Status
Owner	CABELLO MARTOS-ext, Gabino
Stakeholders	The business stakeholders involved in making, reviewing, and endorsing this decision. Type @ to mention people by name
LeanIX Link	Insert the name of the LeanIX Application Factsheet and hyperlink to the factsheet.

Introduction

SAP Ariba is a cloud-based procurement and supply chain management solution that enables organizations to digitally transform their sourcing, procurement, contract management, and supplier collaboration processes. As part of the SAP Business Network, Ariba facilitates seamless integration between buyers and suppliers, promoting transparency, efficiency, and compliance across procurement operations.

In the context of enterprise architecture, SAP Ariba serves as a strategic component for automating and optimizing the Source-to-Pay (S2P) lifecycle. It supports integration with ERP systems (such as SAP S/4HANA or other third-party platforms) through standardized APIs and middleware, ensuring data consistency and process alignment across financial, operational, and procurement domains.

Scope & Objectives

This document defines the architectural scope of the Ariba solution within the SyWay program, focusing on the deployment and integration of Ariba as the central platform for their sourcing, procurement, contract management, and supplier collaboration processes.

The scope includes:

The technical architecture of Ariba Platform and its supporting components.
The integration architecture between Ariba and SAP systems.
The security and connectivity model, including configurations, RFC destinations, and access control mechanisms.
The deployment model for the Rest of World (RoW) Landscape.

List down out of scope items if applicable.

Key Decisions and Requirements

Below table provides the list of non-functional requirements.

Description	Rationale

Terminology

Term	Description
Parent Realm	Use for Strategic Procurement and supplier enablement activities. Acts as a central Hub to : centralize controls and administration (common master data incl. policies / user access / Supplier communication…) manage hierarchical structure (Child realms) manage sourcing
Child Realm	Use for Operational Procurement activities only (Guided Buying). Can represent subsidiaries / regions / Business units . Acts as subordinate structure to : configure, independently from other child, users roles, workflows, policies All the partition data. support transaction management (sourcing/procurement) and use partitioned master data (as suppliers, Cost assignments…
Upstream	Refer to all pre-purchase activities as Sourcing / Strategic Sourcing / Supplier Collaboration / Spend Visibility
Downstream	Refer to all procurement execution as Purchasing and Ordering (incl. catalog management) / Receipt processing/ Spend Management and reporting.
Supplemental Realm	Refer to an additional realm to : perform specific configurations enhance integration : it can be linked to the Parent Realm and ensure seamless data flow and process integration across the organization, even if specific configurations differ. Interfaced with a Dev backend environment

Application Architecture

Overview

Diagram of application architecture that provides an overview of the application, components and integrating applications.

Application Architecture Components

Provide the details of each and every major component used in the Application Architecture. Below are some of the sample application components provided as a reference.

Ariba Sourcing

SAP Ariba Sourcing is a strategic sourcing solution that enables organizations to manage sourcing events such as RFIs, RFPs, and auctions in a centralized and collaborative platform. It helps procurement teams identify the best suppliers, negotiate optimal terms, and drive cost savings.

Ariba Cloud Integration Gateway (CIG)

The Ariba Cloud Integration Gateway (CIG) is SAP’s standardized integration platform that simplifies and accelerates the connection between SAP Ariba and external systems. It provides a unified framework for integrating Ariba with SAP ERP Platforms, Third party applications or Middleware platforms.

CIG acts as a bridge between Ariba’s cloud services and on-premise or cloud-based ERP systems, enabling seamless data exchange for processes such as purchase order creation, invoice submission, goods receipt, and supplier onboarding.

SAP Cloud Connector

The SAP Cloud connector acts as a reverse invocation proxy to establish network connection between SAP RISE systems and Ariba Cloud Integration Gateway (CIG). Due to its reverse invoke capabilities, the network traffic originates from SAP Cloud connector to SAP Ariba CIG and once the link as been established, data can be exchanged between SAP RISE systems and Ariba. HTTPS or RFC protocols are used between SAP Cloud Connector and S/4HANA, and HTTPS protocol is used between Cloud Connector and SAP Ariba CIG.

A 2 tier landscape will be adopted for SAP cloud connector: non-PRD and PRD. The non-PRD cloud connector will be shared across all non-PRD landscape.

SyWay Project > Application Architecture SAP Ariba > Cloud Connector.png

Data Provisioning Agent

SAP Analytics Cloud (SAC) Agent

OpenText Connector

Network Architecture

Optional Section if application requires a network design.

System Landscape

Ariba will have 3 realms: Supplemental, Test and Production. Each realm will have the following modules: Sourcing, Buying Parent, Buying Child (one for each S/4HANA) and CIG. Ariba is also brownfield system and the landscape will be used for both Production support and SyWay Release 4.

Modules / Tier	Supplemental	Test	Production
Ariba Sourcing	745255310-SS-T	744368466-T	744368466
Ariba Buying Parent	745255310-SS-T	744368466-T	744368466
Ariba Buying Child (EU)	745255310-SS-1-T	TBC	TBC
Ariba Buying Child (US)	TBC	TBC	TBC
Ariba Buying Child (CN)	TBC	TBC	TBC
Ariba Business Network	AN11228658404-T	AN11204137717-T	AN11204137717
Ariba CIG	AN11228658404-T	AN11204137717-T	AN11204137717

System Access

Describe how systems will be access by the different end-users.

List down all URL and access details.

Application Security

Authentication

Authorisation

SAP Ariba utilizes Role-Based Access Control (RBAC) to manage user access. This means that user permissions are assigned based on their job within the organization. Each group corresponds to a specific set of tasks or responsibilities within the SAP Ariba platform.

Standard Groups: SAP Ariba provides several standard groups that are pre-configured for typical user needs, such as Procurement Manager, Buyer, Supplier, and System Administrator.
Custom Groups: Custom groups are tailored to specific needs, allowing for a more granular level of control over user permissions.

SyWay Project > Application Architecture SAP Ariba > image-2024-9-22_18-53-58.png

Authorization checks related to procurement activities are performed in S/4 HANA using RBAC and then pushed to Ariba.

In Ariba, users can be restricted based on templates specific to a country. A sourcing template is created with the relevant attributes and fields, and access is assigned only to users from the same country. For example, users from the UK or Belgium will be mapped to their respective country's sourcing template.  

The sourcing template can also be linked to multiple projects, with each project being assigned to a user as the project owner.

For Ariba Buyer/Supplier, the access design follows the same custom groups, tailored to specific business needs.

Addtional details can be found in Security Approach document..

Communication Security

Provide the details of the communication security controls implemented based on the classification

Data Security

Provide the details of the data security controls implemented based on the classification

Other Controls

Provide the details of any other controls implemented based on the classification

Operation Architecture

Change and Configuration Management

Please refer to document DD-TEC-170 Transport Management for Release 4.

Monitoring

This section will include the details related to monitoring enabled for the application (System and Application monitoring)

Sizing

Provide the details of sizing approach and the future recommendations

High Availability & Disaster Recovery

Provide the details of HA and DR. List down related metrics like RPO/RTO and availability SLA.

Backup/Restore

Provide the details of Backup/Restore. You may provide a reference to other document or attach a document, if the section contains lot of content

Maintenance Plan

Provide the details of system and application maintenance plan. This should follow the upgrade strategy

Exceptions

This section covers any exceptions to the reference architecture. Some Applications may have limitations and may not meet the Enterprise Architecture, Reference Architecture and IT Policy guidelines. All exceptions should be included in this section.