Export (0) Print
Expand All

Tutorial: Azure AD integration with Concur

Published: July 8, 2013

Updated: April 15, 2014

Applies To: Azure

To comment on this content or ask questions about the information presented here, please use our Feedback guidance.

The objective of this tutorial is to show the integration of Azure and Concur.
The scenario outlined in this tutorial assumes that you already have the following items:

  • A valid Azure subscription

  • A test tenant in Concur

The scenario outlined in this tutorial consists of the following building blocks:

  1. Enabling the application integration for Concur

  2. Configuring user provisioning

The configuration of your Concur subscription for federated SSO via SAML is a separate task, which you must contact Concur to perform.

The objective of this section is to outline how to enable the application integration for Concur.

  1. In the Azure Management Portal, on the left navigation pane, click Active Directory.

    Active Directory
  2. From the Directory list, select the directory for which want to enable directory integration.

  3. To open the applications view, in the directory view, click Applications in the top menu.

  4. To open the Application Gallery, click Add An App, and then click Add an application for my organization to use.

    What do you want to do?
  5. In the search box, type Concur.

    Application Gallery
  6. In the results pane, select Concur, and then click Complete to add the application.


The objective of this section is to outline how to enable provisioning of Active Directory user accounts to Concur.

To enable apps in the Expense Service, there has to be proper setup and use of a Web Service Admin profile. Don't simply add the WS Admin role to your existing administrator profile that you use for T&E administrative functions.

Concur Consultants or the client administrator must create a distinct Web Service Administrator profile and the Client administrator must use this profile for the Web Services Administrator functions (e.g. enabling apps). These profiles must be kept separate from the client administrator's daily T&E admin profile (the T&E admin profile should not have the WSAdmin role assigned).

When you create the profile to be used for enabling the app, enter the client administrator's name into the user profile fields. This will assign ownership to the profile.Once the profile(s) is created, the client must log in with this profile to click the "Enable" button for a Partner App within the Web Services menu.

For the following reasons, this action should not be done with the profile they use for normal T&E administration.

  1. The client has to be the one that clicks "Yes" on the dialogue window that is displayed after an app is enabled. This click acknowledges the client is willing for the Partner application to access their data, so you or the Partner cannot click that Yes button.

  2. If a client administrator that has enabled an app using the T&E admin profile leaves the company (resulting in the profile being inactivated), any apps enabled using that profile will not function until the app is enabled with another active WS Admin profile. This is why you are supposed to create distinct WS Admin profiles.

  3. If an administrator leaves the company, the name associated to the WS Admin profile can be changed to the replacement administrator if desired without impacting the enabled app because that profile does not need inactivated

  1. Logon to your Concur tenant.

  2. From the Administration menu, select Web Services.

    Concur tenant
  3. On the left side, from the Web Services pane, select Enable Partner Application.

    Enable Partner Application
  4. From the Enable Application list, select Azure Active Directory, and then click Enable.

    Windows Azure Active Directory
  5. Click Yes to close the Confirm Action dialog.

    Confirm Action
  6. In the Azure Management Portal, select Concur from the applications list to open the Concur dialog page.

  7. To open the Configure User Provisioning dialog page, click Configure user provisioning.

  8. Enter the user name and the password of your Concur administrator, and then click Next.

  9. To finish the configuration, on the Confirmation page, click the Complete button.

You can now create a test account, wait for 10 minutes and verify that the account has been synchronized to Concur.

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
© 2014 Microsoft