Skip to Content
Technical Articles
Author's profile photo Prem Balraj

How to Integrate SAP Cloud Identity Access Governance with SAP Ariba

This post is a follow up post to the blog post Integrating SAP Ariba solutions with SAP Cloud IAG published by our colleague Sonia Petrescu. So, I recommend visiting that blog post first if you are new to this concept.

In this blog post you are going to learn all the steps needed to successfully setup the destination. There are few actions to be performed from SAP Ariba side to setup the destination in SAP Business Technology Platform cockpit (previously called as SAP Cloud Platform)

*This is for Ariba V1 integration scenario only*

Prerequisite: SAP Ariba administrator or knowledge in SAP Ariba is preferred to do this setup.

Information needed to setup

  1. SAP Ariba Master Data Native Integration (MDNI) activation
  2. Master Data Native Integration (MDNI) Endpoint creation
  3. SAP Ariba Open API Key
  4. Tenant-ID
  5. URL
  6. Constant parameters

1. SAP Ariba MDNI Activation

This feature is “off” by default. This feature is needed for user/group retrieval and provisioning. To enable this feature, you have to raise a service Request against SAP Ariba to have this feature turned on.

A Service request should include the following details

-Realm

-Mention MDNI api enablement

2. Create MDNI End Point

Create MDNI end point on the realm:

  1. Open Buyer Service Manager and open customer realm
  2. Click Integration Manager > Endpoint Configuration
  3. Click Create New
  4. Type in MDNI as the name, setup Login and Password (Basic Authentication)
    Customer Admin can later get into the same screen to change the password. Name can also be MDNIinbound, or any other name.
  5. Click Save

This is the User/password you have maintain in the destination for Ariba system in SAP Cloud BTP cockpit.

Set the parameter to associate the newly created end point for MDNI:(Done by SAP Ariba team)

  1. Click Customization Manager > Parameters
  2. Search for Application.Messaging.Channels.WS.MDNIntegrationEndPoint
  3. Set the value to MDNI (from step 4 when creating end point)
    If there is an existing value, this means an MDNI end point has been previously created
  4. Click Save

Register MDNI to microservice: (Done by SAP Ariba team)

  1. Click Site Manager > Scheduled Tasks
  2. Search for NativeIntegrationConfigPushEvent
  3. Make sure the scheduled task is configured for example 10mins.

3. SAP Ariba Open Api Key

Prerequisite: You need access to developer portal access (developer.ariba.com). If you do not have access, please sign up and below is the process.

  1. Sign up from Developer portal (developer.ariba.com)
  2. It creates an Service Request to the team “Connect_support”.
  3. Once it is assigned to engineer, they will contact you
  4. Service Request engineer will share the account creation Invite with you.
  5. Once you register or create account , Internal team will approve the account.
  6. After the account is approved , you are ready to create an API.

After you signed in successfully, create a new application to generate the API Key. You have to generate the API key for each tenant id, if you have more than one including parent and child. Once the below process is completed, you will get the API Key. Use this key in destination.

API%20Key%20generation

API Key generation

Process

Process

4. URL

What is the URL need use for MDNI?

Answer

Below table gives URL to be used for Respective Data Centers.

Data Center URL
EU https://eu.mu.ariba.com
US https://mu.ariba.com


5. Constant Parameters

You need to manually add the below property fields in ‘Additional Properties’ section by using the New Property button.

The fetchUsers and fetchGroups SOAP API calls are used to read the users and groups from SAP Ariba via MDNI

uploadXMLUserData is used for provisioning requests (user creation and group assignment) to SAP Ariba.

apiKey and serviceURL are used to check the status of the provisioning requests.

tenantId – This is the tenant id you used to generate the API key.

 

apiKey Generated API Key from Step 3
fetchGroups /mdni/erpintegration/api/fetchGroups
fetchUsers /mdni/erpintegration/api/fetchUsers
objectName User
serviceURL

Based on Data Center,

https://openapi.ariba.com/api/mds-integration-job/v1/prod/integrationJobs? or

https://eu.openapi.ariba.com/api/mds-integration-job/v1/prod/integrationJobs?

tenantId AN-Id provided as part of the Ariba system, For ex AN01234567-T
uploadXMLUserData /mdni/erpintegration/api/uploadXMLData

Assigned Tags

      7 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Sudhansu Sekhar Suna
      Sudhansu Sekhar Suna

      Very good Content with detailed steps. Thanks for sharing.

      Author's profile photo Rajendra Kumar
      Rajendra Kumar

      Hi Prem

      Nice Blog.

      But also can you please update information with respect to other data centers such as AU,RU,KSA etc ... (URL and service URL )

      Thanks

      Author's profile photo Prem Balraj
      Prem Balraj
      Blog Post Author

      https://connectsupport.ariba.com/sites#item-view&/188503

      Author's profile photo Nidhi Kumari
      Nidhi Kumari

      Hello Prem,

      Thank you for detailed blog.

      Could you please share some details to map GRC custom fields with fields in Ariba e.g.'Plant' in IAG bridge scenario.

      Author's profile photo Prem Balraj
      Prem Balraj
      Blog Post Author

      Hi Nidhi,

      Custom fields are not supported in Ariba now.

      Thanks,
      Prem

      Author's profile photo Muthukumar .
      Muthukumar .

      Hi Prem,

      Thank you for detailed blog.

      As per latest IAG Release, ARIBA integration with IAG using MDNI is marked as Deprecated. does that mean going forward we should not use MDNI scenario and should go for only ARIBA V2 (Integration using IPS) Scenario?

      Author's profile photo Prem Balraj
      Prem Balraj
      Blog Post Author

      Hi Muthu,

      Thank for bringing up. I will update this blog. We are encouraging all new customers to go to V2 only. Existing customers can move to V2 as well.

      Thanks,

      Prem