Skip to Content
Author's profile photo Former Member

Ariba Security User Management

Ariba Security User Management

Introduction

Scope

  • Ariba user management
  • User creation using UI process
  • User creation using the CSV export/Import
  • Ariba groups for Contracts and Auctions

Who needs a user account?

Anyone who will:

  • Log into Ariba Upstream applications in a Suite Integrated Realm
  • Log into Ariba Downstream to Create or approve transactions in P2P

 

Ariba Landscape Strategy – All ERPs

Ariba User creation

  • Ariba user can by created by UI or CSV import using the data load
  • All the users has to be created both in Parent and Child Realms
  • Only Administrators or User admin can create users in the Ariba system
  • Permissions or access to perform system functions, are granted via user group assignments
  • Current preferred option for client is do the user creation with CSV import

Customer Administrator

  • Most powerful group in the system
  • Special group with system administration permissions, including data import/export
  • Each customer should designate a small number of well-trained users to fill this role
  • Customer Administrator is able to see all transactional data in the system

Customer User Admin

  • Manages Users and Groups
  • Generates Passwords
  • Manages profile requests
  • Manage Delegations on behalf of other users

Ariba System Details

 

Ariba User creation with UI

Step1: Login to Ariba.

Step2: click Manage >> Core- Administrator (Child)

 

Step3: User Manager >> User

  • In the UI the “Defined By” field shows:

“AribaManaged” if created directly in UI.

“External” if created by data load via CSV file.

  • Always create the user as external so that the user can be maintained by UI or with CSV in future

 

 

Step4: Click on “Create User” button and fill out all required info.

  • User Id, Name, Email Id and Supervisor are required fields.

  • Now we need to repeat the previous steps in the Parent realm aswell

Step5: Click “Site” >> “XXXXXXX-T” ( notice earlier site was showing “XXXXX Child-T” is changed to “XXXXXXX-T”, it means now you are navigated to Parent realm, this option is only available for system Admins who does the user and catalog data into the system)

  • System will link the child user ID with parent User ID.
  • Note: thru UI user creation we first create the user in child and then in parent, incase of csv file we first load it in parent and wait 15 (to replicate the user in child ) and load it in child
  • The Groups need to be assigned to the user only in Parent realm with the following steps as part of the user creation

Step6: Click on “Groups” tab and select the required roles

 

 

 

Step7: Click on “Invitation” tab and select the checkbox for generating the password and send the login details to user.

Ariba User creation with CSV

  • Step1: click Manage >> Core- Administrator (Parent)
  • Step2: Integration Manager >> Data Export/Import and search for respective load events

  • Step3: Fill in the User consolidated file with the required fields and upload the file for option Import User Data (Consolidated File)

  • Step4: Fill in the Group consolidated file with the required fields and upload the file with option Import User to Group Mapping Data (Consolidated File)

 

Ariba SSO Architecture

System Groups vs Custom groups

System groups (also called “Default” or “Out-of-the-box groups”

  • Preloaded in the Ariba solution with a hard-coded set of permissions/restrictions
  • Impossible to modify or add/remove permissions

How are Custom Groups used?

  • Based on specific customer requirements
  • Have no rights per se, no permissions are associated with custom groups.
  • Must be mapped to one or multiple system groups, in order to inherit a custom set of permissions
  • Utilized for: approval routing; occasionally for customization purposes (validations, field visibility, etc.)
  • Can be used for Catalog Views, even without mapping to system groups
  • It’s possible to map custom groups to other custom groups

Upstream Roles

 

 

Assigned Tags

      3 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo shanthakumar k
      shanthakumar k

      Hi Nagaraju,

      Really appreciate this effort... i was actually searching for the role administration for SAP Ariba and got to know your document on Aruba user administration.

      It would be great if you could share me the ideas of SAP ARIBA ROLE Administration or SAP ARIBA Security

      Author's profile photo Joshah Alencheril
      Joshah Alencheril

      Are APIs available for Ariba security user management?

       

      Author's profile photo Harish Kandregula
      Harish Kandregula

      Hi Nagaraju,

      We are using SAML SSO to authentication and loading the user with CSV. Can we configure Ariba to create users from SAML ( Persistent identifier ) ? so that we don't have to update the users on CIG everyday

      Harish