For assistance in configuring Coupa for SAML single sign-on (SSO), Coupa recommends you send your prepared idp-metadata.xml to their support team or your Coupa Implementation Adminstrator along with:
- Login page URL
- Logout page URL
- Timeout URL
- A test user that exists in your identiy provider (IdP)
- Sign on to your Coupa account as an administrative user.
- Click the Setup tab.
- In the Company Setup section, click Security controls.
Import the idp-metadata.xml that you prepared above into the
Upload IdP metadata field.
During development and testing of the Coupa connector, we were unable to upload the idp-metadata.xml into Coupa without receiving errors, so we did contact Coupa to assist with this configuration.
- Select the Advanced Options check box.
In the Login page URL field, enter the Login page URL:
- SP-initiated SSO: Enter https://prdsso40.cloudcoupa.com/sp/startSSO.ping?PartnerIdpId=YOUR_PF_ENTITY_ID&TARGET=https://YOUR_COUPA_SUBDOMAIN.cloudcoupa.com/sessions/saml_post
- IdP-Initiated SSO: Points to the login page of your IdP.
In the Logout page URL field, enter the Logout page
The Logout page URL is set to where your users should be directed when they sign off of Coupa.
In the Timeout URL field, enter the Timeout URL.
The Timeout URL is set to where your users should be directed if their session times our before they sign on.
- Click Save.