User Provisioning Service

The User Provisioning Service (UPS) allows callers to provision and update a user’s profile including a user’s roles. Once a user is provisioned, the user’s profile is available to support the Identity, Spend, and Travel services. The service allows clients and partners to modify profiles in bulk or individually. UPS and identity service both have external endpoints for provisioning. When considering UPS vs. Identity APIs for profile provisioning, UPS supports the provisioning of identity, spend, and travel profile data where Identity API only supports the provisioning of identity profile data. To utilize the product, users must be provisioned with the required fields from Core, Spend, and/or Travel extensions. Additionally, the company’s configuration must be completed to enable product functionality.

Limitations

Access to this documentation does not provide access to the API. This API is available in US and EMEA data centers.

Process Flow

Process flow diagram of the User Provisioning API

Products and Editions

  • Concur Expense Professional Edition
  • Concur Expense Standard Edition
  • Concur Travel Professional Edition
  • Concur Travel Standard Edition
  • Concur Invoice Professional Edition
  • Concur Invoice Standard Edition
  • Concur Request Professional Edition
  • Concur Request Standard Edition

Scope Usage

Name Description Endpoint
user.provision.write Provision a user. GET, POST, PUT, PATCH
user.provision.read Request status of a provisioning request. GET
identity.user.coreenterprise.writeonly Write access to all core and enterprise extensions except externalID. POST, PUT, PATCH
identity.user.externalID.writeonly Write access to externalID only. POST, PUT, PATCH
identity.user.ids.read Read user ID data. GET
identity.user.core.read Read user core data. GET
identity.user.coresensitive.read Read core sensitive data. GET
identity.user.enterprise.read Read user enterprise data. GET
travel.user.general.read Read general Travel data: Travel approval manager, Travel Name, RuleClass, Groups, OrgUnit, Travel Custom Fields GET
travel.user.private.read Read private Travel data: CRSName/GDS Sync ID, Travel Name Remark, Gender GET
spend.user.general.writeonly Change spend user information. POST, PUT, PATCH
spend.user.general.read View spend user information. GET
identity.user.sap.read Read a user’s SAP Global ID. Required for integrations using SAP IPS for user management. GET
identity.user.sap.writeonly Write a user’s SAP Global ID. Required to assign an SAP Global ID to an existing SAP Concur user. POST, PUT, PATCH
identity.user.delete Hard delete of users - not recommended. Contact account manager DELETE NOTE: The DELETE operation should only be used for users that have no transaction history. For users with transaction history, see the Data Retention policy.

Dependencies

SAP Concur users must purchase either Concur Expense or Concur Travel or both in order to use this API. This API is not available in the China Data Center. Please contact your SAP Concur representative for more information.

Access Token Usage

This API supports company level access tokens.

Events

UPS supports post event notification when provisioning process is complete. Using the Event Subscription Service allows users to be notified through web services when certain actions take place in connected companies with the provisionCompleted event.

For additional information: User Provisioning Event.

Create a new user with /Users

This endpoint is recommended for users who are updating a single user profile. Users are able to provision Identity, Spend, and Travel profile information via this endpoint. Users can be created via POST with identity, spend and travel attributes within the same request or via a POST to create the identity first and PATCH spend and travel profile attributes.

  • Identity must be created prior to any spend or travel profile is added.

Scopes

  • user.provision.write - Refer to Scope Usage for full details.
  • identity.user.coreenterprise.writeonly - Refer to Scope Usage for full details.
  • identity.user.externalID.writeonly - Refer to Scope Usage for full details.
  • spend.user.general.writeonly - Refer to Scope Usage for full details.

URI

POST https://{datacenterURI}/profile/v4/Users/

Parameters

None.

Payloads

Examples

Request

{
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:User"
    ],
    "userName": "John4_29_4@sap.com",
    "active": true,
    "name": {
        "formatted": "Mr. John Doe",
        "legalName": "Mr. John Doe",
        "middleName": "Joe",
        "familyName": "Doe",
        "givenName": "John",
        "honorificPrefix": "Prof Dr Mr",
        "honorificSuffix": "VI"
    },
    "nickName": "Sam",
    "emails": [
        {
            "value": "John4_29_4@sap.com",
            "type": "work"
        }
    ],
    "entitlements": [
        "Expense",
        "Invoice",
        "Request",
        "Travel"
    ],
    "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
        "employeeNumber": "John4_29_4_EmployeeNumber",
        "companyId": "aa076ada-80a9-4f57-8e98-9300b1c3171d"
    },
    "urn:ietf:params:scim:schemas:extension:spend:2.0:User": {
        "locale": "en-US",
        "country": "US",
        "stateProvince": "WA",
        "ledgerCode": "DEFAULT",
        "reimbursementCurrency": "USD",
        "cashAdvanceAccountCode": "1234",
        "customData": [
            {
                "id": "custom1",
                "value": "testing"
            },
            {
                "id": "orgUnit1",
                "value": "testDepartment"
            }
        ]
    },
    "urn:ietf:params:scim:schemas:extension:spend:2.0:Role": {
        "roles": [
            {
                "roleName": "EXP_APPROVER",
                "roleGroups": []
            }
        ]
    },
    "urn:ietf:params:scim:schemas:extension:spend:2.0:Approver": {
        "report": [
            {
                "approver": {
                    "value": "d1eb15c1-ac9b-40d6-b5f7-ea2d2f5ae8a7",
                    "displayName": "test.employee@sap.com",
                    "employeeNumber": "37480"
                },
                "primary": true
            }
        ]
    },
    "urn:ietf:params:scim:schemas:extension:spend:2.0:ApproverLimit": {
        "authorizedApprover": [
            {
                "approvalType": "report",
                "exceptionApprovalAuthority": false,
                "approvalLimit": 999999999999999.1,
                "reimbursementCurrency": "USD",
                "approvalGroup": "rg1-rg1_1",
                "level": 1
            },
        ],
        "costObjectApprover": [
            {
                "approvalType": "report",
                "exceptionApprovalAuthority": false,
                "approvalLimit": 0.50,
                "reimbursementCurrency": "USD",
                "approvalGroup": ""
            }
        ]
    },
    "urn:ietf:params:scim:schemas:extension:spend:2.0:InvoicePreference": {
        "emailOnPurchasingAssigned": true,
        "emailOnPurchasingSendBack": true,
        "emailOnFaxImageAvailablePaymentRequest": true,
        "promptNewLineItemsPaymentRequest": true,
        "displayInlineImage": false,
        "autoOpenImage": false
    }
},
"urn:ietf:params:scim:schemas:extension:travel:2.0:User": {
    "ruleClass": {
        "id": 624905
    },
    "groups": [
        143519480,
        143519481
    ],
    "manager": {
        "employeeNumber": "8373603"
    },
    "customFields": [
        {
            "name": "Travel Custom Field 1",
            "value": "484"
        }
    ]
}
}

Response

201 Created
Content-Type: application/json
{
    "meta": {
        "resourceType": "User",
        "created": "2021-04-26T20:07:55.000097Z",
        "lastModified": "2021-04-26T20:07:55.000097Z",
        "version": 0,
        "location": "https://{datacenterURI}/profile/identity/v4/Users/ef0bffaf-863f-4b3e-9c4c-bd9c9a8b2ea7",
        "statusUrl": "https://{datacenterURI}/profile/v4/provisions/2b41c0c1-15f7-41cc-99bb-a82b5da128a2/status",
        "provisionId": "2b41c0c1-15f7-41cc-99bb-a82b5da128a2"
    },
    "displayName": "John Doe",
    "name": {
        "middleInitial": "J",
        "middleName": "Joe",
        "formatted": "Doe, John Joe",
        "honorificPrefix": "Prof Dr Mr",
        "legalName": "Mr. John Doe",
        "familyName": "Doe",
        "givenName": "John",
        "honorificSuffix": "VI"
    },
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:User",
        "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
        "urn:ietf:params:scim:schemas:extension:sap:2.0:User"
    ],
    "active": true,
    "id": "ef0bffaf-863f-4b3e-9c4c-bd9c9a8b2ea7",
    "emails": [
        {
            "value": "John4_29_4@sap.com",
            "type": "work",
            "notifications": false,
            "verified": false
        }
    ],
    "userName": "John4_26_1@sap.com",
    "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
        "employeeNumber": "John4_29_4_EmployeeNumber",
        "companyId": "aa076ada-80a9-4f57-8e98-9300b1c3171d"

    }
}

The successful response above is the creation of the identity of the user. Use the provisionId to retrieve provisioning status for other services.

  • provisionId: “2b41c0c1-15f7-41cc-99bb-a82b5da128a2” is the provisioning request ID. This is a unique number that is used for querying status on the request.
  • id: “ef0bffaf-863f-4b3e-9c4c-bd9c9a8b2ea7” is the SAP Concur user UUID. This is a unique number that is used for this particular user. This ID is required for future PATCH and PUT requests for this user. It is also displayed as within this document.
  • statusUrl: The location to receive status on the provisioning request

Update a user with /Users endpoint

This method is recommended for updating single or multiple data attributes for a single user. PATCH will only update the data attributes listed within the request. You may add, remove, or replace data with this method. Please keep in mind when updating an array: If the target location is a multi-valued attribute and no filter is specified, the attribute and all values are replaced.

