Preface – This post is part of the SAP Ariba series.

Introduction

According to SAP Ariba, it SSO Architecture is a set up of trust between SAP Ariba and Corporate Identity Provider using SAML 2.0. In this article we will explore SAP Ariba SSO Architecture in detail.

Types of Authentication

SAP Ariba allows buyers and suppliers to login into Ariba Network using two methods:

• Regular User Authentication: Users can manually enter their Ariba Network usernames and passwords on the Ariba Network page.
• Single Sign-On (SSO): When users log in to their Corporate Network, it automatically logs them to Ariba Network when needed.

SSO also requires setup configurations to connect user authentication system to Ariba Network and this is done with the help of network administrators.

Benefits of SSO Architecture:

• Security Control: SSO cab be combined with multi-factor authentication ( MFA ) or users might use portable authentication devices ( like RSA Secure ID) for better security control to access Ariba Network.
• User Experience: Repeated logins are no more required with SSO. As when users login to their Corporate Network they are authenticated to Ariba Network also.
• Account Management: Ariba automatically revokes user’s access to Ariba Network in case they leave the organization.
• It combines with RBA (Risk-Based Authentication): SSO combined with RBA provides insight into user behavior. Security teams are able to monitor the unusual behavior of users, such as multiple login failures and it also gives permission to block the user account in case of security issues.

SAP Ariba SSO Architecture