Hi there.
I have a problem. I need to integrate Cloud Identity Services with Ariba and Azure AD so that after authentication I can access the workzone.
Using the authentication conditional, I can authenticate through the user's domain to which Azure Ad belongs. However, with Ariba, I cannot do a conditional as it does not have its own domain, so the solution was to load the IAS with Ariba user data by introducing a group and by identifying this group (which is the same one that will be set in the conditional) you will be able to identify that the user is from Ariba and validate it in Ariba.
However, the load made in IAS may not be the same load that is in Ariba, in which case there may not be a match.

To solve this problem, I would have to insert a landpage in which one button would be for Azure AD (internal users) and another button for Ariba (external users), and by clicking on them I could do the SSO correctly.

However, I am unable to find an example of how to do this, because according to the documentation provided by sap, I have not yet managed to achieve a positive test.

Here is the documentation:
https://help.sap.com/docs/identity-authentication/identity-authentication/use-allow-identity-authent...

I would need some guidance, or some suggestion so that I can solve this problem without having to burden the IAS.

I thought that leaving Ariba as the default in Cloud Identity Services, I would use an external service that can validate me in Azure AD and redirect me to the Portal, without the need to use the IDP in Cloud Identity Services. But also, I couldn't find an example or anything like that.

Any suggestion, idea, or experience (if by chance, you have gone through the same scenario) is very welcome.

Thanks in advance.