Explaining the Integration Between Cloud and SAP S/4HANA

Objective

After completing this lesson, you will be able to integrate the Cloud with SAP S/4HANA

Cloud with SAP S/4HANA

Installation of Cloud Connector

Note

To install the Cloud Connector, refer to Install the Cloud Connector.
Screenshot from SAP BTP Cockpit showing the Cloud Connectors section for a subaccount labeled Life Sciences - GLA. The screen displays the status as Connected with details of the Master Instance (GLAZ3O2). Information includes the Connector ID, Connected since date, Initiated by user email (redacted), Version, Java Version, and High Availability status (Inactive). Below, it lists Exposed Back-End Systems detailing Host URLs, Protocol (HTTP), Back-End Type (ABAP System), and Resource availability status (Available). The left sidebar menu includes options for Overview, Services, Cloud Foundry, Connectivity, Security, Help and Support, Useful Links, and Legal Information.

Determination of Trusted Connection

Prerequisite​

Configuration of principal propagation required inclusive creation of technical user for basic authentication.

Note

To configure the Cloud Connector, refer to Authenticating Users against On-Premise Systems.
Screenshots from SAP BTP Cockpit showing the Trust Configuration section for a subaccount labeled Life Sciences - GLA. The first screenshot displays the initial Trust Configuration screen listing existing configurations and details like Status, Name, Description, and Protocol. The second image focuses on an Edit Trust Configuration pop-up window with options to edit Name, Description, Availability for User Logon, and Create Shadow Users. The third screenshot shows a Choose Tenant pop-up window with a list of available domains to configure the security authentication tenant for applications and user logon. The left sidebar menu includes options similar to Overview, Services, Cloud Foundry, Connectivity, Security, and more.

Description​

  1. Scenarion end-to-end SSL encryption (termination of SSL at back end)
    • Exchange of certificate is mandatory
    • SAP Intelligent Clinical Supply Management Portal to Cloud Connector (SSL termination) from Cloud Connector to back end HTTP
    • Certificate is not required
  2. Cloud-based LDAP service provide (for example, Microsoft, Google, Oracle)

    Exchange of certificate is mandatory

Configure ICM to Trust the Cloud Connector If Required ++Customizing Request Required++

  • Go to transaction code RZ10.
  • Select Default Profile and Latest Activated Version.
  • Choose Extended Maintenance.
  • Choose Create New Parameter and add the following entries:
    • Parameter Name: login/certificate_mapping_rulebased Parameter Value: 1
    • Parameter Name: icm/HTTPS/trust_client_with_subject Parameter Value: *
    • Parameter Name: icm/HTTPS/trust_client_with_issuer Parameter Value: CN=SCC, OU=ICSM, O=SAP SE, C=DE
    • Parameter Name: icm/HTTPS/verify_client Parameter Value: 1

Upload Missing SSL Browser Certificates

  • In transaction code SM59, on the Logon & Security tab, check that SSL is set to active.
  • Check which SSL certificate is selected. It should be <DFAULT SSL Client (Standard)>.
  • Download the missing browser certificates from the front-end URL or Cloud Connector on SAP BTP and import them in transaction code STRUST into <SSL client SSL Client (Standard)>.
  • Within this view, choose <Add to Certificate List> and save the settings.

Restart ICM Server

  • Go to transaction code SMICM
  • In the toolbar, select AdministrationICMExit SoftGlobal.
  • Confirm to restart all ICM processes.

Principle Propagation Enablement

Prerequisite

Check the federation of IDP setup principle propagation within SAP S/4HANA (B1S).

Note

To configure the Principal Propagation, refer to Configuring Principal Propagation.

For additional information on the technical user and the federation of user identities to use principle propagation, refer to: Setting up Principal Propagation - SAP Community.

Screenshot of SAP BTP Cockpit showing a list of HTTP destinations like ICSM_S4_API, IDP_ODIC_URL, and others. The ICSM_S4_API destination is selected, showing its configuration details below, including Name, Type, URL, Proxy Type, Authentication, and Location ID. The UI features menus on the left, including Services, Cloud Foundry, and Security, with sub-options such as Spaces, Destinations, and Role Collections.

SAP BTP service and on-premise users should be available to corporate IdP.

Configure System Destinations

Prerequisite​

Enable connection to all SAP S/4HANA services accessed by end users and by technical users.

