Coupa
Last reviewed: about 1 year ago
This guide covers how to configure Coupa ↗ as a SAML application in Cloudflare Zero Trust.
- An identity provider configured in Cloudflare Zero Trust
- Admin access to a Coupa Stage or Production account
- In Zero Trust ↗, go to Access > Applications.
- Select Add an application > SaaS > Select.
- For Application, enter
Coupaand select the corresponding textbox that appears.
- For the authentication protocol, select SAML.
- Select Add application.
- Fill in the following fields:
- Entity ID:
sso-stg1.coupahost.comfor a stage account or
sso-prd1.coupahost.comfor a production account
- Assertion Consumer Service URL:
https://sso-stg1.coupahost.com/sp/ACS.saml2for a stage account or
https://sso-prd1.coupahost.com/sp/ACS.saml2for a production account
- Name ID format: Email
- Entity ID:
- Copy the Access Entity ID or Issuer and SAML Metadata Endpoint.
- In Default relay state, enter
https://<your-subdomain>.coupahost.com/sessions/saml_post.
- Configure Access policies for the application.
- Save the application.
- Paste the SAML metadata endpoint from application configuration in Cloudflare Zero Trust in a web browser.
- Follow your browser-specific steps to download the URL's contents as an
.xmlfile.
- In Coupa, go to Setup > Company Setup > Security Controls.
- Under Sign in using SAML, turn on Sign in using SAML.
- In Upload IdP metadata, select Choose File, and upload the
.xmlfile you downloaded in step 2. Download the metadata file.
- Turn on Advanced Options.
- For Sign in page URL and Timeout URL, enter
https://sso-stg1.coupahost.com/sp/startSSO.ping?PartnerIdpId=<access-entity-id-or-issuer>&TARGET=https://<your-subdomain>.coupahost.com/sessions/saml_postusing the Access Entity ID or Issuer from application configuration in Cloudflare Zero Trust.
- Select Save.
- In Coupa, go to Setup > Company Setup > Users.
- Select Create, then enter the user details for your test user. For Login and Single Sign-On ID, enter the user's email address.
- Select Save.
- Open an incognito browser window and go to your Coupa URL. You will be redirected to the Cloudflare Access login screen and prompted to sign in with your identity provider.
- Once the login is successful, you can configure other users for SSO by adding their email to the Single Sign-On ID field in Setup > Company Setup > Users > user's name.
