| Status | Approved |
| Owner | |
| Stakeholders | |
| LeanIX Link |
Introduction
SAP Ariba is a cloud-based procurement and supply chain management solution that enables organizations to digitally transform their sourcing, procurement, contract management, and supplier collaboration processes. As part of the SAP Business Network, Ariba facilitates seamless integration between buyers and suppliers, promoting transparency, efficiency, and compliance across procurement operations.
In the context of enterprise architecture, SAP Ariba serves as a strategic component for automating and optimizing the Source-to-Pay (S2P) lifecycle. It supports integration with ERP systems (such as SAP S/4HANA or other third-party platforms) through standardized APIs and middleware, ensuring data consistency and process alignment across financial, operational, and procurement domains.
Scope & Objectives
This document defines the architectural scope of the Ariba solution within the SyWay program, focusing on the deployment and integration of Ariba as the central platform for their sourcing, procurement, contract management, and supplier collaboration processes.
The scope includes:
- The technical architecture of Ariba Platform and its supporting components.
- The integration architecture between Ariba and SAP systems.
- The security and connectivity model, including configurations, RFC destinations, and access control mechanisms.
- The deployment model for the Rest of World (RoW) Landscape.
Key Decisions and Requirements
| Description | Rationale |
|---|---|
Terminology
| Term | Description |
|---|---|
| Parent Realm | Use for Strategic Procurement and supplier enablement activities. Acts as a central Hub to :
|
| Child Realm | Use for Operational Procurement activities only (Guided Buying). Can represent subsidiaries / regions / Business units . Acts as subordinate structure to :
|
| Upstream | Refer to all pre-purchase activities as Sourcing / Strategic Sourcing / Supplier Collaboration / Spend Visibility |
| Downstream | Refer to all procurement execution as Purchasing and Ordering (incl. catalog management) / Receipt processing/ Spend Management and reporting. |
| Supplemental Realm | Refer to an additional realm to :
|
Application Architecture
Overview
Application Architecture Components
Ariba Sourcing
SAP Ariba Sourcing is a strategic sourcing solution that enables organizations to manage sourcing events such as RFIs, RFPs, and auctions in a centralized and collaborative platform. It helps procurement teams identify the best suppliers, negotiate optimal terms, and drive cost savings.
Ariba Cloud Integration Gateway (CIG)
The Ariba Cloud Integration Gateway (CIG) is SAP’s standardized integration platform that simplifies and accelerates the connection between SAP Ariba and external systems. It provides a unified framework for integrating Ariba with SAP ERP Platforms, Third party applications or Middleware platforms.
CIG acts as a bridge between Ariba’s cloud services and on-premise or cloud-based ERP systems, enabling seamless data exchange for processes such as purchase order creation, invoice submission, goods receipt, and supplier onboarding.
SAP Cloud Connector
The SAP Cloud connector acts as a reverse invocation proxy to establish network connection between SAP RISE systems and Ariba Cloud Integration Gateway (CIG). Due to its reverse invoke capabilities, the network traffic originates from SAP Cloud connector to SAP Ariba CIG and once the link as been established, data can be exchanged between SAP RISE systems and Ariba. HTTPS or RFC protocols are used between SAP Cloud Connector and S/4HANA, and HTTPS protocol is used between Cloud Connector and SAP Ariba CIG.
A 2 tier landscape will be adopted for SAP cloud connector: non-PRD and PRD. The non-PRD cloud connector will be shared across all non-PRD landscape.
Data Provisioning Agent
SAP Analytics Cloud (SAC) Agent
OpenText Connector
Network Architecture
System Landscape
Ariba will have 3 realms: Supplemental, Test and Production. Each realm will have the following modules: Sourcing, Buying Parent, Buying Child (one for each S/4HANA) and CIG. Ariba is also brownfield system and the landscape will be used for both Production support and SyWay Release 4.
Ariba Sourcing | 745255310-SS-T | 744368466-T | 744368466 |
| Ariba Buying Parent | 745255310-SS-T | 744368466-T | 744368466 |
| Ariba Buying Child (EU) | 745255310-SS-1-T | TBC | TBC |
| Ariba Buying Child (US) | TBC | TBC | TBC |
| Ariba Buying Child (CN) | TBC | TBC | TBC |
| Ariba Business Network | AN11228658404-T | AN11204137717-T | AN11204137717 |
| Ariba CIG | AN11228658404-T | AN11204137717-T | AN11204137717 |
System Access
Application Security
Authentication
Authorisation
SAP Ariba utilizes Role-Based Access Control (RBAC) to manage user access. This means that user permissions are assigned based on their job within the organization. Each group corresponds to a specific set of tasks or responsibilities within the SAP Ariba platform.
- Standard Groups: SAP Ariba provides several standard groups that are pre-configured for typical user needs, such as Procurement Manager, Buyer, Supplier, and System Administrator.
- Custom Groups: Custom groups are tailored to specific needs, allowing for a more granular level of control over user permissions.
Authorization checks related to procurement activities are performed in S/4 HANA using RBAC and then pushed to Ariba.
In Ariba, users can be restricted based on templates specific to a country. A sourcing template is created with the relevant attributes and fields, and access is assigned only to users from the same country. For example, users from the UK or Belgium will be mapped to their respective country's sourcing template.
The sourcing template can also be linked to multiple projects, with each project being assigned to a user as the project owner.
For Ariba Buyer/Supplier, the access design follows the same custom groups, tailored to specific business needs.
Addtional details can be found in Security Approach document.