Supported PATCH Operations:

  • add
  • replace
  • remove

Scopes

  • user.provision.write - Refer to Scope Usage for full details.
  • identity.user.coreenterprise.writeonly - Refer to Scope Usage for full details.
  • identity.user.externalID.writeonly - Refer to Scope Usage for full details.
  • spend.user.general.writeonly - Refer to Scope Usage for full details.

URI

PATCH https://{datacenterURI}/profile/v4/Users/<Concur UUID>

Parameters

Name Type Format Description
id string UUID The SAP Concur user UUID of the user to be updated.

Payloads

Examples

Request

PATCH https://{datacenterURI}/profile/v4/Users/ef0bffaf-863f-4b3e-9c4c-bd9c9a8b2ea7
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:PatchOp"
    ],
    "Operations": [
        {
            "op": "add",
            "path": "entitlements",
            "value": [
                "Expense",
                "Request",
                "Travel"
            ]
        },
        {
            "op": "replace",
            "path": "userName",
            "value": "John10_9_1_Replacement@sap.com"
        },
        {
            "op": "replace",
            "path": "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:employeeNumber",
            "value": "Updated_employeeNumber"
        },
        {
            "op": "add",
            "path": "urn:ietf:params:scim:schemas:extension:spend:2.0:Approver:request",
            "value": [
                {
                    "approver": {
                        "employeeNumber": "10000518"
                    },
                    "primary": true
                }
            ]
        },
        {
            "op": "replace",
            "path": "urn:ietf:params:scim:schemas:extension:spend:2.0:User:customData[id eq \"custom2\"].value",
            "value": "Replaced_Value"
        },
        {
            "op": "remove",
            "path": "urn:ietf:params:scim:schemas:extension:spend:2.0:Role:roles[roleName eq \"SHD_ROLE_ADMIN\"]"
        },
        {
            "op": "remove",
            "path": "urn:ietf:params:scim:schemas:extension:spend:2.0:ApproverLimit:authorizedApprover[approvalType eq \"report\" and approvalGroup eq \"rg1-rg1_1\"]"
        },
        {
            "op": "replace",
            "path": "urn:ietf:params:scim:schemas:extension:spend:2.0:Role:roles",
            "value": [
                {
                    "roleName": "SHD_ROLE_ADMIN",
                    "roleGroups": [
                        "R&D-QA-Exp"
                    ]
                }
            ]
        }
    ]
}

Response

200 OK
Content-Type: application/json
{
    "addresses": null,
    "meta": {
        "resourceType": "User",
        "created": "2021-04-26T20:07:55.000097Z",
        "lastModified": "2021-04-26T20:18:33.000701Z",
        "version": 3,
        "location": "https://{datacenterURI}/profile/identity/v4/Users/ef0bffaf-863f-4b3e-9c4c-bd9c9a8b2ea7",
        "statusUrl": "https://{datacenterURI}/profile/v4/provisions/e820c001-c358-4a3e-964a-321dc2a76203/status",
        "provisionId": "e820c001-c358-4a3e-964a-321dc2a76203"
    },
    "displayName": "John Doe",
    "name": {
        "legalName": "Mr. John Doe",
        "honorificSuffix": "VI",
        "middleInitial": "J",
        "formatted": "Doe, John Joe",
        "familyName": "Doe",
        "givenName": "John",
        "honorificPrefix": "Prof Dr Mr",
        "middleName": "Joe"
    },
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:User",
        "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
        "urn:ietf:params:scim:schemas:extension:sap:2.0:User"
    ],
    "active": true,
    "id": "ef0bffaf-863f-4b3e-9c4c-bd9c9a8b2ea7",
    "emails": [
        {
            "verified": false,
            "type": "work",
            "value": "John4_26_1@sap.com",
            "notifications": false
        }
    ],
    "userName": "John10_9_1_Replacement@sap.com",
    "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
        "companyId": "aa076ada-80a9-4f57-8e98-9300b1c3171d",
        "employeeNumber": "Updated_employeeNumber"
    }
}

The successful response above is the updating of the identity of the user. Use the provisionId to retrieve the provisioning status for other services.

  • provisionId: “2b41c0c1-15f7-41cc-99bb-a82b5da128a2” is the provisioning request ID. This is a unique number that is used for querying status on the request.
  • id: “ef0bffaf-863f-4b3e-9c4c-bd9c9a8b2ea7” is the SAP Concur user UUID. This is a unique number that is used for this particular user. This ID is required for future PATCH and PUT requests for this user. It is also displayed as within this document.
  • statusUrl: The location to receive status on the provisioning request

Replace a user with /Users endpoint

Replaces a user’s identity profile.

Note Using the PUT operation erases existing user data and replaces data from the payload. Profile data must be supplied within the payload or values will be replaced with system default or null. When using the PUT operation, any data not explicitly included in the request will be deleted to ensure the resource mirrors the provided payload. This approach enforces a “full replace” model, so all missing fields are treated as intentional removals.

Scopes

  • user.provision.write - Refer to Scope Usage for full details.
  • identity.user.coreenterprise.writeonly - Refer to Scope Usage for full details.
  • identity.user.externalID.writeonly - Refer to Scope Usage for full details.
  • spend.user.general.writeonly - Refer to Scope Usage for full details.

URI

PUT https://{datacenterURI}/profile/v4/Users/<Concur UUID>

Parameters

Name Type Format Description
id string UUID The SAP Concur platform UUID of the user to be updated.

Payloads

Examples

Request

PUT https://{datacenterURI}/profile/v4/Users/ef0bffaf-863f-4b3e-9c4c-bd9c9a8b2ea7

{
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:User"
    ],
    "userName": "John10_14_1_Replacement@sap.com",
    "id": "ef0bffaf-863f-4b3e-9c4c-bd9c9a8b2ea7",
    "active": false,
    "name": {
        "formatted": "Mr. John Doe1",
        "legalName": "Mr. John Doe1",
        "middleName": "Joe1",
        "middleInitial": "J",
        "familyName": "Doe1",
        "givenName": "John1"
    },
    "emails": [
        {
            "value": "John10_14_1_Replacement@sap.com",
            "type": "work"
        }
    ],
    "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
        "employeeNumber": "John10_8_1_EmployeeNumber",
        "companyId": "aa076ada-80a9-4f57-8e98-9300b1c3171d"
    }
}

Response

200 OK
Content-Type: application/json
{
    "meta": {
        "resourceType": "User",
        "created": "2021-04-29T17:17:47.000380Z",
        "lastModified": "2021-04-29T17:17:47.000380Z",
        "version": 0,
        "location": "https://{datacenterURI}/profile/identity/v4/Users/61bd5549-d68c-407b-8228-9590ae40eaa0",
        "statusUrl": "https://{datacenterURI}/profile/v4/provisions/03295e27-c9c2-4579-92d8-8b46ec91eff5/status",
        "provisionId": "03295e27-c9c2-4579-92d8-8b46ec91eff5"
    },
    "displayName": "John Doe",
    "name": {
        "middleInitial": "J",
        "middleName": "Joe",
        "formatted": "Doe, John Joe",
        "honorificPrefix": "Prof Dr Mr",
        "legalName": "Mr. John Doe",
        "familyName": "Doe",
        "givenName": "John",
        "honorificSuffix": "VI"
    },
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:User",
        "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
        "urn:ietf:params:scim:schemas:extension:sap:2.0:User"
    ],
    "active": true,
    "id": "ef0bffaf-863f-4b3e-9c4c-bd9c9a8b2ea7",
    "emails": [
        {
            "value": "John4_29_4@cs-sso-us-prod.com",
            "type": "work",
            "notifications": false,
            "verified": false
        }
    ],
    "userName": "John4_29_4@cs-sso-us-prod.com",
    "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
        "employeeNumber": "John4_29_EmployeeNumber",
        "companyId": "aa076ada-80a9-4f57-8e98-9300b1c3171d"
    }
}

The successful response above is the updating of the identity of the user. Use the provisionId to retrieve provisioning status for other services.

  • provisionId: “2b41c0c1-15f7-41cc-99bb-a82b5da128a2” is the provisioning request ID. This is a unique number that is used for querying status on the request.
  • id: “ef0bffaf-863f-4b3e-9c4c-bd9c9a8b2ea7” is the SAP Concur user UUID. This is a unique number that is used for this particular user. This ID is required for future PATCH and PUT requests for this user. It is also displayed as within this document.
  • statusUrl: The location to receive status on the provisioning request

Create a new users with /Bulk endpoint

Creates one or more new user requests via the /Bulk endpoint. Recommended for users who are performing bulk updates to multiple users at the same time. NOTE: Limited to 100 operations or record size of 400KB per request.

Scopes

  • user.provision.write - Refer to Scope Usage for full details.
  • identity.user.coreenterprise.writeonly - Refer to Scope Usage for full details.
  • identity.user.externalID.writeonly - Refer to Scope Usage for full details.
  • spend.user.general.writeonly - Refer to Scope Usage for full details.

