correspondingly lower parasitism

Department of Supply & Services (CIMS) RSA Web Express User Guide v1.2

If the Token User selects the link in the email sent to them earlier the only information required for input is the token serial number (Skip to Activate Token Screen 2):.. • User