Note

To configure the Destinations, refer to Configure Destinations.
Screenshot of SAP BTP Cockpit displaying a list of destinations under Subaccount: Life Sciences - GLA - Destinations. The selected destination is bpmworkflowruntime_mail with details shown, including its Name, Type (MAIL), Description, Proxy Type (Internet), Authentication (BasicAuthentication), User, and Password. Additional properties for the mail server configuration are listed, such as mail.smtp.auth, mail.smtp.from, and other SMTP settings. The UI features menus on the left, including Overview, Services, Connectivity, and Security.

Workflow Setup and Roles

Prerequisite

Workflow destination for the mail server has been set up

Note

To configure the Workflows, refer to Configure the Workflow Capability Mail Destination. Also, consider Authentication and Connection Failures on Mail Tasks.
Screenshot displaying three sections from SAP BTP Cockpit and Workflow Settings. The top left section shows Configure Workflow Settings with the Enable Material Request toggle switched on. The top right section shows a destination configuration for bpmworkflowruntime_mail with details such as Type (MAIL), Proxy Type (Internet), and BasicAuthentication. The bottom section shows Subaccount: Life Sciences - GLA - Role Collections listing various role collections such as WorkflowAdmin and WorkflowParticipant, along with corresponding roles and user groups. The UI includes navigation menus on the left for Services, Cloud Foundry, Connectivity, and Security.

Description​

Add the following standard workflow roles as part of ICSM PoC:

  • WorkflowInitiator (global role)
  • WorkflowParticipant (global role)
  • WorkflowAdmin (global role)

Check if the related ICSM standard roles are part of the ICSM role collection:

  • WorkflowSettingEditor
  • WorkflowSettingViewer Role

Create an Instance of the Integration Broker

Prerequisite​

Note

There are different integration service plans for PreProd and Prod environments:
  • PreProd: icsm-integration-preprod
  • Prod: icsm-integration
Screenshot of SAP BTP Cockpit showing instances and subscriptions for Subaccount: Life Sciences - GLA. The top image shows a panel for creating a new instance or subscription with fields such as Service, Plan, Runtime Environment, and Instance Name. A Next button is highlighted. The bottom image shows the details for the instance wm_workflowmanagement with options to create service keys and view bound applications. The UI includes a navigation menu on the left with options for Services, Cloud Foundry, HTML5 Applications, Connectivity, and Security.

Authentication of service keys shall be set to client credentials (client ID + client secret).

Note

To create an Instance of the Integration Broker, refer to Create an Instance of the Integration Broker, as well as External System Access.

Integration Cloud - SAP S/4HANA

Note

To set up Cloud Integration, refer to Set Up Cloud Integration to Enable Synchronization of Study Data.
Screenshot showing multiple sections from SAP interfaces. The top-left section displays the Configuration of RFC Connections with a list of RFC Connections such as S4H, SFO, and SAP_EML_IBP. The top-right section shows OAuth 2.0 Clients with details of a specific client including Service Provider Type and OAuth 2.0 details. The bottom-left section displays the configuration settings for an RFC Destination named SAPEMRHUBOLD with details like Description, Target System Settings, and HTTP Proxy Options. The bottom-right section shows the ABAP Editor Initial Screen for program /CTOO/SYNCHRONIZE_STUDIES. The UI includes navigation menus and various configuration options.

Description

  1. Set Up Cloud Integration to enable synchronization of study data.
  2. Create Your OAuth 2.0 Client Profile.
  3. Configure connection parameters.

Procedure​

  1. RFC Connection (transaction code SM59)

    Make sure that the host URL is maintained correctly.

    Make sure that the RFC connection name is not longer than 14 characters.

    On the Logon & Security tab, select the following options:

    • Do not use user
    • Do not send logo ticket
    • SSL - active
    • SSL Certificate: SSL Anonymous
  2. OAuth Profile Maintenance (transaction code OA2C_CONFIG)
    • Maintain OAuth profile for standard integration service plan.
    • Client ID and secret are retrieved from service keys (provided by BTP subaccount admin)
    • Make sure that when you maintain the authorization and token endpoint to only copy and paste the URL without https://
    • Change Selected Grant Type to Client Credentials.
    • Select SSL Anonymous in the field SSL Client PSE.
  3. Configuration Connection Parameters (transaction code SM59)

    Perform Customizing according to 3296156 - ICSM : Study sync issue due to CONTACTS key field

