Cookie Statement

This Cookie Statement was updated on January 08th, 2026.

This Cookie Statement describes how SAP Concur uses cookies and similar technologies to collect and store information when you use the Cloud Service at concursolutions.com.

What are cookies and similar technologies?

Cookies are small files placed on your device (computer, tablet or smartphone). When you access a website, a cookie is placed on your device and it will send information to the party that placed the cookie.

There are other technologies that perform a similar function to cookies. These include web beacons, clear gifs, and social plug-ins. These are often used in conjunction with cookies to help a website owner understand its users better. For more information about these other tracking technologies, please click the “Cookie Preferences” link in the footer of the webpage.

What are first party cookies?

SAP Concur’s websites contain first party cookies. First party cookies are cookies that are specific to the website that created them. These cookies enable SAP Concur to operate an efficient service and to track patterns of user behavior to SAP Concur’s website.

What are third party cookies?

The difference between a first party cookie and a third party cookie relates to who places the cookie on your device. SAP uses certain third party cookies to provide basic site functionality, as well as to improve functionality and support product analysis, and manage business operations and may authorize certain third parties to place Cookies on your device.

What cookies are used on SAP Concur websites?

SAP Concur wants you to be in a position to make an informed decision for or against the use of cookies which are not strictly necessary for the website’s technical features.

When tracking and evaluating the usage behavior of users of the website by means of cookies or similar technologies includes the processing of your personal data, SAP Concur is conducting the processing based on the following legal permissions:

(i) GDPR Article 6.I (a) if it is necessary that we ask you for your consent to process your personal data;
(ii) GDPR Article 6.I (b) if necessary to fulfill (pre-)contractual obligations with you;
(iii) GDPR Article 6.I (f) if necessary to fulfill (pre-)contractual obligations with the company or other legal body you represent as a customer contact (legitimate interest to efficiently perform or manage business operation of SAP Concur);
(iv) or equivalent legal permissions under other relevant national laws, when applicable.

SAP Concur differentiates between Required Cookies that are absolutely necessary to enable technical core functionalities, Functional Cookies that allow SAP Concur to analyze the site usage, and Advertising Cookies that may be used to serve ads relevant to your interests or which relate to SAP Concur’s marketing activities.

Required Cookies

Name	Purpose	Lifespan
_abck	Prevents bot and fraud activity by detecting and blocking automated traffic.	365 days
_csrf	Prevents Cross-Site Request Forgery (CSRF) attacks.	Session
ak_bmsc	Prevents bot and fraud activity by detecting and blocking automated traffic.	2 hours
akacd_*	Enables phased releases by managing access volume per version through the Akamai Web Application Firewall.	Session
AWSALBTG	Optimizes network resource usage by assigning a sticky session to a target group via this cookie in Amazon Web Services Elastic Load Balancing.	7 days
AWSALBTGCORS	Enables session stickiness for cross-origin resource sharing (CORS) by requiring the SameSite attribute in Amazon Web Services Elastic Load Balancing.	7 days
bm_sv	Prevents bot and fraud activity by detecting and blocking automated traffic.	2 hours
bm_sz	Prevents bot and fraud activity by detecting and blocking automated traffic.	2 hours
brandingid	Display customer logo on the page, if available.	Session
cmapi_cookie_privacy	Understands granular consent based on the website visitor’s preferences and integrates Google Tag Manager accordingly.	13 months
cmapi_gtm_bl	Stores a list of blacklisted tags and personalizes Google Tag Manager accordingly.	13 months
cookie_3rdparty	Supports TrustArc functions for managing and utilizing third-party cookies.	1 minute
JWT	Stores the JSON Web Token (JWT) currently issued to the user.	1 hour
notice_gdpr_prefs	Stores the visitor’s selections made on the TrustArc cookie consent management pop-up and submits the selected cookie categories (Required, Functional, Advertising).	13 months
notice_preferences	Understands consent behavior based on the use of the legacy “Slider UI” version.	13 months
OTDefaultLang	Stores the current language as the default language.	13 months
OTLang	Stores the current language for the session.	Session
OTSEC670817	Verifies whether the session value matches the user’s session.	Session
OTSESSIONAABQRD	Stores the session ID for the user’s current session.	Session
OTSESSIONAABQRN	Stores the session ID for the user’s current session in legacy format.	Session
ottcode	Stores a one-time token code required for legacy login flows.	Session
TAsessionID	Supports reporting for the TrustArc Cookie Consent Manager.	30 minutes
token_test	Supports TrustArc functions for managing and utilizing third-party cookies.	1 minute