URI

POST https://{datacenterURI}/profile/v4/Bulk/

Parameters

None.

Payloads

Examples

Request

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:BulkRequest"
    ],
    "failOnErrors": 1,
    "Operations": [
        {
            "method": "POST",
            "path": "/Users",
            "bulkId": "bulk-operation-1",
            "data": {
                "userName": "Chris.doe198@sap.com",
                "active": true,
                "name": {
                    "formatted": "Chris Doe",
                    "legalName": "Chris Doe",
                    "familyName": "Doe",
                    "givenName": "Chris"
                },
                "emails": [
                    {
                        "value": "Chris.doe198@sap.com",
                        "type": "work"
                    }
                ],
        "timezone": "America/Los_Angeles",
                "entitlements": [
                    "Expense",
                    "Travel"
                ],
                "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
                    "employeeNumber": "3749",
                    "companyId": "aa076ada-80a9-4f57-8e98-9300b1c3171d"
                }
            }
        }
    ]
}

Response

202 Accepted
Content-Type: application/json
{
    "schemas": [
        "urn:ietf:params:scim:schemas:extension:concur:2.0:Provision:Status"
    ],
    "id": "9ff00c90-1c35-4fd1-8ac7-db8b9be70a98",
    "operationsCount": {
        "total": 1,
        "success": 1,
        "failed": 0,
        "pending": 0
    },
    "status": {
        "completed": false,
        "success": null
    },
    "meta": {
        "location": "https://{datacenterURI}/profile/v4/provisions/9ff00c90-1c35-4fd1-8ac7-db8b9be70a98/status",
        "created": "2021-04-26T16:29:38.459+0000",
        "lastModified": "2021-04-26T16:29:38.459+0000",
        "provisionType": "Bulk",
        "resourceType": "ProvisionRequest",
        "correlationId": "a2e9973f-516a-4203-ab86-b3d592fc0d5b"
    }
}

The successful response above is the creation of the identity of the user(s). Use the provisionId to retrieve provisioning status for other services.

Name Description
id Provisioning request ID. This is a unique number that is used for querying status on the request.
total Total number of operations requests within the request
success The number of operations that were successful within the request.
failed The number of operations that has failed within the request.
pending the provisioning requests is processing
completed the provisioning requests has completed processing
success the user provisioning is successful
correlationId a unique identifier value that is attached to requests and messages that allow reference to a particular request.
location Location to receive status on the provisioning request. 

Update users with /Bulk endpoint

Updates one or more provisioning requests. Using PATCH is recommended for updating single or multiple data attributes within a request. PATCH will only update the data attributes listed within the request.

NOTE: Limited to 100 operations or record size of 400KB per request.

Scopes

  • user.provision.write - Refer to Scope Usage for full details.
  • identity.user.coreenterprise.writeonly - Refer to Scope Usage for full details.
  • identity.user.externalID.writeonly - Refer to Scope Usage for full details.
  • spend.user.general.writeonly - Refer to Scope Usage for full details.

URI

POST https://{datacenterURI}/profile/v4/Bulk/

Parameters

None.

Payloads

Examples

Request

POST https://{datacenterURI}/profile/v4/Bulk/
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:BulkRequest",
        "urn:ietf:params:scim:api:messages:2.0:PatchOp"
    ],
    "failOnErrors": 1,
    "Operations": [
        {
            "method": "PATCH",
            "path": "/Users/8f545a90-305f-441b-91cd-a69ad5f548f5",
            "data": {
                "Operations": [
                    {
                        "op": "add",
                        "path": "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department",
                        "value": "Engineering"
                    },
                    {
                        "op": "replace",
                        "path": "userName",
                        "value":  "Updated_Chris_Doe_Name@sap.com"
                    },
                    {
                       "op": "remove",
                       "path": "urn:ietf:params:scim:schemas:extension:spend:2.0:Role:roles[roleName eq \"SHD_BUDGET_APPROVER\"]"
                    }
                ]
            }
        }
    ]
}

Response

202 Accepted
Content-Type: application/json
{
    "schemas": [
        "urn:ietf:params:scim:schemas:extension:concur:2.0:Provision:Status"
    ],
    "id": "193975e3-f9b2-4786-813d-b209ee0f8527",
    "operationsCount": {
        "total": 1,
        "success": 0,
        "failed": 0,
        "pending": 1
    },
    "status": {
        "completed": true,
        "success": true
    },
    "meta": {
        "location": "https://{datacenterURI}/profile/v4/provisions/193975e3-f9b2-4786-813d-b209ee0f8527/status",
        "created": "2021-04-26T16:47:44.009+0000",
        "lastModified": "2021-04-26T16:47:44.009+0000",
        "provisionType": "Bulk",
        "resourceType": "ProvisionRequest",
        "correlationId": "96f93318-8fb1-4949-b4ed-b4316455b032"
    }
}

The successful response above is the updating of the identity of the user(s). Use the provisionId to retrieve provisioning status for other services.

Name Description
id Provisioning request ID. This is a unique number that is used for querying status on the request.
total Total number of operations requests within the request
success The number of operations that were successful within the request.
failed The number of operations that has failed within the request.
pending the provisioning requests is processing
completed the provisioning requests has completed processing
success the user provisioning is successful
correlationId a unique identifier value that is attached to requests and messages that allow reference to a particular request.
location Location to receive status on the provisioning request. 

Replace users with /Bulk endpoint

Replaces a user’s identity profile.

NOTE Using the PUT method erases existing user data and replaces data from the payload. Profile data must be supplied within the payload or values will be replaced with system default or null.

NOTE: Limited to 100 operations or record size of 400KB per request.

Scopes

  • user.provision.write - Refer to Scope Usage for full details.
  • identity.user.coreenterprise.writeonly - Refer to Scope Usage for full details.
  • identity.user.externalID.writeonly - - Refer to Scope Usage for full details.
  • spend.user.general.writeonly - Refer to Scope Usage for full details.

URI

POST https://{datacenterURI}/profile/v4/Bulk/

Parameters

None.

Payloads

Examples

Request

  • Note that the SAP Concur platform UUID within the ID attribute and path must be included within the data of the request.
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:BulkRequest"
    ],
    "failOnErrors": 1,
    "Operations": [
        {
            "method": "PUT",
            "path": "/Users/8f545a90-305f-441b-91cd-a69ad5f548f5",
            "bulkId": "Seattle",
            "data": {
                "id": "8f545a90-305f-441b-91cd-a69ad5f548f5",
                "userName": "john.doe21224@sap.com",
                "active": false,
                "name": {
                    "formatted": "Mr. John Doe",
                    "legalName": "Mr. John Doe",
                    "middleName": "Joe",
                    "middleInitial": "J",
                    "familyName": "Doe",
                    "givenName": "John",
                    "honorificPrefix": "Prof Dr Mr",
                    "honorificSuffix": "VI"
                },
                "emails": [
                    {
                        "value": "john.doe193@sap.com",
                        "type": "work"
                    }
                ]
            }
        }
    ]
}

Response

202 Accepted
Content-Type: application/json
{
    "schemas": [
        "urn:ietf:params:scim:schemas:extension:concur:2.0:Provision:Status"
    ],
    "id": "a43fd01c-fc99-4cf1-a16e-6f440b797603",
    "operationsCount": {
        "total": 1,
        "success": 1,
        "failed": 0,
        "pending": 0
    },
    "status": {
        "completed": true,
        "success": true
    },
    "meta":
        "location": "https://{datacenterURI}/profile/v4/provisions/a43fd01c-fc99-4cf1-a16e-6f440b797603/status",
        "created": "2021-04-26T16:57:39.719+0000",
        "lastModified": "2021-04-26T16:57:39.719+0000",
        "provisionType": "Bulk",
        "resourceType": "ProvisionRequest",
        "correlationId": "dbe2c569-3662-46e7-8521-e6ba77a014ef"
    }
}

The successful response above is the updating of the identity of the user(s). Use the provisionId to retrieve provisioning status for other services.

Name Description
id Provisioning request ID. This is a unique number that is used for querying status on the request.
total Total number of operations requests within the request
success The number of operations that were successful within the request.
failed The number of operations that has failed within the request.
pending the provisioning requests is processing
completed the provisioning requests has completed processing
success the user provisioning is successful
correlationId a unique identifier value that is attached to requests and messages that allow reference to a particular request.
location Location to receive status on the provisioning request. 

Retrieve User Profile Data

To retrieve profile data for a specific user, the SAP Concur platform has enabled separate endpoints. For additional information for provisioning the specific profiles, please see the documentation for Identity, Spend, and Travel.

Scopes

  • identity.user.ids.read - Refer to Scope Usage for full details.
  • identity.user.core.read - Refer to Scope Usage for full details.
  • identity.user.coresensitive.read - Refer to Scope Usage for full details.
  • identity.user.enterprise.read - Refer to Scope Usage for full details.
  • travel.user.general.read - Refer to Scope Usage for full details.
  • travel.user.private.read - Refer to Scope Usage for full details.
  • spend.user.general.read - Refer to Scope Usage for full details.

