Skip to main content

Setting Up SecurityScorecard Integration with SAP Ariba Supplier Risk

Cor Bader
  • Updated

    Overview

    This article walks you through the required steps and prerequisites to successfully install and configure the SecurityScorecard (SSC) integration with SAP Ariba Supplier Risk. This integration allows automatic syncing of supplier data and security ratings between the two platforms to enhance your vendor risk management workflows.

    Prerequisites

    Before starting installation, ensure the following:

    • Active Subscription to both:
      • SAP Ariba Supplier Risk
      • SecurityScorecard 
    • Access to:
      • SAP Integration Suite
      • SAP Ariba Developer Portal
    • Membership in the Ariba Supplier Risk Manager group
    • API keys and OAuth credentials from the SAP Ariba Developer Portal
    • The Zip package which contains the preconfigured iFlows and artifacts.
      • How to Get It: The integration ZIP files will be provided upon request by your SecurityScorecard account team. Please contact your account manager or support to receive the latest version.

    Installation Steps

    Step 1: Install the Integration Package

    1. Open SAP Integration Suite
    2. Go to Design → Integrations and APIs
    3. Click Import in the top-right corner
    4. Upload the ZIP package provided by SecurityScorecard

    Step 2: Configure iFlows

    There are two workflows that require configuration for bi-directional data flow.

    Supplier Enrichment iFlow (SAP Ariba ➡️ SSC)

    1. Navigate to Design → Integrations and APIs

    2. Open the SSC-Ariba package → Artifacts tab

    3. Find “Supplier Enrichment” and click Actions → Configure

    4. Fill in configuration values (e.g., ARIBA_BUYER_ANID, SSC_API_KEY)

    5. Click Save then Deploy

    Security Scores Enrichment iFlow (SSC ➡️ SAP Ariba)

    1. In the same Artifacts tab, select “Security Scores Enrichment

    2. Click Configure  and enter required credentials

    3. Click Save, then Deploy

    Step 3: Set Up Timers

    Set your desired sync frequency (every 24 hours recommended)

    Ensure a minimum 30-minute gap between the two iFlows

    Step 4: Create Custom Risk Fields

    1. Go to Supplier Risk Admin Settings → Configure Risk Exposure

    2. Create a new draft template

    3. Navigate to Field Configurations → Add Custom Field

    4. Add fields for SSC risk factors (e.g., SSC_OVERALL_SCORE, SSC_ENDPOINT_SECURITY)

    To configure custom fields in Ariba Supplier Risk, consult the "Custom Fields" section of the "Setting Up SAP Ariba Supplier Risk" guide.

    Tip:Set the “Category Weights” and thresholds for High/Medium/Low exposure per your risk model.

    Configure Category Weights

    The “Category Weights” tab allows you to set the relative importance of each risk category in the overall risk exposure measurement. On the right side, you can define the minimum and maximum thresholds for each risk category. These thresholds determine the classification of risk exposure levels as High, Medium, or Low.

    Refer to the recommended values in the image below to align with the High, Medium, and Low risk levels.

    Use the suggested values below to ensure optimal alignment with the SecurityScorecard scores.

    The weights above are based on how the eleven SecurityScorecard Risk Factor scores are mapped to the three Ariba Supplier Risk Exposure categories.

    Create Custom Risk Fields for SecurityScorecard Scores

    Steps to create custom fields:

    1. Navigate to the “Field Configurations” tab.

    1. Scroll to the bottom and click the “Add Custom Field” button.

    1. Use the details provided in the table below to create eleven custom Supplier Risk fields to display SecurityScorecard risk information for a supplier.

    Save and Activate the Custom Risk Exposure Template Configuration

    Note: Use the values that suit your own risk evaluation process, figures mentioned above aren’t absolute recommendations.

    Ensure SSC Enrichment 

    The enrichment flow from SecurityScorecard (SSC) to SAP Ariba is designed to automatically populate supplier profiles in Ariba with up-to-date security ratings. This enables better-informed decisions when onboarding or reviewing vendors. However, to ensure the most accurate enrichment, especially in large or complex supplier ecosystems, it’s important to understand how SSC attempts to match supplier data to scorecards.

    How Supplier Matching Works

    SSC uses a matching logic based primarily on supplier domain names. If a supplier’s domain is available and valid, the enrichment flow can confidently associate that supplier with its corresponding scorecard in SecurityScorecard.If a domain is not available (which is common if the supplier profile in SAP Ariba lacks this field), the integration uses secondary identifiers, such as: Company name and other business metadata. This fallback method can work but is inherently less reliable, leading to potential mismatches or missed enrichment.

    To maximize enrichment accuracy, we strongly recommend adding a custom field to your SAP Ariba registration process to explicitly collect the supplier’s primary domain. Here's how:

    1. Go to Manage → Templates in SAP Ariba Sourcing.

    1. Select the Supplier Registration Project Template.
    2. If the template is active, first mark it Inactive to make edits.

    1. Edit the Documents section and locate the Supplier Registration Template.

    1. In Content, click Add to create a new field.

    1. Configure the field to collect the supplier’s domain (e.g., www.example.com).
    2. In the Supplier field mapping, make sure the field maps to a recognizable key used by your integration logic (e.g., supplierDomain).
    3. Save and Publish the updated template.

    Note: Ensure that the field “Supplier field mapping” has the same value which is shown in above image.

    Step 5: Disable Default Risk Fields

    Set Ariba’s default fields to “None” to avoid conflict with SSC scoring

    Ensure Domain-Based Score Matching

    To improve scorecard accuracy, add a supplier domain field to your SAP Ariba registration template:

    1. Go to Manage → Templates → Supplier Registration Template

    2. Inactivate the template, then Edit

    3. Add a new question to capture the supplier’s domain

    4. Save and Publish

    Undeploying the Integration

    To stop the integration:

    1. Go to Monitor → Integration and APIs → Manage Integration Content → All in the SAP Integration Suite.

    2. Select the integration → Click Undeploy

    Note: Here you can also check deployment status of the integration flows, and also can redeploy/restart it.

    Troubleshooting

    Logs: Found under “Monitor → All Artifacts → Attachments” (logs and exceptions)

    Credential Errors: Delete the `last_execution_time` variable under `Manage Stores → Variables` and re-run

    Performance 

    The workflows can take about 15 minutes to complete for ~1K suppliers and about 45 minutes for ~5k supplier synchronization.

    Known Limitations

    1. Only one active instance of this integration is supported per environment.
    2. Removing a supplier from SAP Ariba does not automatically remove it from the SSC portfolio.

    Need more help? Contact your SecurityScorecard Support

    Related articles

    Comments

    0 comments

    Please sign in to leave a comment.