• Published on: 09 January 2025
  • Last edited on: 09 January 2025

Set Up Single Sign-On (SSO) with the CSP

Coupa Advanced suppliers can enable a single sign-on (SSO) service to log in to the Coupa Supplier Portal (CSP).

As a Coupa Advanced supplier, you can configure Coupa Supplier Portal (CSP) to connect with your single sign-on (SSO) service to manage your user logins and access. Once configured, your CSP users are required to log in to their accounts using the credentials set with your SSO provider.

Set up SSO for your CSP account

Tip

Download a copy of the Security Assertion Markup Language (SAML) identity provider (IdP) metadata file from your SSO provider.

As a CSP Admin user, you can configure your CSP account to connect with your SSO provider by performing the steps below.

  1. Log in to your CSP account.
  2. Go to Admin > Single Sign On Setup.
  3. For Display Name, type a short label for your SSO connection.
  4. To upload your SAML IdP metadata file from your SSO provider, you can:
    1. Select the file from your computer.
      1. Drag it to the upload area of the page.
    2. Select the Browse button.
      1. Select the file from your computer.
      2. Choose the file to upload.
  5. Select the Save button.

When the metadata file upload process starts, wait for it to complete. During the upload process, you see a green check mark next to the metadata file name with the Entity ID and Primary Certificate information displayed underneath.

When the process is complete, the Single Sign On Setup page refreshes with a green banner confirming that your SSO provider is successfully created. Active shows next to the certificate expiration date and the email address of the user who last modifed the SSO information (shown below).

'Single Sign On Setup' shows in heavy black lettering with a green banner confirming a successful setup with an SSO provider.

Once connected, your users access their Coupa Supplier Portal account through the SSO provider. When they sign in to the CSP from the Login page, they provide their email address and then continue with the login process with the SSO provider. A separate password for the CSP is no longer required.

Update the SSO provider for your CSP account

As a CSP Admin user, you can change the SSO provider or update the provider information that is connected to your CSP account by performing the steps below. You need to remove the existing SSO provider and then set up the new SSO provider.

Tip

Use these steps when you need to update your SSO provider information before the authentication certificate expires.

Warning

When your SSO authentication certificate expires, all users lose access to the CSP account, including the CSP Admin. You need to contact a Coupa support specialist to update your SSO provider information and regain access to your CSP account.

  1. While logged in to your CSP account, go to Admin > Single Sign On Setup.
  2. Select the red Remove button.
  3. From the Please Confirm dialog, select OK.
    Note

    Once removed, the Single Sign On Setup page shows a green confirmation message that the provider is removed, and you can connect your CSP account with another SSO provider. You receive a confirmation email that the SSO provider is removed, and you can create a new connection with a different SSO provider.

  4. From the Single Sign On Setup page, type a short label for your new SSO connection in the Display Name field.
  5. To upload the SAML IdP metadata file for your new SSO provider, you can:
    1. Select the file from your computer.
      1. Drag it to the upload area of the page.
    2. Select the Browse button.
      1. Select the file from your computer.
      2. Choose the file to upload.
  6. Select the Save button.

When the metadata file upload process starts, wait for it to complete. At this point, the process is the same as setting up the previous SSO provider. When the process is complete, the Single Sign On Setup page refreshes with a green banner confirming that your new SSO provider is successful created.

Turn off SSO functionality for your CSP account

As a CSP Admin user, you can temporarily turn off single sign-on (SSO) functionality for your CSP account by performing the steps below.

  1. While logged in to your CSP account, go to Admin > Single Sign On Setup.
  2. Select the gray Disable button.
  3. From the Please Confirm dialog, select OK.

Once turned off, the Single Sign On Setup page shows a green confirmation message that the functionality is disabled. You receive a confirmation email that the SSO functionality is turned off. Inactive shows next to the SSO provider information (shown below).

'Single Sign On Setup' shows in heavy black lettering with a green confirmation banner that SSO is turned off.

The users of your CSP account need to reset their passwords. When they go to the CSP Login page, they need to provide their email address and a separate password to access the account.