-
What is SAP Ariba? Overview & landscape
-
Key Ariba modules and business processes
-
Ariba Cloud architecture
-
SAP Ariba Integration basics (ERP connectivity)
-
Security fundamentals (confidentiality, integrity, availability)
-
Cloud security models (IaaS, PaaS, SaaS)
-
Shared responsibility model
-
Authentication concepts in Ariba
-
Username/password
-
Single Sign‑On (SSO) basics
-
-
Identity Providers (IdP) — SAML, OAuth
-
Digital certificates
-
Ariba Access Control
-
What is SSO? Benefits & flow
-
SAML 2.0 based SSO for Ariba
-
Setup steps for SSO
-
Configure Ariba as a Service Provider (SP)
-
Configure identity provider (Azure AD, OKTA, ADFS)
-
Import certificates
-
Test & troubleshoot
-
-
Role of Metadata XML
-
User lifecycle in Ariba
-
Creation, modification, deactivation
-
-
Integration with Identity Management tools (e.g., SAP IDM, Azure AD)
-
Just‑in‑Time provisioning
-
Automated provisioning via SCIM (if supported)
-
Concepts of roles, permissions, and access control
-
Ariba role hierarchy
-
System roles
-
Application roles
-
Custom roles
-
-
Best practices for roles & segregation of duties (SoD)
-
Authorization objects & security settings
-
Permission sets in Ariba modules
-
Ariba Workflows vs. Security Policy
-
Restricting access to data & actions
-
Ariba Network security model
-
Buyer & supplier onboarding security
-
Transaction encryption & secure data transmission
-
Network access rules & endpoint restrictions
-
Ariba APIs & Web Services security
-
API key management
-
OAuth token lifecycle
-
Connectivity security (HTTPS, certificates)
-
Data classification
-
Encryption at rest & in transit
-
GDPR & data privacy implications in Ariba
-
Archiving & retention controls
-
System logs & audit trails
-
User activity monitoring
-
Detecting anomalies & suspicious access
-
Log retention best practices
-
CIS/industry recommendations
-
Password policies, MFA
-
Session timeouts
-
IP whitelisting
-
Security incident lifecycle
-
Ariba support roles in incident handling
-
Steps to identify & mitigate breaches
-
Compliance requirements (SOX, ISO 27001)
-
Security governance frameworks
-
Periodic reviews & certification readiness






















