Enterprise Resource Planning Blogs by SAP
Get insights and updates about cloud ERP and RISE with SAP, SAP S/4HANA and SAP S/4HANA Cloud, and more enterprise management capabilities with SAP blog posts.
Showing results for 
Search instead for 
Did you mean: 

Help protect your business from common identity attacks with one simple action.

In the current digital sphere, security remains a paramount issue. With over 24 billion usernames and passwords circulating on the dark web as of June 2022, the vulnerability of traditional login credentials is evident. Hackers continually refine their tactics, making usernames and passwords susceptible to a range of threats, including unauthorized access, brute force attacks, and various cyber threats like phishing, credential stuffing, and breaches by malicious third parties. The inherent reliability of passwords alone falls short of the robust protection necessary in today's landscape. Cyber attackers possess the capability to test billions of password combinations within seconds, underscoring the urgent need for more secure authentication methods.

Here at SAP Concur, we are committed to providing a secure and trustworthy platform for all our users.

Today, I am excited to share that we’re taking steps to help you do just that. As of Oct 18, 2023 we launched the two-factor authentication feature for all users who sign into Concur using a Concur username and password. All users who employ basic authentication (entering an SAP Concur username and password) when signing in at www.concursolutions.com on web or on the mobile app will be required to set up two-factor authentication (2FA) at the time of their next sign-in.

What is 2FA?

Two-factor authentication, as the name suggests, adds an extra layer of security beyond the traditional username and password combination. It requires users to provide two different authentication factors to verify themselves, significantly reducing the risk of unauthorized access.

How does it work?

Once you enter your Concur username and password, you will receive an email with a link to set up 2FA.

Scan the QR code using any authenticator app of your choice on your mobile device or browser extension and add your SAP Concur account to 2FA by entering the 6-digit code generated by your authenticator app into the Authentication Code field. Authenticator Apps such as Microsoft or Google Authenticators are generally free and available for download at no extra cost to the user or company.

For a step-by-step guide on how to enroll in 2FA, how to reset MFA , and how to manually add your account without scanning QR code - please check out our setup guide: Two-Factor Setup Guide for End Users

If you have enabled the feature to opt out of the email enrollment for 2FA  (located under the Authentication Admin menu),  the users in your company will directly receive the QR code screen after entering the Concur username and password. Use this option at your own discretion as using the email enrollment is more secure than having a user directly receive the QR code after entering the username/password.

Adoption and Implementation

As concerns about online security continue to rise, many platforms and services have been swift to implement 2FA. Major players in tech, finance, and social media have made it a standard feature, encouraging users to enable this extra layer of security.

2FA in Concur is automatically enabled for any user attempting to sign in using Concur username and password. There is no activation required.


Why settle for ordinary security when one extra step can help keep your personal information secure? Don't take the risk - here are some reasons why you should embrace the advantages of 2FA:

  • Increased Security: By necessitating an extra authentication step, 2FA substantially enhances security, minimizing the risks linked to password theft or brute force attacks.

  • Diminished Susceptibility to Phishing: Even if assailants acquire login credentials via phishing endeavors, 2FA serves as a barrier, obstructing unauthorized entry without the secondary authentication element.

  • Dual Defense Mechanism: 2FA introduces an additional security layer beyond your password, mandating not only something you know (like your password) but also something you possess (such as your mobile device) to log in. This significantly heightens the difficulty for unauthorized individuals seeking access to your account.

Addressing Common Misconceptions

Despite the enhanced security provided by 2FA for your accounts, there might be misunderstandings among employees regarding its utilization.

  • It is perceived as time-consuming: Admittedly, 2FA introduces an additional step to the login process, yet typically, it only takes a few seconds. The brief delay is a minor sacrifice in exchange for a substantial boost in account security.

  • It is considered complex: While 2FA may appear intricate, it is, in fact, fairly straightforward. Most often, it involves a simple action like entering a code received on your email or mobile device.

  • It is seen as unnecessary: Some individuals might believe their accounts are secure enough with a strong password alone. However, the reality is that no one is exempt from potential cyberattacks, and even robust passwords can be compromised.


Activating 2FA transcends mere choice; it embodies a responsibility—a modest yet crucial move in protecting our personal information. Embracing Two-Factor Authentication signifies a substantial leap toward a more secure online environment. Within your SAP Concur accounts lie sensitive personal data related to Travel & Expenses, and by enabling 2FA, you erect a robust defense against potential intrusions. While the journey toward complete adoption might present obstacles, the dividends in security and peace of mind outweigh any challenges faced.