Introduction
You want to establish connectivity between your SAP S/4 HANA Cloud system and a SAP BTP subaccount. To allow inbound communication with the SAP S/4HANA tenant, you must explicitly permit the APIs to be accessible from external systems such as SAP BTP. SAP S/4HANA system only allows APIs that you choose to expose to the cloud.
In this learning journey, we use the SAML Assertion Authentication method to access the SAP S/4HANA Cloud APIs with principal propagation. However, not all SAP S/4HANA Cloud APIs support oAuth. For those that do not support it, you must set up communication with basic authentication.
Details of Connectivity Concepts Between SAP S/4HANA Cloud and SAP BTP
The communication management in SAP S/4HANA Cloud consists of the following functionalities:
- Communication arrangement
- A communication arrangement describes a communication scenario with a remote system during configuration time. It provides the necessary metadata for service configuration.
- Communication system
- A communication system represents the communication partner with all technical information that is required for communication, for example, hostname, identity, user information, and certificates.
- Communication user
- A communication user is a special type of technical user that is assigned to a communication system. You create a communication user for particular communication scenarios.
- Communication scenario
- A communication scenario defines the communication between external systems and your own SAP cloud system. It bundles inbound and outbound services and additional properties that are required for configuration settings.
You can choose between three different concepts for creating a connection between SAP S/4HANA Cloud and the SAP BTP subaccount:
- SAML Assertion Authentication
- Basic Authentication
- Client Certificate Authentication