Integrate Coupa with Okta

Follow these steps to integrate Coupa with your Okta org.

  1. Sign in to Coupa as a user with Coupa administrative rights.
  2. Click Setup in the top menu bar.
  3. Click Security Controls in the Company Setup section.
  4. In the Sign in using SAML section, select Sign in using SAML.

  5. In the Admin Console, go to ApplicationsApplications.

  6. Find your Coupa app integration in the apps list and click it.

  7. Click the Sign On tab.
  8. In the Sign on methods section, open the Metadata URL in a web browser.
  9. Copy the XML metadata and save it to a file named metadata.xml. The metadata looks similar to the following: <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="http://www.okta.com/exk9..."> <md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> ... </md:EntityDescriptor>
  10. Return to Coupa. Click Choose File beside Upload IdP metadata. Locate and upload metadata.xml.
  11. Click Edit in the Settings section of the Sign On tab for your Coupa app integration in Okta.
  12. Set the Default Relay State to <your-coupa-login-url>/sessions/saml_post (for example, if you sign in to https://acme.coupacloud.com, enter https://acme.coupacloud.com/sessions/saml_post).
  13. Enter one of the following URLs for Your Coupa SAML URL:
    • For staging environments, enter: https://sso-stg1.coupahost.com/sp/ACS.saml2
    • For production environments, enter: https://sso-prd1.coupahost.com/sp/ACS.saml2
  14. Enter one of the following values for the Audience URI:
    • For staging environments, enter: sso-stg1.coupahost.com
    • For production environments, enter: sso-prd1.coupahost.com
  15. Click Save.
  16. In Coupa, select Users from the All Setup Items menu bar under Setup.
  17. Find the user for whom you want to set SAML as their authentication method. Click the Edit icon (a pencil) in the Actions column for that user.
  18. Copy the email address from the Login field to the Single Sign-On ID field. The values of these fields must be the same.
  19. Scroll down and click Save.
  20. Optional. Set the Single Sign-On ID for more users, if desired.