How to Integrate SAP Cloud Identity Access Governance with SAP Ariba
This post is a follow up post to the blog post Integrating SAP Ariba solutions with SAP Cloud IAG published by our colleague Sonia Petrescu. So, I recommend visiting that blog post first if you are new to this concept.
In this blog post you are going to learn all the steps needed to successfully setup the destination. There are few actions to be performed from SAP Ariba side to setup the destination in SAP Business Technology Platform cockpit (previously called as SAP Cloud Platform)
Prerequisite: SAP Ariba administrator or knowledge in SAP Ariba is preferred to do this setup.
Information needed to setup
- SAP Ariba Master Data Native Integration (MDNI) activation
- Master Data Native Integration (MDNI) Endpoint creation
- SAP Ariba Open API Key
- Constant parameters
1. SAP Ariba MDNI Activation
This feature is “off” by default. This feature is needed for user/group retrieval and provisioning. To enable this feature, you have to raise a service Request against SAP Ariba to have this feature turned on.
A Service request should include the following details
-Mention MDNI api enablement
2. Create MDNI End Point
Create MDNI end point on the realm:
- Open Buyer Service Manager and open customer realm
- Click Integration Manager > Endpoint Configuration
- Click Create New
- Type in MDNI as the name, setup Login and Password (Basic Authentication)
Customer Admin can later get into the same screen to change the password. Name can also be MDNIinbound, or any other name.
- Click Save
This is the User/password you have maintain in the destination for Ariba system in SAP Cloud BTP cockpit.
Set the parameter to associate the newly created end point for MDNI:
- Click Customization Manager > Parameters
- Search for Application.Messaging.Channels.WS.MDNIntegrationEndPoint
- Set the value to MDNI (from step 4 when creating end point)
If there is an existing value, this means an MDNI end point has been previously created
- Click Save
Register MDNI to microservice:
- Click Site Manager > Scheduled Tasks
- Search for NativeIntegrationConfigPushEvent
- Make sure the scheduled task is configured for example 10mins.
3. SAP Ariba Open Api Key
Prerequisite: You need access to developer portal access (developer.ariba.com). If you do not have access, please sign up and below is the process.
- Sign up from Developer portal (developer.ariba.com)
- It creates an Service Request to the team “Connect_support”.
- Once it is assigned to engineer, they will contact you
- Service Request engineer will share the account creation Invite with you.
- Once you register or create account , Internal team will approve the account.
- After the account is approved , you are ready to create an API.
After you signed in successfully, create a new application to generate the API Key. You have to generate the API key for each tenant id, if you have more than one including parent and child. Once the below process is completed, you will get the API Key. Use this key in destination.
What is the URL need use for MDNI?
Below table gives URL to be used for Respective Data Centers.
5. Constant Parameters
You need to manually add the below property fields in ‘Additional Properties’ section by using the New Property button.
The fetchUsers and fetchGroups SOAP API calls are used to read the users and groups from SAP Ariba via MDNI
uploadXMLUserData is used for provisioning requests (user creation and group assignment) to SAP Ariba.
apiKey and serviceURL are used to check the status of the provisioning requests.
tenantId – This is the tenant id you used to generate the API key.
|apiKey||Generated API Key from Step 3|
Based on Data Center,
|tenantId||AN-Id provided as part of the Ariba system, For ex AN01234567-T|