Enabling SAML will affect all users who use this application, which means that users will not be able to sign-in through their regular log-in page. They will only be able to access the app through the Okta service.
Coupa provides the following backup log-in URL where administrators can sign-in using their normal username and password: https://acme.coupahost.com/sessions/support_login, where https://acme.coupahost.com is your Coupa base URL.
The Okta/Coupa SAML integration currently supports the following features:
For more information on the listed features, visit the Okta Glossary.
Sign in to Coupa as a user with Coupa Administrative rights.
Click on the Setup tab in the top menu:
Several groups of links are displayed, including a group titled Company Setup. In the Company Setup group, click on the Security Controls link:
Scroll down to the Sign in using SAML section and check the Sign in using SAML checkbox, if it is not checked. When checked, new UI elements appear on the page:
Copy the following Metadata, and save as metadata.xml.
Sign in to Okta Admin app to have this variable generated for you.
Click Browse next to Upload Idp metadata to locate and upload the metadata.xml file you just created.
In Okta, select the Sign On tab for the Coupa app, then click Edit.
Set the Default Relay State to: <your-coupa-login-url>/sessions/saml_post
For example: If you sign in to https://acme.coupacloud.com, enter https://acme.coupacloud.com/sessions/saml_post.
Enter one of the following URLs for Your Coupa SAML URL:
Enter one of the following values for Audience URI:
Click Save:
Copy the email address in the Login field to the Single Sign-On ID field, as shown below. The fields must be the same.
Scroll down and select Save in the lower right of the window:
Done!
Open your base Coupa URL.
For example: https://acme.coupahost.com/.