    +++TR required+++

  4. Transaction code to verify:/N/CTCO/SYNC_STUDY

Enable Consumption of SAP Event Mesh Events for Data Synchronization

Note

To set up Event Mesh, refer to Planning APIs and Events.
Screenshot showing different sections of SAP interfaces. The top-left section is the Define Services screen, where users can filter for calling ICF Hierarchy with fields such as Hierarchy Type, Virtual Host, Service Path, Service Name, Reference Service, Description, and Language. The bottom-left section lists various services including ICSM_event_logon. The top-right section shows the Create/Change a Service interface, detailing a service under path /default_host/sap/bc/ui5_ui5/sap/ICSM_event with tabs for Service Data, Logon Data, Error Pages, and Administration. The bottom-right section shows the SAP Event Mesh with an instance named icsm-em-adb-consumer, displaying details like name, creation date, and status. The UI features standard SAP navigation elements and configuration options.

Description​

  1. Set Up SAP Event Mesh
  2. Create a queue and a queue subscription for the following events Manage Queues.
    • Study change (creation or change to a study)
    • Status configuration change
    • Type configuration change
    • Phase configuration change
    • Study status change
  3. Create a webhook for each of the events​ Manage Webhooks.

Procedure

SICF Service activation for default/host → sap → bc → icsm_event_wb.

Enable alternative Login Procedures in SICF and activate Event Mesh Services to support sync of study and notifications (Consumption of Event Mesh Events)

  • Go to transaction code SICF.
  • Search for Service Paths:
    • /sap/opu/odata/ctco
    • /sap/opu/odata/sap
    • /sap/bc/icsm_event_wb
  • Double-click on the last node displayed, and in the Logon Data tab, enable Use All Logon Procedures.
  • Activate any services that have been inactive so far.

Note

If not done before, configure SAP Event Mesh Enable Consumption of SAP Event Mesh Events for Data Synchronization. For this purpose, a technical user creation is required.

SAP S/4HANA Outbound Event Communication Setup

Screenshot showing two sections related to event queue management in SAP. The top section displays the Event Queue Administration interface with an overview of the status of the event queue, including indicators for Event queue switched on, Background job is active, and Delete events. The status shows the number of events to be delivered, delivered, with errors, and in processing. Key figures indicate a maximum of 226,380 events per hour, and the environment shows no linkages with errors. The bottom section shows the event_mesh_s27 screen with a list of queues, including names such as default/k21.icm.bm/hfs/RMS/Notification and various study-related queues. It displays columns for Messages, Unacknowledged Messages, Queue Size (bytes), and Access Type, with an option to create a new queue and actions for each listed queue. The UI includes standard SAP navigation elements and configuration options.

Description​

  1. Creating, Configuring and Managing Channels
  2. Maintain Outbound Event Topics
  3. Queue Subscriptions

In SAP Event Mesh, queues need to be created with the above topics in queue subscriptions.

Hint

<Namespace>/<Meaningful Name> - <Namespace> + /ce/sap/s4/beh/<repo object>+<repo version> + respective topic name.

For example, Queue-Subscription

z/icsm.saas.consumer/zd8/PPMaterialAlert-z/icsm.saas.consumer/zd8/ce/sap/s4/beh/ctsmprimpackmatlalert/v1/CTSMPrimPackMatlAlert/Created/v1

z/icsm.saas.consumer/zd8/ShelfLifeAlert- z/icsm.saas.consumer/zd8/ce/sap/s4/beh/ctsmshelflifealert/v1/CTSMShelfLifeAlert/Created/v1

The following is the list of ICSM outbound events:

  • CTSMInventoryReport/Created/v1
  • CTSMMedicationKit/Changed/v1
  • CTSMPrimPackMatlAlert/Created/v1
  • CTSMShelfLifeAlert/Created/v1

Helpful Transactions

  • /IWXBE/EVENT_MONITOR - Event Montior (Only available in SAP S/4HANA 2022; Transaction - /IWXBE/EEE_SUPPORT - EEE can be used in 2021 release)
  • SWEQADM - Event Queue Administration
  • SWEQADM_1 - Maintain Event Queue Administrator
  • SWU3 - Automatic Workflow Customizing
  • /IWXBE/EEE_SUPPORT - EEE - Support Reports
  • SMDAEMON - ABAP Daemon Table
  • /IWXBE/CONFIG - Configure Enterprise Event Channel
  • SWUE - Trigger an event
  • SWE2 - Display/Maint. Event Type Linkages
  • SWEL - Display Event Trace

cFLP (SAP Workzone Standard Edition)