URI

GET https://{datacenterURI}/profile/identity/v4.1/Users/8f545a90-305f-441b-91cd-a69ad5f548f5
GET https://{datacenterURI}/profile/spend/v4.1/Users/8f545a90-305f-441b-91cd-a69ad5f548f5
GET https://{datacenterURI}/profile/travel/v4/Users/8f545a90-305f-441b-91cd-a69ad5f548f5

Parameters

Name Type Format Description
ID string - Requested user’s UUID

Payloads

Examples

Request

GET https://{datacenterURI}/profile/identity/v4.1/Users/ef0bffaf-863f-4b3e-9c4c-bd9c9a8b2ea7

Response

200 OK
Content-Type: application/json

Identity

{
    "localeOverrides": {
        "preferenceEndDayViewHour": 20,
        "preferenceFirstDayOfWeek": "Sunday",
        "preferenceDateFormat": "mm/dd/yyyy",
        "preferenceCurrencySymbolLocation": "BeforeAmount",
        "preferenceHourMinuteSeparator": ":",
        "preferenceDefaultCalView": "month",
        "preference24Hour": "H:mm",
        "preferenceNumberFormat": "1,000.00",
        "preferenceStartDayViewHour": 8,
        "preferenceNegativeCurrencyFormat": "-100"
    },
    "addresses": [
        {
            "country": "US",
            "streetAddress": "911 Universal City Plaza",
            "postalCode": "91608",
            "locality": "Hollywood",
            "type": "home",
            "region": "CA"
        }
    ],
    "timezone": "America/New_York",
    "meta": {
        "resourceType": "User",
        "created": "2020-09-22T14:26:29.000516Z",
        "lastModified": "2021-02-10T23:14:18.000733Z",
        "version": 16,
        "location": "https://{datacenterURI}/profile/identity/v4/Users/8f545a90-305f-441b-91cd-a69ad5f548f5"
    },
    "displayName": "John Doe",
    "name": {
        "middleInitial": "J",
        "middleName": "Joe",
        "formatted": "Doe, John Joe",
        "honorificPrefix": "Prof Dr Mr",
        "legalName": "Mr. John Doe",
        "familyName": "Doe",
        "givenName": "John",
        "honorificSuffix": "VI"
    },
    "phoneNumbers": [
        {
            "type": "home",
            "value": "tel:555-555-5555",
            "notifications": false
        }
        ...
    ],
    "emergencyContacts": [
        {
            "country": "US",
            "streetAddress": "911 Universal City Plaza  Hollywood, CA 91608 US",
            "postalCode": "91608",
            "name": "Emergency Contact",
            "locality": null,
            "phones": [
                "555-555-5555"
            ],
            "region": "CA",
            "relationship": "Other"
        }
    ],
    "preferredLanguage": "en-US",
    "title": "Software Engineer",
    "dateOfBirth": null,
    "nickName": "Francis",
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:User",
        "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
        "urn:ietf:params:scim:schemas:extension:sap:2.0:User"
    ],
    "externalId": "1234abcd56789e4370",
    "active": true,
    "id": "8f545a90-305f-441b-91cd-a69ad5f548f5",
    "gender": null,
    "emails": [
        {
            "verified": false,
            "type": "work",
            "value": "john.doe194@BravoPro7.com",
            "notifications": true
        }
        ...
        {
            "verified": false,
            "type": "other2",
            "value": "john.doe1883@BravoPro7.com",
            "notifications": false
        }
    ],
    "userName": "john.doe_replacement@BravoPro7.com",
    "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
        "employeeNumber": "13749670",
        "companyId": "aa076ada-80a9-xxxx-xxxx-9300b1c3171d",
        "department": "Engineering",
        "division": "Theme Park",
        "startDate": "2020-09-22T14:26:00.000",
        "costCenter": null,
        "manager": null,
        "terminationDate": null
    }
}

Travel

{
    "id": "8f545a90-305f-441b-91cd-a69ad5f548f5",
    "urn:ietf:params:scim:schemas:extension:travel:2.0:User": {
        "ruleClass": {
            "name": "Default Travel Class",
            "id": 560485
        },
        "travelCrsName": null,
        "gender": "Female",
        "travelNameRemark": "",
        "orgUnit": null,
        "customFields": [
            {
                "name": "Canary ID"
            }
           ...
           {
                "name": "trainline trip purpose 1"
            }
        ],
        "manager": null,
        "groups": []
    }
  }

Spend

{
    "schemas": [
        "urn:com.concur.spend.user.model.scim.ScimResource",
        "urn:ietf:params:scim:schemas:extension:spend:2.0:Role",
        "urn:ietf:params:scim:schemas:extension:spend:2.0:WorkflowPreference",
        "urn:ietf:params:scim:schemas:extension:spend:2.0:User",
        "urn:ietf:params:scim:schemas:extension:enterprise:2.0:Payroll",
        "urn:ietf:params:scim:schemas:extension:spend:2.0:UserPreference",
        "urn:ietf:params:scim:schemas:extension:spend:2.0:Delegate",
        "urn:ietf:params:scim:schemas:extension:spend:2.0:Approver"
    ],
    "id": "8f545a90-305f-441b-91cd-a69ad5f548f5",
    "externalId": null,
    "meta": null,
    "urn:ietf:params:scim:schemas:extension:spend:2.0:Role": {
        "roles": [
            {
                "roleName": "REPORTING_CONFIG_ADMIN"
            }
            ...
            {
                "roleName": "EXP_USER"
            }
        ]
    },
    "urn:ietf:params:scim:schemas:extension:spend:2.0:WorkflowPreference": {
        "emailStatusChangeOnCashAdvance": true,
        "emailAwaitApprovalOnCashAdvance": true,
        "emailStatusChangeOnReport": true,
        "emailAwaitApprovalOnReport": true,
        "promptForApproverOnReportSubmit": true,
        "emailStatusChangeOnTravelRequest": true,
        "emailAwaitApprovalOnTravelRequest": true,
        "promptForApproverOnTravelRequestSubmit": true,
        "emailStatusChangeOnPayment": true,
        "emailAwaitApprovalOnPayment": true,
        "promptForApproverOnPaymentSubmit": true
    },
    "urn:ietf:params:scim:schemas:extension:spend:2.0:User": {
        "reimbursementCurrency": "USD",
        "reimbursementType": "ADP_PAYROLL",
        "ledgerCode": "DEFAULT",
        "country": "US",
        "stateProvince": "WA",
        "locale": "en-US",
        "testEmployee": false,
        "nonEmployee": false,
        "customData": [
            {
                "id": "custom20",
                "value": "testing"
            }
            ...
            {
                "id": "custom18",
                "value": "testing"
            }
        ]
    },
    "urn:ietf:params:scim:schemas:extension:enterprise:2.0:Payroll": {
        "adp": {
            "companyCode": "string",
            "deductionCode": "string",
            "employeeFileNumber": "string"
        }
    },
    "urn:ietf:params:scim:schemas:extension:spend:2.0:UserPreference": {
        "showImagingIntro": true,
        "expenseAuditRequired": "ALWAYS",
        "allowCreditCardTransArrivalEmails": true,
        "allowReceiptImageAvailEmails": true,
        "promptForCardTransactionsOnReport": true,
        "autoAddTripCardTransOnReport": true,
        "promptForReportPrintFormat": true,
        "defaultReportPrintFormat": "DETAILED",
        "showTotalOnReport": true,
        "showExpenseOnReport": "PARENT",
        "showInstructHelpPanel": true,
        "useQuickItinAsDefault": false
    },
    "urn:ietf:params:scim:schemas:extension:spend:2.0:Delegate": {},
    "urn:ietf:params:scim:schemas:extension:spend:2.0:Approver": {
        "report": [
            {
                "approver": {
                    "value": "7a183cbe-1f4a-44f4-891c-8eff3608975e"
                },
                "primary": true
            }
        ]
        ...
        "budget": [
            {
                "approver": {
                    "value": "7a183cbe-1f4a-44f4-891c-8eff3608975e"
                },
                "primary": true
            }
        ]
    }
}

Retrieve a Summary Provisioning Request Status

Retrieves a summary provisioning request status. NOTE: Provisioning status is stored for 7 days from provisioning request date.

Scopes

user.provision.read- Refer to Scope Usage for full details.

