Setting up an SAP Best Practices Integration in SAP S/4HANA Cloud Public Edition

SAP Best Practices integrations are pre-delivered in your SAP S/4HANA Cloud system as Communication Arrangements.

To complete the configuration, follow the setup instructions available in the SAP Signavio Process Navigator or the SAP Help Portal.

These resources provide essential details, including:

• Prerequisites, such as required authorizations and access to productive systems.
• The specific Communication Arrangement ID.
• Naming conventions for the Communication User and Communication System.

A Communication User is a technical user used for authentication when a Communication System exchanges data with another system. It is not intended for human authentication.

In the Maintain Communication Users app, you can:

• Define a user name (using capital letters and no spaces) and a description.
• Configure authentication by entering a password, generating a complex system password, or uploading a security certificate.

Passwords and certificates are alternative methods; you do not need both. Setup guides typically recommend a specific naming convention and explain how to obtain a certificate from the external system if needed.

The Communication User supports two primary authentication types:

• Basic Authentication: Uses a technical user name and a manually defined password.
• Authentication with Certificate: Uses a Secure Socket Layer (SSL) certificate provided by the sending or receiving system.

The Communication System defines the technical connection details and the authentication method for data exchange.

For inbound scenarios, where SAP S/4HANA Cloud receives data from an external system, you can select the Inbound Only checkbox in the Technical Data section. This simplifies the configuration by hiding fields like Host Name that are not required for inbound traffic. You must still assign a User for Inbound Communication to manage authentication.

In outbound scenarios, the Technical Data and the User for Outbound Communication are mandatory, as they identify the sending system to the external receiver. Outbound connections often require higher security and specific authorization levels.

In some cases, you do not need to create a manual user because OAuth token-based authorizations are configured directly within the Communication System.

OAuth is an industry-standard protocol for authorization. It uses tokens instead of passwords to verify identities, allowing applications to interact securely without sharing sensitive credentials.

The Communication System supports the following OAuth types:

• Authentication with OAuth 1.0
• Authentication with OAuth 2.0
• Authentication with OAuth 2.0 mTLS (mutual Transport Layer Security)

For example, when integrating SAP SuccessFactors Employee Central with SAP S/4HANA Cloud, you must subscribe to the Master Data Service on SAP Business Technology Platform (SAP BTP) and generate a Service Key.

This Service Key contains credentials such as clientid, clientsecret, url, and uri. These values are entered into the Technical Data section of the Communication System to establish a secure connection with the Master Data Integration Service.

The final step is to create the Communication Arrangement and link it to the relevant Communication System. Because the Communication System is already linked to a Communication User, both are automatically included in the arrangement.

The Communication Arrangement defines the specific inbound and outbound messages to be exchanged. Some arrangements include additional parameters to manage data flow, such as scheduling or defining package sizes for outbound transfers.

The arrangement becomes active once saved. After configuration, use the provided test script to verify that the end-to-end business process is working as expected.