cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
dwampach1
By Level 8 Flexeran
Level 8 Flexeran

Flexera's SaaS Management integration with Coupa has been enhanced with the more secure authentication method OAuth2 with Client Credentials. Beginning with Release 35 (January 2023), Coupa will no longer support API keys and instead require the use of the more secure authentication method OAuth2 with Client Credentials. The following details will help you prepare for the Expense (Coupa) integration enhancement.

Action Required for New SaaS Management Integrations with Expense (Coupa)

You must grant permissions using the Coupa Integration Admin role with the generated Client ID and Client Secret values as described in Actions Required for Existing SaaS Management Integrations with Expense (Coupa).

Actions Required for Existing SaaS Management Integrations with Expense (Coupa)

Due to SaaS Management's migration from the token-based authentication method to OAuth2, existing Expense (Coupa) integrations will fail due to a 401 Unauthorized Error. Once the Expense (Coupa) integration tasks start failing, you must reauthorize the Expense (Coupa) integration using the Coupa Integration Admin role with the generated Client ID and Client Secret values as described below.

Minimum Permissions Required

Minimum API required permissions are based on the Application Permission and User Role.

Application Permission

Table -1 • Application Permission

Permission

Description

Integration Task Name

core.user.read To read the list of users in your Coupa account Application Roster
core.expense.read To read the Expense data in your Coupa account Expense Discovery

User Role

Table -2 • User Role

Role

Description

Integration Admin

To grant the application permissions, the user must have Integration Admin access. For details, refer to Coupa’s documentation section OAuth 2.0 Getting Started with Coupa API.

Obtaining Client Credentials

Log in to Coupa as an Integration Admin to create an OAuth2/OIDC client with the client credentials grant type. Once configured, the Client ID and Client Secret values are used to gain access to the Coupa API.

  1. To set up your Coupa instance with a new connection, go to Setup > Oauth2/OpenID Connect Clients. To navigate quickly to this page, type “oauth” in the Search box.
  2. Complete the following on Coupa’s Oauth2/OpenID Connect Clients page:
    1. Click Create.
    2. For Grant Type, select: Client credentials.
    3. Specify a name for the Client, Login, Contact info, and Contact Email fields.
    4. Select the Scopes as mentioned in the Application Permission section. Scopes are available for review at https://{your_instance_address}/oauth2/scopes.
    5. Click Save. Saving the client gives you values for the Client Identifier and Client Secret, which are needed to gain access to the API Scopes you have defined for it.
    6. Copy the Client Identifier, which is the Client ID and click Show/Hide to display and copy the Client Secret.
  1. Paste the Coupa Client ID and Client Secret values in SaaS Management as mentioned in the Expense (Coupa) integration instructions section Integrating Coupa with SaaS Management

Additional Resources

More information on new features and enhancements can be found in What's New in Flexera One.