URI

GET https://{datacenterURI}/profile/v4/provisions/{provision-id}/status
Parameters
Name Type Format Description
provision-id string - The provisioning request UUID
Optional Parameters
Name Type Format Description
attributes string operations Response includes operations when specified.
startIndex Integer Non-negative Integer The 1-based index of the first result in the current set of list results.
count Integer Non-negative Integer Specifies the desired operations per page.
state string status Filter results based on:[pending, success, failed]

Payloads

Examples

Request

GET https://{datacenterURI}/profile/v4/provisions/0e00f6a4-6798-4f66-9f47-1e944b619b2e/status

Response

200 OK
Content-Type: application/json
{
    "schemas": [
        "urn:ietf:params:scim:schemas:extension:concur:2.0:Provision:Status"
    ],
    "id": "14b15c4b-59a1-42fb-bdb5-999bb3d38d5d",
    "operationsCount": {
        "total": 1,
        "success": 1,
        "failed": 0,
        "pending": 0
    },
eb    "status": {
        "completed": true,
        "success": true
    },
  "meta": {
    "location": "https://{datacenterURI}/profile/v4/provisions/0e00f6a4-6798-4f66-9f47-1e944b619b2e/status",
    "created": "2020-07-15T23:03:07.859+0000",
    "lastModified": "2020-07-15T23:03:07.859+0000",
    "resourceType": "ProvisionRequest",
    "correlationId": "d5192a1d-3385-4afc-9e8d-4aeff8b58a48"
    }
}

Result Response

Name Description
id Provisioning request ID. This is a unique number that is used for querying status on the request.
total Total number of operations requests within the request
success The number of operations that were successful within the request.
failed The number of operations that has failed within the request.
pending the provisioning requests is processing
completed the provisioning requests has completed processing
success the user provisioning is successful
correlationId a unique identifier value that is attached to requests and messages that allow reference to a particular request.
location Location to receive status on the provisioning request. 

Retrieve a Detailed Provisioning Request Status

Retrieves a detailed provisioning request status. The detailed status returns the success or failure for each extension/service called to create a profile. The extension responses should be reviewed to determine the provisioning status of each extension. When all extension return success or no-op, the provisioning is complete. When an error is returned, the error should be reviewed and resolved. NOTE: Provisioning status is stored for 7 days from provisioning request.

Scopes

user.provision.read- Refer to Scope Usage for full details.

URI

GET https://{datacenterURI}/profile/v4/provisions/{provision-id}/status?attributes=operations

Parameters

Name Type Format Description
attributes string operations Response includes operations when specified.
startIndex Integer Non-negative Integer The 1-based index of the first result in the current set of list results.
count Integer Non-negative Integer Specifies the desired operations per page.
state string status Filter results based on:[pending, success, failed]

Payloads

Examples

Request

GET https://{datacenterURI}/profile/v4/provisions/0e00f6a4-6798-4f66-9f47-1e944b619b2e/status?attributes=operations

Response

200 OK
Content-Type: application/json
{
    "itemsPerPage": 1,
    "meta": {
        "location": "https://{datacenterURI}/profile/v4/provisions/0e00f6a4-6798-4f66-9f47-1e944b619b2e/status",
        "created": "2021-04-22T15:03:25.975+0000",
        "lastModified": "2021-04-22T15:03:27.558+0000",
        "provisionType": "User",
        "resourceType": "ProvisionRequest",
        "correlationId": "5d15903c-1921-49f1-8d29-329525bb4a4f",
        "completed": "2021-04-22T15:03:27.558+0000"
    },
    "operationsCount": {
        "total": 1,
        "success": 1,
        "failed": 0,
        "pending": 0
    },
    "totalResults": 1,
    "schemas": [
        "urn:ietf:params:scim:schemas:extension:concur:2.0:Provision:Status"
    ],
    "status": {
        "completed": true,
        "success": true
    },
    "id": "ef0bffaf-863f-4b3e-9c4c-bd9c9a8b2ea7",
    "operations": [
        {
            "id": "1",
            "status": {
                "completed": true,
                "success": true
            },
            "resource": {
                "id": "46702256-0123-4e83-83ff-d1a55adfc607",
                "type": "User"
            },
            "bulkId": "gen-temp-bulk-id",
            "extensions": [
                {
                    "name": "urn:ietf:params:scim:schemas:extension:spend:2.0:WorkflowPreference",
                    "status": {
                        "completed": true,
                        "success": true,
                        "code": "200",
                        "result": "no-op"
                    }
                },
                {
                    "name": "urn:ietf:params:scim:schemas:extension:spend:2.0:Role",
                    "status": {
                        "completed": true,
                        "success": true,
                        "code": "200",
                        "result": "no-op"
                    }
                },
                {
                    "name": "urn:ietf:params:scim:schemas:extension:spend:2.0:UserPreference",
                    "status": {
                        "completed": true,
                        "success": true,
                        "code": "200",
                        "result": "no-op"
                    }
                },
                {
                    "name": "urn:ietf:params:scim:schemas:extension:spend:2.0:Approver",
                    "status": {
                        "completed": true,
                        "success": true,
                        "code": "200",
                        "result": "no-op"
                    }
                },
                {
                    "name": "urn:ietf:params:scim:schemas:extension:enterprise:2.0:Payroll",
                    "status": {
                        "completed": true,
                        "success": true,
                        "code": "200",
                        "result": "no-op"
                    }
                },
                {
                    "name": "urn:ietf:params:scim:schemas:core:2.0:User",
                    "status": {
                        "completed": true,
                        "success": true,
                        "code": "200",
                        "result": "success"
                    }
                },
                {
                    "name": "urn:ietf:params:scim:schemas:extension:spend:2.0:User",
                    "status": {
                        "completed": true,
                        "success": true,
                        "code": "200",
                        "result": "no-op"
                    }
                },
                {
                    "name": "urn:ietf:params:scim:schemas:extension:spend:2.0:Delegate",
                    "status": {
                        "completed": true,
                        "success": true,
                        "code": "200",
                        "result": "no-op"
                    }
                },
                {
                    "name": "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
                    "status": {
                        "completed": true,
                        "success": true,
                        "result": "success"
                    }
                },
                {
                    "name": "urn:ietf:params:scim:schemas:extension:travel:2.0:User",
                    "status": {
                        "completed": true,
                        "success": true,
                        "code": "200",
                        "result": "no-op"
                    }
                }
            ]
        }
    ],
    "startIndex": 1
}

Extension Status Response

Section Description
completed Result if the request operation was competed on the extension.
success Result if the extension was successful in completing the operation on the extension.
code Http response code for the operation. 

Result Response

Result Error Code Description
success 200 The extension completed the request successfully.
no-op 200 The extension was not required to updated a record for the request or an upstream process did not complete which blocked the extension. 
error HTTP Error code An issue with the request operation. UPS will respond with Error code and message. When an error is returned, the error should be reviewed and resolved.

Retrieve Supported Resource Types

Retrieves supported resource types.

Scopes

user.provision.read- Refer to Scope Usage for full details.

URI

GET /profile/v4/ResourceTypes
Parameters

None.

Payloads

  • Request: None
  • Response: None

Examples

Request

GET https://{datacenterURI}/profile/v4/ResourceTypes

Response

200 OK
Content-Type: application/json
[
    {
        "schemas": [
            "urn:ietf:params:scim:schemas:core:2.0:ResourceType"
        ],
        "id": "User",
        "name": "User",
        "endpoint": "/Users",
        "description": "Concur User",
        "schema": "urn:ietf:params:scim:schemas:core:2.0:User",
        "schemaExtensions": [
            {
                "schema": "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
                "required": true
            },
            {
                "schema": "urn:ietf:params:scim:schemas:extension:travel:2.0:User",
                "required": false
            },
            {
                "schema": "urn:ietf:params:scim:schemas:extension:spend:2.0:User",
                "required": false
            },
            {
                "schema": "urn:ietf:params:scim:schemas:extension:enterprise:2.0:Payroll",
                "required": false
            },
            {
                "schema": "urn:ietf:params:scim:schemas:extension:spend:2.0:Approver",
                "required": false
            },
            {
                "schema": "urn:ietf:params:scim:schemas:extension:spend:2.0:Delegate",
                "required": false
            },
            {
                "schema": "urn:ietf:params:scim:schemas:extension:spend:2.0:Role",
                "required": false
            },
            {
                "schema": "urn:ietf:params:scim:schemas:extension:spend:2.0:WorkflowPreference",
                "required": false
            },
            {
                "schema": "urn:ietf:params:scim:schemas:extension:spend:2.0:UserPreference",
                "required": false
            }
        ],
        "meta": {
            "location": "https://{datacenterURI}/profile/v4/ResourceTypes/User",
            "resourceType": "ResourceType"
        }
    }
]

Retrieve Supported Schemas

Retrieves supported schemas.

Scopes

user.provision.read- Refer to Scope Usage for full details.

URI

GET /profile/v4/Schemas
Parameters

None.

