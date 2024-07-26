Connect to Zoom through Access

This guide covers how to configure Coupa External link icon Open external link as a SAML application in Cloudflare Zero Trust.

An identity provider configured in Cloudflare Zero Trust

configured in Cloudflare Zero Trust Admin access to a Coupa Stage or Production account

​​ 1. Add a SaaS application to Cloudflare Zero Trust

In Zero Trust External link icon Open external link , go to Access > Applications. Select Add an application > SaaS > Select. For Application, enter Coupa and select the corresponding textbox that appears. For the authentication protocol, select SAML. Select Add application. Fill in the following fields: Entity ID : sso-stg1.coupahost.com for a stage account or sso-prd1.coupahost.com for a production account

: for a stage account or for a production account Assertion Consumer Service URL : https://sso-stg1.coupahost.com/sp/ACS.saml2 for a stage account or https://sso-prd1.coupahost.com/sp/ACS.saml2 for a production account

: for a stage account or for a production account Name ID format: Email Copy the Access Entity ID or Issuer and SAML Metadata Endpoint. In Default relay state, enter https://<your-subdomain>.coupahost.com/sessions/saml_post . Select Save configuration. Configure Access policies for the application. Select Done.

​​ 2. Download the metadata file

Paste the SAML metadata endpoint from application configuration in Cloudflare Zero Trust in a web browser. Follow your browser-specific steps to download the URL’s contents as an .xml file.

​​ 3. Add a SAML SSO provider in Coupa

In Coupa, go to Setup > Company Setup > Security Controls. Under Sign in using SAML, turn on Sign in using SAML. In Upload IdP metadata, select Choose File, and upload the .xml file you downloaded in step 2. Download the metadata file . Turn on Advanced Options. For Sign in page URL and Timeout URL, enter https://sso-stg1.coupahost.com/sp/startSSO.ping?PartnerIdpId=<access-entity-id-or-issuer>&TARGET=https://<your-subdomain>.coupahost.com/sessions/saml_post using the Access Entity ID or Issuer from application configuration in Cloudflare Zero Trust. Select Save.

​​ 3. Create a test user and test the integration

In Coupa, go to Setup > Company Setup > Users. Select Create, then enter the user details for your test user. For Login and Single Sign-On ID, enter the user’s email address. Select Save. Open an incognito browser window and go to your Coupa URL. You will be redirected to the Cloudflare Access login screen and prompted to sign in with your identity provider. Once the login is successful, you can configure other users for SSO by adding their email to the Single Sign-On ID field in Setup > Company Setup > Users > user’s name.