: Onboard an SAP Ariba App to SSPM
Focus
Focus

Onboard an SAP Ariba App to SSPM

Table of Contents

Onboard an SAP Ariba App to SSPM

Connect an SAP Ariba App instance to SSPM to detect posture risks.
For SSPM to detect posture risks in your SAP Ariba instance, you must onboard your SAP Ariba instance to SSPM. Through the onboarding process, SSPM logs in to SAP Ariba using administrator account credentials. SSPM uses this account to scan your SAP Ariba realm for misconfigured settings. If there are misconfigured settings, SSPM suggests a remediation action based on best practices.
During the onboarding process, you will supply SAP Ariba account credentials to SSPM. SSPM can access the account directly or through the Microsoft Azure identity provider. Having SSPM access the account through Microsoft Azure requires MFA, which adds an extra layer of security.
To onboard your SAP Ariba instance, you complete the following actions:

Collect Information for Connecting to Your SAP Ariba Instance

To access your SAP Ariba instance, SSPM requires the following information, which you will specify during the onboarding process.
ItemDescription
Username
The username or email address of an SAP Ariba administrator account. The format that you use can depend on whether SSPM will be logging in directly to your account or through an identity provider. The account must be registered to the SAP Ariba realm that you want SSPM to scan.
PasswordThe password for the SAP Ariba administrator account.
RealmThe SAP Ariba realm that SSPM will scan for misconfigurations.
If SSPM will be accessing the administrator account directly, you will also be prompted to select the following information:
ItemDescription
FQDNThe fully qualified domain name (FQDN) for connecting to your SAP Ariba instance. For example: s1.ariba.com
If you are using Azure Active Directory (AD) as your identity provider, you must provide SSPM with the following additional information:
ItemDescription
Azure 2FA secretA key that is used to generate one-time passcodes for MFA.
As you complete the following steps, make note of the values of the items described in the preceding tables. You will need to enter these values during onboarding to access your SAP Ariba realm from SSPM.
  1. Identify the SAP Ariba account whose login credentials you will supply to SSPM during onboarding.
    (Required Permissions) The account must have administrator permissions to the SAP Ariba realm that you want SSPM to scan.
  2. Determine whether you want SSPM to log in to the administrator account directly, or through the Microsoft Azure identity provider.
    Using Microsoft Azure adds an extra layer of security by requiring MFA using one-time passcodes. If you do use Microsoft Azure instead of direct login, SSPM requires more information for MFA.
  3. Identify the name of your SAP Ariba realm and FQDN.
    1. Log in to your SAP Ariba realm using the administrator account that you identified earlier.
      After you log in to SAP Ariba, a query parameter of the URL shows your realm name.
    2. From the browser's address bar, locate the realm parameter in the URL.
    3. Make note of the value of the realm parameter. This is your realm name, which you will provide to SSPM during onboarding.
    4. (For direct log in) If SSPM will be accessing the administrator account directly, also make note of the fully qualified domain name that is shown in the browser's address bar. During onboarding, you will be prompted to select the FQDN from a list. Possible FQDNs include s1.ariba.com and s3.ariba.com.

Connect SSPM to Your SAP Ariba Instance

By adding an SAP Ariba app in SSPM, you enable SSPM to connect to your SAP Ariba instance.
  1. From the Add Application page (Posture SecurityApplicationsAdd Application ), click the SAP Ariba tile.
  2. Under posture security instances, Add Instance or, if there is already an instance configured, Add New instance.
  3. Specify how you want SSPM to connect to your SAP Ariba instance. SSPM can Log in with Credentials or Log in with Azure.
  4. When prompted, provide SSPM with the administrator credentials and your realm name. If SSPM will connect to the account by using direct login, select the FQDN for your SAP Ariba instance. If SSPM will connect to the account through Microsoft Azure, specify the information that SSPM needs for MFA.
  5. Connect.