Prerequisite​

Before using this procedure, make sure that Cloud Connector, SSO, and principal propagation are set up.​

Note

To configure the Launchpad, refer to Optional - Configure a Launchpad with Federated Apps.
Diagram depicting the SAP Cloud Platform within a Cloud Foundry environment. At the center, there is a Launchpad connecting to several components. On the left side, Related central services include icons for UI Theme Designer, Inbox, Notifications, Help, Security & SSO, and Other services. To the immediate right, there are blocks for Integration content (local and remote) and Custom apps and extensions e.g., SAPUI5, linking to the Launchpad. On the right, Cloud solution as content provider and On premise solution as content provider are connected via Standard apps. The On premise solution is also linked through a Cloud connector. The overall setup illustrates how various services and content integrations are managed within the SAP Cloud Platform environment.

Procedure

​Subscribing to the SAP Launchpad Service enables users to access all of the applications that they need to fulfill their tasks from a central point of entry.

  1. Synchronize with principal propagation
  2. Subscribe to SAP Launchpad Service
  3. Configure 2 destinations to connect to the SAP S/4HANA system
  4. Design-time destination
  5. Runtime destination
  6. Add Content Provider to SAP Launchpad Service
  7. Create SAP Launchpad
  8. Activate SAP Companion Content and enable it on app level (Enable In-App Help for a Launchpad with Federated Apps)
  9. Enable the notification service (Integrate the Notification Service)
  10. Add the SAP Launchpad Service to the HTTP whitelist
  11. Set the user role
  12. When you subscribed to the SAP Launchpad Service, 2 role collections were added: Lanchpad_Admin and Launchpad_External_User. To configure the SAP Launchpad Service, you need the Launchpad_Admin role. Map this role collection in Role Collection Mappings to access the SAP Launchpad Service as an admin. In your subaccount, go to Trust Configuration, select the IAS you use, choose Role Collection Mappings, and add the required mapping.
  13. Expose respective roles by the SAP S/4HANA backend system
  14. Set user roles for SAP S/4HANA apps
  15. Add BTP Content Provider and Content Manager role

Role Setup

Prerequisite

Before using this procedure, make sure that the business function xxxx is active.​

Screenshot of the SAP BTP Cockpit interface focusing on role collections management for the Subaccount: Life Sciences - GLA. The top image shows the Role Collections tab, where users can view and manage different role collections. An action button labeled Create is highlighted, and a pop-up window for creating a new role collection appears, requesting a description. The bottom image shows the details screen for a specific role collection named ICSM_AdminDisplay. It includes tabs for Roles, Users, User Groups, and Attribute Mapping. The Users tab highlights fields for User ID, User Name, and Email, with data listed for specific users. The interface features standard SAP navigation elements and configuration options on the left sidebar.

Description

You use this procedure to xxxx.​

Settings are used by ICSM-specific BAdI Implementation xxxx to trigger the corresponding xxxx.​

Default settings are delivered to support xxxxx.

Procedure

  1. In the SAP Customizing Implementation Guide of Intelligent Clinical Supply Management, go to Master DataATTP IntegrationAssign ATTP Business Functions by Goods Movement Type​.
  2. Establish a mapping between ATTP events and postings of goods movement document types.​
  3. BAdIs​

Be aware that there are several BAdIs available to allow the implementation of customer-specific logic:​

  1. ATTP Integration for EWM - Allows you to implement customer-specific logic for ATTP-communication functions in SAP S/4HANA Extended Warehouse Management (EWM)​.
  2. ATTP Integration for IM - Allows you to implement customer-specific logic for ATTP communication functions in the SAP S/4HANA inventory management (IM).​
  3. Additional Checks for Master Data Integrated with ATTP - Allows to implement customer-specific logic for additional master data checks, integrated with ATTP​
  4. Control ATTP Access - Allows you to implement a customer-specific logic to disregard the SAP Advanced Track and Trace for Pharmaceuticals (ATTP) connection while using SAP Intelligent Clinical Supply Management functionality.​

Refer to the following video explaining the details of integrating Cloud with SAP S/4HANA.

Learning

SAP FacebookSAP YoutubeSAP LinkedIn