Coupa user accounts may now be synchronized from Coupa to Risk Assess. The Risk Assess User Sync feature allows Coupa customers with a Risk Assess license to sign in once to access the Risk Assess application. User Sync provides an integrated and seamless experience for users who navigate between multiple Coupa applications.
How it works
Risk Assess User Sync allows Coupa administrators to synchronize user accounts from Coupa to Risk Assess.
User accounts only synchronize one way—from Coupa to Risk Assess.
Link Coupa tenant to Risk Assess
First, we must enable Risk Assess on the Configure Entitlements page. On your Coupa instance, go to /entitlements > scroll down to Supplier > click Enable Risk Assess.
Next, we must create a new OIDC client. Go to Setup in the navbar > Open Connect clients under Company Setup.
Click the Create button at the top of the page. Give the client an appropriate Name and fill in the Redirect Uris with the Risk Assess environment you wish to configure with SSO.
The Redirect Uri is case sensitive and must include the HTTP/HTTPS protocol.
Now, we must configure the Risk Assess server on the Support page.
On your Coupa instance, go to /support > scroll down to Coupa Risk Assess (CRA) Configurations
Enter the Risk Assess server URL (e.g., https://rportal.hiperos.com/Account/Login?) and source_url (e.g., https://example.coupahost.com) formatted like the following: https://rportal.hiperos.com/Account/Login?source_url=https://example.coupahost.com
The source URL is case-sensitive and must include the HTTPS protocol.
Risk Assess is now enabled on this Coupa instance and the Risk Assess server is now configured. Now, we must create a Coupa user in Setup.
Create a user in Coupa
To create a user in Coupa, go to Setup > Company Setup > Users. Click the Create button to begin creating a Coupa user. Complete in the required fields under User Details, then select the following fields:
|Licensing > Risk Assess license||This field synchronizes the user's Coupa account with the user's Risk Assess account. If the user does not previously have a Risk Assess account, an account will be created.|
|Roles > Risk Assess User||This field is required for all Risk Assess users.|
|Roles > Admin OR User||Select either Admin or User depending on their role in Risk Assess.|
Click the Create button to complete your user. Please ensure the new user has Risk Assess role ID assigned. For example:
- Risk Assess role name: Risk Assess User
- Role ID: 166
Click the Create button at the bottom of the page to finish creating your new user account. Upon creation of the new user account, the User Sync feature automatically creates a Risk Assess account that is linked to that user's Coupa account.
Coupa users with a Risk Assess license may access Risk Assess at Suppliers > Risk Assess in the navigation bar.
View user in Risk Assess
In Risk Assess, go to Admin > User Management and Security > User Management to view the User grid. Search any of the fields for the newly synchronized user account.
Only active users are visible in this grid.
The newly synchronized Risk Assess user account is not editable within Risk Assess. To update this user account, all changes must be made in the user's Coupa account.
The following fields are referenced between Coupa user accounts and Risk Assess user accounts listed in order of precedence:
- Coupa ID*
- First Name
- Last Name
- Business Phone Number
- Address: Street1, Street2, City, State, Postal Code, and Country Code
*Coupa ID is not visible in the User grid.
Functionality changes with User Sync
The following changes in functionality only apply to tenants and users with User Sync enabled. These changes do not apply to standalone Risk Assess customers.
Login and password management
User accounts that are synced from Coupa Core required to log in via Coupa Core. In addition, non-Coupa direct SSO is disabled for tenants.
Security Policy update
The following settings are not visible in User Management and Security > Security Policy for tenants with User Sync enabled:
- Single Sign-On Required
- SSO Logout URL
In addition, Risk Assess admins now see a warning banner displayed on the Security Policy page that lists the following settings that only apply to external users:
- Number of Failed Login Attempts
- Number of Different Passwords
- Password Active Duration (days)
- Password Minimum Length
- Password Strength
- Session Timeout (minutes)
- Account Activation Timeout (days)
- Use Account Activation Timeout on Password Reset
- Number of Secret Question Attempts
- Minimum Password Changes (hours)
- Default Username in Deep Link
- Use Security For Reporting Categories?
- Approved Internal Domains?
- View All Reporting Data?
- Password Reset Link Duration (hours)
- Single Sign On Required For External Users