Coupa - SSO configuration
Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk.
This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Coupa using MPAS. SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials. This integration enhances security and improves user experience across your organization.
To set up Multi-Pass with Coupa, ensure you meet the following requirements:
- Coupa admin rights
- MPAS Admin rights
- Make sure that all users intended to use SSO in Coupa are registered in your IdP and have the necessary permissions to access Coupa.
Important: Custom elements in URLs (like realm names) are case sensitive. Make sure to match the exact casing from your environment.
Coupa - SSO configuration
Step 1 - Configure Coupa as the Service Provider (SP)
- Log into Coupa as an Administrator.
- Browse to Setup,
- Company Setup, Select Security Controls
- Click on Sign in using SAML.
- Download the Coupa SP metadata XML.
- Upload the Multi-Pass Tenant XML file.
- The steps to get the XML file will be describe in the steps below
- Click Save and Enable.
SP Values
| Field | Value |
|---|---|
| Entity ID | https://<COUPA_SUBDOMAIN>.coupahost.com |
| Assertion Consumer Service (ACS) URL | https://<COUPA_SUBDOMAIN>.coupahost.com/sp/acs.saml2 |
Step 2 - Configure Multi-Pass as the Identity Provider (IdP)
- Select the correct tenant and go to Integrations > Applications.
- Select SAML in the custom integration section.
- Complete the SAML setup with the following values:
IdP Setup
| Field | Value |
|---|---|
| Client ID (= SP Entity ID) | https://<COUPA_SUBDOMAIN>.coupahost.com |
| Name | coupa |
| Description | Coupa SSO integration |
| Assertion Consumer Service URL | https://<COUPA_SUBDOMAIN>.coupahost.com/sp/acs.saml2 |
| NameID Policy Format |
- Click Download Tenant XML Data and save the file locally.
- Click Add integration.
- Click Advanced Console.
- Select Clients and search for Coupa.
- Review the following configuration sections:
General settings
| Field | Value |
|---|---|
| Client ID | https://<COUPA_SUBDOMAIN>.coupahost.com |
| Name | Coupa |
| Description | Coupa SSO integration |
| Always display in UI | ON |
Access settings
| Field | Value |
|---|---|
| Home URL (IdP-initiated) | https://ca.auth.kzero.com/<TENANT_NAME>/protocol/saml/clients/<APP_NAME> |
| Valid Redirect URIs (ACS) | https://<COUPA_SUBDOMAIN>.coupahost.com/sp/acs.saml2 |
| IDP-Initiated SSO URL Name | <APP_NAME> |
SAML Capabilities
| Setting | Value |
|---|---|
| Name ID Format | |
| Force Name ID Format | ON |
| Force POST Binding | ON |
| Include AuthnStatement | ON |
Signature & Encryption
| Setting | Value |
|---|---|
| Sign Documents | ON |
| Sign Assertions | ON |
- Now that you have checked the different parameters, change to the tab called Keys.
- Make sure that both parameters are switched to OFF.
- Now go to the Advanced tab.
- The field Assertion Consumer Service POST Binding URL must equal the Valid Redirect URIs (ACS).
Related Articles
SAML SSO Integration Guide
This guide provides an overview of how to configure SAML Single Sign-On (SSO) between Multi-Pass and a third-party Service Provider (SP). Multi-Pass acts as the Identity Provider (IdP) in this federation model. Multi-Pass is working on SCIM support ...D2L Brightspace - SSO Integration
This application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a step-by-step guide to ...Mulesoft - SSO Integration
This application has been formally tested by Kelvin Zero Inc. This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Mulesoft using Multi-Pass. SSO simplifies user authentication by allowing access to multiple ...Notion - SSO configuration
Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a ...Heap - SSO configuration
Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a ...