Payloads

  • Request: None
  • Response: None

Examples

Request

GET https://{datacenterURI}/profile/v4/Schemas

Response

200 OK
Content-Type: application/json
[
    {
      "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "Resources": [
        {
            "schemas": [
                "urn:ietf:params:scim:schemas:core:2.0:Schema"
            ],
            "id": "urn:ietf:params:scim:api:messages:concur:2.0:Error",
            "name": "Concur Error",
            "type": "complex",
            "description": "Concur Error",
            "attributes": [
                {
                    "name": "messages",
                    "type": "complex",
                    "multiValue": true,
                    "description": "Additional messages in case of errors / warnings",
                    "mutabbility": "readOnly",
                    "required": false,
                    "subAttributes": [
                        {
                            "name": "code",
                            "type": "string",
                            "description": "Message Code",
                            "mutabbility": "readOnly",
                            "required": true
                        },
                        {
                            "name": "message",
                            "type": "string",
                            "description": "Message description",
                            "mutabbility": "readOnly",
                            "required": false
                        },
                        {
                            "name": "schemaPath",
                            "type": "string",
                            "description": "Relative schema path of attribute",
                            "mutabbility": "readOnly",
                            "required": false
                        },
                        {
                            "name": "type",
                            "type": "string",
                            "description": "Message Type",
                            "mutabbility": "readOnly",
                            "required": true,
                            "canonicalValues": [
                                "error",
                                "warning"
                            ]
                        }
                    ]
                }
            ],
            "meta": {
                "resourceType": "schemas"
            }
        },
        {
            "schemas": [
                "urn:ietf:params:scim:schemas:core:2.0:Schema"
            ],
            "id": "urn:ietf:params:scim:schemas:extension:concur:2.0:Provision:Status",
            "name": "Provision Status",
            "type": "complex",
            "description": "Provision Status",
            "attributes": [
                {
                    "mutability": "readOnly",
                    "description": "Unique identifier (uuid) for the provisioning request",
                    "returned": "always",
                    "name": "id",
                    "multiValued": false,
                    "type": "string",
                    "uniqueness": "global",
                    "caseExact": false,
                    "required": true
                },
                {
                    "mutability": "readOnly",
                    "description": "Status of the provision request",
                    "returned": "always",
                    "subAttributes": [
                        {
                            "name": "completed",
                            "type": "boolean",
                            "description": "Is provisioning completed?",
                            "mutability": "readOnly",
                            "required": true
                        },
                        {
                            "name": "success",
                            "type": "boolean",
                            "description": "Is provisioning successful?",
                            "mutabbility": "readOnly",
                            "required": false
                        }
                    ],
                    "name": "status",
                    "multiValued": false,
                    "type": "complex",
                    "caseExact": true,
                    "required": true
                },
            ]

Schema

All attributes are considered readWrite unless otherwise specified.

User

User contains the core attributes representing an identity within Concur.

Name Type Format Description
active boolean true/false Required If true, the user is active.
addresses object - A physical mailing address for this user. Supported values (only 1 per type): work, home, other, billing, bank, shipping
addresses.country string - A two-letter country code defined in ISO 3166-1 alpha-2.
addresses.locality string - The city or locality.
addresses.postalCode string - The zip code or postal code.
addresses.region string - The state or region.
addresses.streetAddress string - The full street address component, which may include house number, street name, P.O. box, and multi-line extended street address information.
addresses.type string - A label indicating the function of the address. Supported values: work, home, other, billing, bank, shipping
dateOfBirth string YYYY-MM-DD The user’s date of birth.
displayName string - The name of the user, suitable for public display (givenName + familyName) When nickName is provisioned, nickName replaces givenName.
emails object - Required Email addresses for the user. The value should be canonicalized by the service provider.
dateVerified string - Read Only The date and time the email was verified.
emails.notifications boolean true/false If true, notifications have been opted-in for emails.
emails.type string - A label indicating the attribute’s function. Supported values (only 1 per type): work, home, work2, other, other2
emails.value string - Required Email address value.
emails.verified string - Read Only If true, the email has been verified.
emergencyContacts object - Emergency contact information for the user. Only 1 contact is allowed.
emergencyContacts.country string - A two-letter country code defined in ISO 3166-1 alpha-2.
emergencyContacts.emails string - Emails of the emergency contact.
emergencyContacts.locality string - The city or locality of the emergency contact.
emergencyContacts.name string - Required when provisioning emergency contact for the user. The emergency contact’s name.
emergencyContacts.phones string - Phone numbers of the emergency contact.
emergencyContacts.postalCode string - The zip code or postal code of the emergency contact.
emergencyContacts.region string - The state or region of the emergency contact.
emergencyContacts.relationship string - Required when provisioning emergency contact for the user. The emergency contact’s relationship to the user. Supported values: Spouse, Brother, Parent, Sister, Life Partner, Other
emergencyContacts.streetAddress string - The full street address component, which may include house number, street name, P.O. box, and multi-line extended street address information.
entitlements string - The features enabled for the user. Product user data for the feature must be provisioned for entitlements to function. Supported values: Expense, Invoice, Request, Travel.
externalId string - User identifier from the provisioning client.
id string - Required. Read Only Unique identifier for the user, also known as the UUID.
localeOverrides object - Read Only Support for users who want to override locale settings.
localeOverrides.preference24Hour string - Preferred 24 hour format for the user. Supported values: h:mm AM/PM, H:mm
localeOverrides.preferenceCurrencySymbolLocation string - Preferred currency symbol location for the user. Supported values: BeforeAmount, AfterAmount
localeOverrides.preferenceDateFormat string - Preferred date format for the user.
localeOverrides.preferenceDefaultCalView string - Preferred default calendar view for the user. Supported values: day, week, month
localeOverrides.preferenceDistance string - Preferred distance metric. Supported values: mile, km
localeOverrides.preferenceEndDayViewHour integer - Preferred hour setting for the end of day. Supported values: 0-23
localeOverrides.preferenceFirstDayOfWeek string - Preferred first day of the week for the user.
localeOverrides.preferenceHourMinuteSeparator string - Preferred separator between hour and minute. Supported values: :, .
localeOverrides.preferenceNegativeCurrencyFormat string - Preferred negative currency format for the user.
localeOverrides.preferenceNegativeNumberFormat string - Preferred negative number format for the user.
localeOverrides.preferenceNumberFormat string - Preferred number format for the user.
localeOverrides.preferenceStartDayViewHour integer - Preferred start of day for the user, from 1.
meta object - Read Only
name object - Required The user’s name.
name.academicTitle string - Title signifying level of academic achievement.
name.familyName string - Required The family or last name of the user.
name.familyNamePrefix string - The family name prefix of the user, if applicable.
name.formatted string - The full name of the user, formatted for display. Example: Jensen, Barbara Jane
name.givenName string - Required The given or first name of the user.
name.honorificPrefix string - The honorific or title prefix(es) of the user.
name.honorificSuffix string - The honorific suffix(es) of the user.
name.legalName string - Read OnlyThe legal name of the user.
name.middleInitial string - The middle initial of the user, if applicable.
name.middleName string - The middle name(s) of the user, if applicable.
nickName string - The casual way to address the user. This attribute should not be used to represent a user’s username. Displays as Preferred Name in UI and returns value based on the locale of the viewer. Leave this field blank if the referred name is not applicable, not wanted or required.
phoneNumbers object - Phone numbers for the user. The value should be canonicalized by the service provider according to the format specified in RFC 3966. Duplicates are not allowed for types other than mobile.
phoneNumbers.display string - A human-readable phone number for display.
phoneNumbers.notifications boolean true/false If true, notifications have been opted in for phone numbers. This is only available for mobile phone numbers.
phoneNumbers.primary boolean true/false If true, this is the primary mobile device. This is only available for mobile phone numbers. One mobile phone number must be set as the primary number and only one phone number can be set to primary at a time.
phoneNumbers.type string - A label indicating the attribute’s function. Supported values (only 1 per type): work, home, mobile, fax, pager, other
phoneNumbers.value string - Required when provisioning a phone number for the user. The phone number value.
preferredLanguage string - Indicates the user’s preferred written or spoken language. SAP Concur supports these languages and codes. Default: en-US
timezone string - The user’s time zone in the Olson time zone database format. See Time Zones Default: America/New_York
title string - The user’s job title in the company.
userName string user@domain Required The name that can be used to login to Concur Travel and Expense. NOTE: The userName must be unique across all SAP Concur products. If a userName is currently in use in any SAP Concur product, it cannot be assigned again unless the original occurrence is changed. For example, assume that a userName was assigned in error. That userName can only be used again if an admin (either manually or via import) renames the original occurrence, allowing the userName to be used again. The following characters cannot be used as a value for this record: % [ # ! * & ( ) ~ ‘ { ^ } \ / ? > < , ; : + = ] double quotes and pipe.

Enterprise User

Enterprise User contains the attributes representing representing users that belong to, or act on behalf of a business enterprise

Name Type Format Description
companyId string - Required. Immutable The SAP Concur ID of the company.
costCenter string - The employee cost center for product. The value of this parameter is provisioned and is not related to the Concur Expense costCenter.
department string - Client supplied department name. The value of this parameter is provisioned and is not related to the Concur Expense department.
division string - Client supplied division name. The value of this parameter is provisioned and is not related to the Concur Expense division.
employeeNumber string - Client supplied employee number within the company, unique for the company.
manager object - The user’s line manager. To provision manager of this user, use UUID of the manager. Manager field does not automatically sync to any approver or delegate.
manager.$ref string - The URI of the SCIM resource representing the manager.
manager.displayName string - Read Only The managers display name.
manager.employeeNumber string - The managers employee number.
manager.value string - The Manager UUID. Required when provisioning the manager.
organization string - Read Only The company name.
startDate string YYYY-MM-DD'T'hh:mm:ss'Z The user’s start date. The date range is from 1900-01-01 to 2079-06-06
terminationDate string YYYY-MM-DD'T'hh:mm:ss'Z The user’s termination date. If the employee is terminated, this can also be used to calculate the data retention period. The date range is from 1900-01-01 to 2079-06-06.
leavesOfAbsence object - An absence from the company by a user with the consent of the company for a period of time.
leavesOfAbsence.startDate string YYYY-MM-DD Required Start of leave.
leavesOfAbsence.endDate string YYYY-MM-DD End of leave.
leavesOfAbsence.type string `` Type of leave. Supported values: voluntary, mandatory

Spend User

Spend User provides the basic properties of a Spend Identity.

