Our catalog element Concur is currently supporting all API v3 endpoints scopes that are listed below: https://developer.concur.com/api-reference/authentication/scopes.html#connectscopes
Also, if the Concur scopes are desired to be limited per user, this action can be achieved by limiting the user's permission for each of the below Concur products:
To confirm the above scenario, you can test by provisioning a Concur instance with the scopes provided in API V4 list like company.read, creditcardaccount.read, expense.report.read. The instance will not be created because the provided scopes are invalid.
