The process for setting security policies is:
- Navigate to the Admin tab.
- The Administration page will display. Select the “Security Policy” link under the User Management and Security grouping.
- The Security Policy page will display. Select Edit.
- Make the desired updates.
- Click Save to save the policy settings.
For internal users who are using SSO, the only Security Policy option that applies is Session Timeout (Minutes). All other Security Policy configuration options will be managed under the client’s SSO policy.
The Group Management section provides the capability to create and/or manage groups of users. Groups can be used to grant or deny permissions to a group of users with a single permissions definition. This greatly simplifies maintenance of permissions for a large number of similar users.
- Group Name (display name for the user group)
- Description (brief explanation of the purpose of the group)
- Available Users (list of available users who can be assigned to groups - prepopulated selection list of all User that have been defined for this client
- Selected Users Member (user who have been assigned to the group)
Creating User Groups
The process for creating user groups is:
Navigate to the Admin tab.
The Administration page will display. Select the “Group Management” link under the User Management and Security grouping.
The Group Management page will display. Select New.
Enter all required fields and any optional fields you wish.
Click Save to save the user group.
User Group records can also be created by importing the data via spreadsheets. Refer to the Integration – User Group Import section of this document for detailed instructions on importing supplier records.
- The Admin View ActionItems group is a special group used to grant administrator users (who have been designated as the default site administrator for the client) access to the User Management features to manage a user’s Action Items and Action Plans.
- The HelpDesk group is a special group used to grant administrator user permission to manage users.
Custom admin groups with restricted access to admin links
Administrators have the ability to create custom groups, with access to a specific subset of Admin links. Once the group has been created, Administrators can provision users to these groups.
To create a Custom Admin Group within the application, the Admin user will need to first download the Custom Admin Group Request Form, located under the Resources tab > Libraries subtab > Reference Guides folder.
Within the Custom Admin Group Form, the Admin user must specify a name for the custom group, the application environment (Test or Prod) in which the group should be created, and the Admin functions that should be restricted for users who are not members of the custom admin group. Once the Custom Admin Group Form is completed, the Administrator should submit it in a support ticket to Coupa Customer Support, then create the custom group with the specified name. Customer Support will then advise when the new custom group is functional in the specified environment(s).
Once the group has been created, Admin users can be added to it.
The Admin function restrictions defined by the Administrator only affect users who are not members of the specified custom admin group. Users who are not members will have full access to the selected areas. These same restrictions apply to users who are Administrators. The custom admin group should be created in the application environment(s) specified prior to the Custom Admin Group Form being submitted. This custom admin group will act independently of System Permissions settings.
Report Security Category
The Report Security Category section provides the ability to provision access to reporting categories and subcategories to specific user groups.
- Category (reporting category - primary object for the view -prepopulated with the valid report categories that have been defined for the client)
- Subcategory (reporting subcategory - equals the secondary object for the view -prepopulated with the valid report subcategories that have been defined for the client)
- Available Groups Access (list of available users groups that can be given access to reports - prepopulated selection list of all User that have been defined for this client
- Selected Groups Access (groups who have been granted access rights to the report category/subcategory)
Used in conjunction with the Use Security For Reporting Categories configuration option defined in the security policy. These report security categories provide access to reporting for only those users who are members of the groups that are included in them. Users who do not belong to one or more of the groups included in one or more of the report security categories will not have access to any reporting features.
The process for creating report security categories is:
- Navigate to the Admin tab.
- The Administration page will display. Select the “Report Security Category” link under the User Management and Security grouping.
- The Report Security Category page will display. Select New.
- Enter all required fields and any optional fields you wish.
- Click Save to save the user group.
This administrative view lists logged activities, such as successful logins. Each logged activity can display data such as the username and full name of the user, the activity type, start date and time, and end date and time of the activity.