Name Type Format Description
reimbursementCurrency string - Required when using Spend User extension. Valid three digit currency code in the list of system reimbursement currencies.
reimbursementType string - The reimbursement type for the user. Supported values: ACCOUNTS_PAYABLE, ADP_PAYROLL, CONCUR_PAY, OTHER.
Not a Required field type, but if used, please notes ADP Extension if the ADP_PAYROLL reimbursement method type is specified in this field.
Note: For Standard entity, please also send in Custom21.
ledgerCode string - Ledger code to associate with the user.
country string - Required when using Spend User extension. Valid ISO 3166 country code.
budgetCountryCode string - Valid ISO 3166 country code for Budget.
stateProvince string - Valid ISO sub country code. Example: WA
locale string - Required when using Spend User extension. Valid locale from the list of configured locales as defined in [RFC5646]. Example: en-US
cashAdvanceAccountCode string - Valid cash advance account code.
testEmployee boolean true/false A Boolean value indicating whether the user is a test user. Can not be modified after the user is created. Can only be set at creation.
nonEmployee boolean true/false A Boolean value indicating whether the user is a non-employee.
biManager UserReference - The employee ID of the Reporting Manager. Must be an existing employee ID or in current import. No circular reporting among users is supported, field is nulled if logic in error.
biHierarchy BiHierarchy - The object contains the long code and the sync guid of the last list item in Reporting Hierarchy.
customData CustomData - The Custom Data associated with this user.

BIHierarchy

BIHierarchy is the object that contains the long code and the sync guid of the last list item in Reporting Hierarchy.

Name Type Format Description
code string - The long code of the last list item in Reporting Hierarchy.
syncGuid string - The sync guid of the last list item in Reporting Hierarchy.
href URL - The URI to the last list item in Reporting Hierarchy.

Custom Data

Custom Data is the object used as the value of customData in the Spend User Extension.

NOTE: The associated type or field of the custom data needs to be checked from the forms and fields.

Name Type Format Description
id string - custom1 - custom22, orgUnit1 - orgUnit6
value string - Value of the custom field. For list = List Item Code.

ADP Extension

ADP Extension provides the ADP setting associated with a Spend Identity.

NOTE: ADP Extension should only be used when reimbursementType is specified as ADP_PAYROLL.

Name Type Format Description
adp ADP - ADP settings for a Spend User.

ADP User

ADP is the object that defines the properties for the ADP settings and used in the ADP extension.

Name Type Format Description
companyCode string - Required when using Spend ADP extension. The company code for the Spend User within ADP.
deductionCode string - Required when using Spend ADP extension. The deduction code for the Spend User within ADP.
employeeFileNumber string - Required when using Spend ADP extension. The identifier for the Spend User within ADP, also known as the Employee File Number.

Approver Extension

Approver Extension provides the approvers associated with a Spend Identity.

NOTE: In order to be assigned as an approver, the user must have the corresponding value of spend role for each product. Refer to Spend Role Extension for how to assign a spend role.

Name Type Format Description
report SpendApprover - A user’s expense report approvers.
cashAdvance SpendApprover - A user’s cash advance approvers.
request SpendApprover - A user’s request approvers.
invoice SpendApprover - A user’s invoice approvers.
purchaseRequest SpendApprover - A user’s purchase request approvers.
statement SpendApprover - A user’s statement approvers.
budget SpendApprover - A user’s budget approvers.

Spend Approver

Spend approver is the object for representing an approver that is used in the Approver Extension.

Name Type Format Description
approver UserReference - Required The UserReference of the approver.
primary boolean true/false Required If true, the associated user is primary approver.
NOTE: Only Report and Request support non-primary approver.

Approver Limit Extension

Approver Limit Extension provides the approver limits associated with a Spend Identity.

Name Type Format Description
costObjectApprover SpendApproverLimitConfig - The user’s cost object approver’s approver limits.
authorizedApprover SpendApproverLimitConfig - The user’s authorized approver’s approver limits.

Spend Approver Limit Config

Spend approver limit config is the object that represents an approver limit that is used in the Approver Limit Extension.

Note: The Approval Feature Hierarchy must be configured within the SAP Concur platform for the approvalGroup attribute to be provisionable.

Hierarchies are a connected list within the SAP Concur platform. The individual approvalGroup node is defined by the list item codes concatenated by a hyphen. For example, if the connected list hierarchy is configured with the structure “Research and Development(R&D) -> Quality Assurance(QA) -> Expense Team(Exp)”, the value of the approvalGroup is “R&D-QA-Exp”.

Name Type Format Description
approvalType string expense/payment/request/purchaseRequest Delegate options for changing Expense, Invoice, Request, or Purchase Request.
exceptionApprovalAuthority boolean true/false Indicate whether this approval config has the exception authority.
approvalLimit double - The upper bound of the approval authority.
reimbursementCurrency string - Valid three digit currency code in the list of system reimbursement currencies.
approvalGroup string - Group / Segment to be associated with the approval rights; if blank, resolves to the global group. Refer to the format presented in Role Object for how to assign a Group/Segment to the user. Must provision an item from the List Item Code
level integer - The approval level of the user. This denotes the sequential order in which the user(s) will approve the report or request.

Spend Delegate

NOTE: In order to be delegated as a delegate, the user itself must have the same corresponding value of spend role for each product as the user delegated for. Refer to Spend Role Extension for how to assign a spend role. The user being provisioned as a delegate must be active within the SAP Concur platform.

Name Type Format Description
expense SpendDelegate - The user’s expense delegates.
payment SpendDelegate - The user’s payment delegates.
purchaseRequest SpendDelegate - The user’s purchase request delegates.

Spend Delegate Object

Spend delegate is the object that represents a delegate that is used in the Delegate Extension.

Name Type Format Description
canApprove boolean true/false If true, the delegate can approve.
canPrepare boolean true/false If true, the delegate can prepare.
canPrepareForApproval boolean true/false If true, the delegate can prepare for approval.
canReceiveApprovalEmail boolean true/false If true, the delegate can receive approval emails.
canReceiveEmail boolean true/false If true, the delegate can receive emails.
canSubmit boolean true/false If true, the delegate can submit.
canSubmitTravelRequest boolean true/false If true, the delegate can submit travel requests.
canUseBi boolean true/false If true, the delegate can use BI.
canViewReceipt boolean true/false If true, the delegate can view receipts.
delegate UserReference - The UserReference to the delegate.
temporaryDelegation TemporaryDelegate - Determines if delegate can temporarily approve.

Temporary Delegate

Temporary delegate is the object that defines the temporary start date and end date’s delegate permission.

Name Type Format Description
temporaryDelegationFromDate string - Start date for delegate’s temporary approval permission.
temporaryDelegationToDate string - End date for delegate’s temporary approval permission.

Spend Role

Spend Role provides the spend roles associated with a Spend Identity.

Name Type Format Description
roles Role - Expense roles for a Spend User.

Role Object

Role is the object that defines the spend role and groups, which is used in the Spend Role extension.

Each group-based role in the system is assigned to a specific feature hierarchy that is defined by a customer list. Each roleGroup represents the assignment of the specified role to a particular node of that hierarchy and each group-based role can be assigned to one or more nodes.

Hierarchies are defined by a connected list, the individual roleGroup node is defined by the list item codes concatenated by a hyphen. For example, if the feature hierarchy list is configured with the structure “Research and Development(R&D) -> Quality Assurance(QA) -> Expense Team(Exp)”, the value of the roleGroups is “R&D-QA-Exp”.The structure of the hierarchy for a given role can be viewed by navigating to the “Permissions Administrator” screen. There are two modes for navigating and assigning roleGroups: Default and Named Groups. The mode to be used is based on the “Use Named Groups” site setting.

By default, the hierarchy structure is navigable via a tree control, and each node of the tree is available for assigning a role. With the “Use Named Groups” feature turned on, only nodes that have been “named” in the Group Configurations screen are available for Role assignment. See the documentation on Named Groups for more information on this feature.

Name Type Format Description
roleName string - Required Spend role for a Spend User.
roleGroups string array - Required Group(s) to be associated with the Spend role.

NOTE: Please refer to the Spend Role Codes page for the available value of roleName.

Spend User Preference Extension

User Preference Extension provides the properties of user’s preference associated with a Spend Identity.

