Single sign-on (SSO) is a property of access control that allows end users to log in with a single ID and password to gain access to a connected system or systems without using different usernames or passwords. SSO is very helpful to most organizations and is easy to implement and use. Implementing SSO allows to reduce password fatigue from different username and password combinations, reduce time spent re-entering passwords for the same identity and also reduce IT costs due to lower number of IT help desk calls about passwords in general. In this certification, we will focus on SSO using SAML
Coupa supports the use of SAML 2.0 (Security Assertion Markup Language) for SSO (Single Sign On) support between Coupa and a Identity Management platform.
- User visits a web page on their Coupa instance
- Coupa redirects user to the Identity Provider’s Federation server for authentication
- The Identity Provider returns a web page directing user's browser to post the SAML response to a Coupa-provided URL
- Coupa verifies the response. Upon success, the authenticated user will not be required to re-authenticate with the Identity Provider until the session times out. The session timeout can be configured by an administrator
As an Identity provider, as long as you support SAML 2.0 protocol, you should be able to provide configure SSO into Coupa. SAML 2.0 specifications: http://saml.xml.org/saml-specifications. Note that Coupa supports both SP-Init-SSO as well as IDP-Init-SSO. For details on how to enable SSO on a Coupa instance please refer to the solution guide.