Coupa Provisioner

Configuring Coupa for SAML SSO

About this task

For assistance configuring Coupa for SAML single sign-on (SSO), Coupa recommends you send your prepared idp-metadata.xml to their support team or your Coupa Implementation Administrator along with:

  • Login page URL

  • Logout page URL

  • Timeout URL

  • A test user that exists in your identity provider (IdP)

Steps

  1. Sign on to your Coupa account as an administrative user.

  2. Click the Setup tab.

  3. In the Company Setup section, click Security controls.

  4. Import the idp-metadata.xml that you prepared above into the Upload IdP metadata field.

    During development and testing of the Coupa connector, Ping Identity was unable to upload the idp-metadata.xml into Coupa without receiving errors. Coupa Support assisted with this configuration.

  5. Select the Advanced Options checkbox.

  6. In the Login page URL field, enter the Login page URL:

    Choose from:

    • SP-initiated SSO: Enter https://prdsso40.cloudcoupa.com/sp/startSSO.ping?PartnerIdpId=YOUR_PF_ENTITY_ID&TARGET=https://YOUR_COUPA_SUBDOMAIN.cloudcoupa.com/sessions/saml_post

    • IdP-Initiated SSO: Points to the login page of your IdP.

  7. In the Logout page URL field, enter the Logout page URL.

    The Logout page URL is set to where your users should be directed when they sign off of Coupa.

  8. In the Timeout URL field, enter the Timeout URL.

    The Timeout URL is set to where your users should be directed if their session times out before they sign on.

  9. Click Save.