Functional Cookies

Name	Purpose	Lifespan
dtCookiebpvp8c5z	Tracks a visit across multiple requests.	Session
dtCookied7d7pgji	Tracks a visit across multiple requests.	Session
dtPCbpvp8c5z	Identifies the appropriate endpoints for beacon transmission and includes the session ID for correlation.	Session
dtPCd7d7pgji	Identifies the appropriate endpoints for beacon transmission and includes the session ID for correlation.	Session
dtSabpvp8c5z	Stores page-spanning user actions (such as “Click on Login”) across different pages, preserving contextual information across page loads.	Session
dtSad7d7pgji	Stores page-spanning user action names (such as “Click on Login”) across different pages to preserve contextual information across page loads.	Session
origin_dc	Stores the datacenter the user last logged into to redirect the user to the correct data center.	Session
rxVisitorbpvp8c5z	Stores the visitor ID to correlate sessions.	Session
rxVisitord7d7pgji	Stores the visitor ID to correlate sessions.	Session
rxvtbpvp8c5z	Specifies the session timeout.	Session
rxvtd7d7pgji	Specifies the session timeout.	Session
s_ac	Determines the correct domain for setting AppMeasurement cookies. Contains the static value “1” and is deleted immediately after being set.	Session
s_cc	Allows Adobe Analytics to determine whether cookies are enabled in your browser.	Session
s_fid	Identifies a unique visitor when the standard s_vi cookie is unavailable due to third-party cookie restrictions.	400 days
swbmicro	Supports the Service Workbench.	Session
travel_outtask_id	Determines whether usage is coming from the US or EU data center.	30 days

Advertising Cookies

Name	Purpose	Lifespan
_gcl_au	Used by Google Tag Manager to mark users as associated with existing SAP Concur customers in order to enable the suppression of paid media advertisements across Google domains for such users.	3 months
_uetsid	Used by Microsoft to mark users as associated with existing SAP Concur customers in order to enable the suppression of paid media advertisements across Microsoft domains for such users.	1 day
_uetvid	Used by Microsoft to mark users as associated with existing SAP Concur customers in order to enable the suppression of paid media advertisements across Microsoft domains for such users.	390 days
IDE	Used by Google Tag Manager to mark users as associated with existing SAP Concur customers in order to enable the suppression of paid media advertisements across Google domains for such users.	400 days
MR	Used by Microsoft to mark users as associated with existing SAP Concur customers in order to enable the suppression of paid media advertisements across Microsoft domains for such users.	7 days
MUID	Used by Microsoft to mark users as associated with existing SAP Concur customers in order to enable the suppression of paid media advertisements across Microsoft domains for such users.	390 days

How can you manage and delete Cookies?

SAP Concur provides you with the option to adjust your preferences for Functional cookies when such cookies are placed on your device by the website. In such a case, you can access preferences at any time by clicking on the “Cookie Preferences” link in the footer of the webpage.

You can also block and delete cookies by changing your browser settings. To manage cookies using your browser settings, most browsers allow you to refuse or accept all cookies or only to accept certain types of cookies. The process for the management and deletion of cookies can be found in the help function integrated in your browser.

If you wish to limit the use of cookies, you may not be able to use all the interactive functions of our website.