Critical Change to HTTP Protocols in Ariba are Coming!

SAP Ariba has announced an important change to HTTP protocols that could impact access to links in your Ariba systems. SAP plans to enforce the use of HTTPS links for SAP Ariba solutions. HTTP links will no longer redirect to HTTPS. While optional for now; it will become mandatory in August 2023.

This will affect every SAP Ariba user

SAP releases four primary updates per year and it often uses these updates to give a first notice of significant upcoming changes. And this is one of those times. We spotted this critical change to HTTP protocols in our early review of the 2023 Q2 Release and wanted to highlight it ahead of our regular quarterly roundup.

Update ID: SI-6537 – Enforce the Use of HTTPS in SAP Ariba Solutions

Customers need to update all HTTP URLs, including vanity URLs, to HTTPS, and reconfigure your outbound endpoint URLs to HTTPS before the Q3 2023 release to ensure that SAP Ariba can transmit data, receive data, and display URLs in the user interface and email messages.

Description

This feature enforces the use of HTTPS in SAP Ariba solutions. Existing HTTP URL links no longer display as hyperlinks in the user interface and email messages.

If you enter an HTTP link in a URL field in the user interface, SAP Ariba now displays a message indicating that you must use HTTPS. The use of HTTP is also logged in the SAP Ariba audit service. This feature also validates that outbound endpoint URLs are HTTPS. SAP Ariba blocks the creation of new HTTP outbound endpoint URLS and blocks existing HTTP outbound calls.

Affected Products

SAP Business Network, SAP Ariba Buying, SAP Ariba Buying and Invoicing, SAP Ariba Contracts, SAP Ariba Catalog, SAP Ariba Invoice Management, SAP Ariba Sourcing, SAP Ariba Spend Analysis, SAP Strategic Sourcing Suite, SAP Ariba Supplier Information and Performance Management, SAP Ariba Supplier Lifecycle and Performance, SAP Ariba Supplier Risk, SAP Business Network for Supply Chain

What this means for the Ariba customer.

In a nutshell: HTTP links will no longer redirect to HTTPS. If your HTTP URL’s are not updated by the time this update is triggered in August 2023 update, many of your company’s internal and external links may no longer work.

So, for example, if you have a supplier registration link that you rely on for supplier sign ups and it still has that http protocol, that link will no longer work. Same for any internal links that are still referencing HTTP, such as within internal Sharepoint locations or in any kind of training documentation.

What is the deadline?

The good news is that, while this change is being announced now, it does not go into effect until the Q3 update in August. You can read more about the three different configurations here.

In this case, you probably don’t need an Ariba Service Partner to walk you through the HTTP/HTTPs update. Rather, we recommend notifying your appropriate internal IT departments as soon as possible so they can make the necessary changes.

You can read SAP’s full explanation of this change here. That document provides more guidance as well as detailed information for administrators.

If you feel like you still need some help, you can contact us for a checklist of the most common areas that should be reviewed and updated.

Confused by Ariba Updates?

We can help.