Name Type Format Description
showImagingIntro boolean true/false If true, displays imaging introduction. Default: true
expenseAuditRequired string - Expense audit is required. Supported values: NEVER, REQUIRED, ALWAYS
allowCreditCardTransArrivalEmails boolean true/false If true, allows credit card transaction arrival notification emails. Default: true
allowReceiptImageAvailEmails boolean true/false If true, allows credit card transaction arrival notification emails. Default: true
promptForCardTransactionsOnReport boolean true/false If true, displays a prompt for company card transactions when creating a new report. Default: true
autoAddTripCardTransOnReport boolean true/false If true, adds company card transactions within trip dates to one (1) click expense report.
promptForReportPrintFormat boolean true/false If true, displays a prompt for the report format before printing.
defaultReportPrintFormat string - Default expense report print type. Supported values: RECEIPTS. DETAILED, FAX
showTotalOnReport boolean true/false If true, displays report totals on detailed report.
showExpenseOnReport string - Show expenses on detailed report. Supported values: ALL, PARENT, NOTHING
showInstructHelpPanel boolean true/false If true, displays instructional help. Default: true
useQuickItinAsDefault boolean true/false If true, uses quick itinerary as default.

Invoice Preference Extension

Invoice Preference Extension provides the properties of user’s invoice preference associated with a Spend Identity.

Name Type Format Description
emailOnPurchasingAssigned boolean true/false If true, send email when a request is assigned to purchasing.
emailOnPurchasingSendBack boolean true/false If true, send email when a request is sent back from purchasing.
emailOnFaxImageAvailablePaymentRequest boolean true/false If true, send email when a fax image is available for a payment request.
promptNewLineItemsPaymentRequest boolean true/false If true, prompt a user with a window to create new line items when creating a new payment request.
displayInlineImage boolean true/false If true, display image inline.
autoOpenImage boolean true/false If true, auto open image.

Spend Workflow Preferences

Workflow Preference Extension provides the properties of user’s workflow preference associated with a Spend Identity.

Name Type Format Description
emailStatusChangeOnCashAdvance boolean true/false If true, an email is sent when the cash advance status changes. Default: true
emailAwaitApprovalOnCashAdvance boolean true/false If true, an email is sent when a cash advance is awaiting approval. Default: true
emailStatusChangeOnReport boolean true/false If true, an email is sent when the report status changes. Default: true
emailAwaitApprovalOnReport boolean true/false If true, an email is sent when a report is awaiting approval. Default: true
promptForApproverOnReportSubmit boolean true/false If true, a prompt for approver is displayed when submitting a report. Default: false
emailStatusChangeOnTravelRequest boolean true/false If true, an email is sent when the travel request status changes. Default: true
emailAwaitApprovalOnTravelRequest boolean true/false If true, an email is sent when a travel request is awaiting approval. Default: true
promptForApproverOnTravelRequestSubmit boolean true/false If true, a prompt for approver is displayed when submitting a travel request. Default: false
emailStatusChangeOnPayment boolean true/false If true, an email is sent when the payment status changes. Default: true
emailAwaitApprovalOnPayment boolean true/false If true, an email is sent when a payment is awaiting approval. Default: true
promptForApproverOnPaymentSubmit boolean true/false If true, a prompt for approver is displayed when submitting a payment. Default: false

User Reference

User Reference is the object that defines the identifier fields of a User.

Name Type Format Description
value string uuid The unique universal identifier of the Spend User.
employeeNumber string - The employee number of the Spend user.

Travel User

The Travel User Extension provides the basic properties of a Travel Identity.

Name Type Format Description
ruleClass object - Required when using travel user extension. Defines the rule class for the travel user either ID or name should be provided. Value must exactly match Travel Class name maintained in Travel. ruleClass can be found under: Administration -> Travel -> Travel Admin.
id integer - The valid rule class ID to be assigned.
name string - The valid name of rule class.
travelNameRemark string - The travel name remark.
travelCrsName string - The name of the profile in the GDS system.
groups integer - List of user groups that user belongs to for certain permissions. Group ID can be found under: User Administration -> (Search for user) -> Travel Settings: User Group Membership (Group Id)
manager object - Travel approver of this user.
employeeNumber string - The referenced manager user’s employee number.
value string - The referenced managers user’s UUID.
customFields object - User can set values to custom data fields.
name string - The name of the custom field. Fields names can be found under Administration Company Admin -> Manage Custom Fields.
value string - The value for the given custom field.
gender string - The gender of travel user.
orgUnit string - The name of the org unit user belongs to.

SAP User

User reference identifier for a user’s SAP Global ID. Used for intra SAP service communication. This requires the identity.user.sap.writeonly and identity.user.sap.read scopes.

Name Type Format Description
userUuid string uuid User’s SAP Global ID.

Bulk Request

Name Type Format Description
schemas string - -
Operations object - -
data User - -
method string - The HTTP method.
bulkId string - Required for POST Transient identifier of newly created resource, unique within a bulk request.
path string - The resource path.

Provision Status

Name Type Format Description
id string UUID Unique identifier for the provisioning request.
operations object - The status of each operation of the provisioning request.
extensions object - The extensions’ status.
messages object - Additional messages in case of errors/warnings.
code string - Message code.
message string - The message description.
schemaPath string - Relative schema path of attribute.
type string - Message type. Supported values: error, warning, user
name string - Extension name.
status object - Status of the operation.
code string - HTTP status code.
completed boolean true/false If true, the processing extension is complete.
result string - The current processing status.
success boolean true/false If true, the processing extension was successful.
id string - Identifier of the operation.
resource object - Resource details.
id string UUID Unique identifier of the resource.
type string - Resource type.
status object - Status of the operation.
completed boolean true/false If true, the provisioning is complete.
success boolean true/false If true, the provisioning is successful.

UserList

Name Type Format Description
totalResults integer - The total number of results matching the client query.
itemsPerPage integer - The number of query results returned in a query response page.
startIndex integer - The 1-based index of the first result in the current set of query results.
Resources User - -

Schema List

Name Type Format Description
totalResults integer - The total number of results matching the client query.
itemsPerPage integer - The number of query results returned in a query response page.
startIndex integer - The 1-based index of the first result in the current set of query results.
Resources Schema - -

Resource Type

Name Type Format Description
attributes Schema Extension - The resource’s extensions.
description string - The resource type’s human-readable description.
endpoint string - The resource’s HTTP addressable endpoint relative to the base URL. Example: /Users
id string - The resource type’s server unique id.
name string - The resource type name.
schema string - The resource’s associated schema.

Schema Extension

Name Type Format Description
schema string - The URI of an extended schema.
required boolean - A Boolean value that specifies whether or not the schema extension is required for the resource type.

Schemas

Name Type Format Description
id string - The unique URI of the schema.
name string - The schema’s human-readable name.
type string - The description of the object.
description string - The schema’s human-readable description.
attributes string - attributes of the schema.

Attributes

Name Type Format Description
name string - The attribute’s name.
type string - The attribute’s data type. Supported values are: string, boolean, decimal, integer dateTime reference and complex
multiValued boolean - A Boolean value indicating the attribute’s plurality.
description string - The attribute’s human-readable description.
required boolean - A Boolean value that specifies whether or not the attribute is required.
canonicalValues string - A collection of suggested canonical values.
subAttributes boolean - When an attribute is of type complex, subAttributes defines a set of sub-attributes.
caseExact boolean - A Boolean value that specifies whether or not a string attribute is case sensitive
mutability string - A single keyword indicating the circumstances under which the value of the attribute can be (re)defined. Refer to RFC 7643 Schema Definition
maxLength integer - The maximum length of the returned value.
returned string - A single keyword that indicates when an attribute and associated values are returned in response to a GET request or in response to a PUT, POST, or PATCH request.
uniqueness string - A single keyword value that specifies how the service provider enforces uniqueness of attribute values. Supported values are: none, server, global
referenceTypes string - A multi-valued array of JSON strings that indicate the SCIM resource types that may be referenced.

Service Provider Configuration

Name Type Format Description
authenticationSchemes AuthenticationSchemes - Specifies supported authentication schema properties.
bulk ServiceProviderConfigSetting - Details about the feature support for the service provider.
changePassword ServiceProviderConfigSetting - Details about the feature support for the service provider.
documentationUrl string - Required An HTTP addressable URL pointing to the service provider’s help documentation.
etag ServiceProviderConfigSetting - Details about the feature support for the service provider.
filter ServiceProviderConfigSetting - Details about the feature support for the service provider.
patch ServiceProviderConfigSetting - Details about the feature support for the service provider.
sort ServiceProviderConfigSetting - Details about the feature support for the service provider.

Service Provider Config Setting

Name Type Format Description
supported boolean true/false If true, the feature is supported.

Concur Error

Name Type Format Description
messages object - Additional messages in case of errors/warnings.
code string - The error message code.
message string - The error message description.
schemaPath string - The relative schema path of attribute.
type string - The error message type. Supported values: error, warning

Error Response

Name Type Format Description
scimType string - The SCIM detail error keyword.
detail string - The human readable message.
status string - The HTTP status code.

Definitions

Name Type Format Description
dateTime string - DateTime of where the transaction happened in format specified in ISO 8601, using UTC + Offset. For example, 2016-04-22T12:20+0700 (12:20 PM in Pacific Time).

Additional Resources

On this page