SAP Knowledge Base Article - Public

3244859 - Concur Integration Settings Showing new Service Provider CONCUR_INTEGRATION_OAUTH_JWT


When changing the registration of services or users for the SAP Business ByDesign to SAP Concur Integration a new service provider CONCUR_INTEGRATION_OAUTH_JWT is offered for configuration in addition or instead of the expected service providers CONCUR_INTEGRATION_OAUTH and CONCUR_INTEGRATION_OAUTH2.


 SAP Business bydesign

Reproducing the Issue

You have set up the integration to SAP Concur before release 22.02 and did all the necessary settings for CONCUR_INTEGRATION_OAUTH and CONCUR_INTEGRATION_OAUTH2. With the upgrade to release 22.05 the integration scenario to Concur was adopted to JWT web token based authentication and replaced the deprecated v1 Financial Service API calls by the new v4 version. This was announced in the What's New document of this release: click here

Service Registration:

1. In the Business Configuration work center, Implementation Projects view, search for the recurring activity Integration with Concur Solutions.

2. Click Open

3. In the list of service providers you now find the entry CONCUR_INTEGRATION_OAUTH_JWT with a new Client ID

User Registration:

1. Go to the Application and User Management work center, User Registration for OAUTH2 Web Services view.

2. On the Overview screen, CONCUR_INTEGRATION_OAUTH_JWT is shown in the list


With release 22.05 the integration settings have been migrated fully automatically to the new gateway without user interaction. Based on the settings for the two services CONCUR_INTEGRATION_OAUTH and CONCUR_INTEGRATION_OAUTH2 a new service CONCUR_INTEGRATION_OAUTH_JWT has been set up with this migration. The necessary parameters like client ID and client secret were provided by the Concur API called to switch to the new authentication process. For more information please refer to the Concur Developer documentation

The deprecated service provider instances CONCUR_INTEGRATION_OAUTH and CONCUR_INTEGRATION_OAUTH2 remain in your SAP Business ByDesign tenant as a fallback in case of severe problems when integrating via the new gateway. However, as soon as your system is migrated successfully you can ignore these settings, they are not considered any longer by the system. With release 22.11 the obsolete services are deleted from the system.

Further changes in your settings after 22.05:

• The predefined communication arrangements Concur Integration and Concur Integration OAUTH2 were replaced by Concur Integration JWT and were therefore set to isolated. They are deleted with 22.11.

• The logon credentials in the communication arrangement Concur Integration User Credentials have to be changed from user/password to CompanyID/requestToken in case a new access token cannot be requested via the user’s refresh token because it is outdated. For more information please refer to the SAP Business ByDesign and Concur Integration Guide

Remark: When you started implementing the integration to SAP Concur with release 22.02 or later you directly started the setup with the new gateway, the service provider CONCUR_INTEGRATION_OAUTH_JWT and the new communication arrangements.


In case you want to register additional users for the provider service CONCUR_INTEGRATION_OAUTH_JWT you are requested to enter the client secret. Since there is a new client ID assigned to this service also the client secret has changed. If you do not have access to the new client secret via your SAP Concur consultant please report an incident


SAP Business ByDesign and Concur Integration, ByD User Registration for OAUTH2 Web Services, CONCUR_INTEGRATION_OAUTH_JWT, Concur Client Secret , KBA , AP-INT-EE-OUT , ByD Integration Employee Data Outbound , Problem


SAP Business ByDesign all versions