Setting Up the Connectivity between SAP Sales Cloud and SAP Service Cloud Version 2 and SAP Build Apps

Objective

After completing this lesson, you will be able to establish the connection between SAP Sales Cloud and SAP Service Cloud Version 2 and SAP Build Apps.

Explore the Technical Architecture of Side-by-Side Extensions

It is essential to understand the technical architecture of side-by-side extensions and how they exchange data with SAP Sales and Service Cloud Version 2 because these extensions operate in a separate environment. The image below illustrates the overall architecture used in this training.

Graphic displays the architecture of side-by-side extensions. Beginning with the Developer using SAP Build Apps to developing an application for a client's or end user's specific business need.

Developers access SAP Build Apps, running as a subscription service on SAP BTP, to develop the extension app. In the easiest case, the finished app is deployed to and runs in an HTML5 Repository on the same subaccount. Both, SAP Build Apps and the extension app use the Destination service of SAP BTP to access data of the connected solution via APIs (Application Programming Interfaces). This e-learning connects SAP Sales and Service Cloud Version 2 using REST services, but the approach would be the same for other cloud solutions, such as SAP S/4HANA Cloud.

While the extension app communicates with the cloud solution via APIs to exchange data, the front-end of the app will be displayed embedded into the screen of the cloud solution using a mashup, which results in an iFrame element. Using this approach, end users can use the app seamlessly within SAP Sales and Service Cloud Version 2 without needing to switch platforms.

Since the extension app runs on a different platform, end users need to log in to the app in addition to logging in to SAP Sales and Service Cloud Version 2. This can be streamlined using Single Sign-On (SSO). In our case, I'll use SAP Identity Services as the Identity Provider (IdP) for both, the cloud solution and the extension app.

Using the same IdP to access both, the extension app and SAP Sales and Service Cloud Version 2 is an essential aspect of the integration architecture as this ensures a common user base and access permissions across the landscape. The section "Destination Authentication" later in this lesson, explains that in more detail.

Set up the connection between SAP Build Apps and SAP Sales and Service Cloud Version 2

The first step to extending SAP Sales and Service Cloud Version 2 and SAP Build Apps is to set up the connection between the two solutions.

  • Access to SAP Sales and Service Cloud Version 2 with admin rights (e.g. business role ADMIN_INTERNAL).
  • Access to the SAP BTP cockpit with write-access to destinations (e.g. BTP role collection Destination Administrator).
  • Subscription to SAP Build Apps and access to it (e.g. BTP role collections BuildApps_Administrator or BuildApps_Developer assigned to your user on your custom Identity Provider (IdP)).
  • S-User with appropriate rights to contact SAP support

The steps for setting up the technical connectivity will lead to the following results:

  • SAP BTP destinations are created. This is the most important aspect of the setup because it enables API access to SAP Sales and Service Cloud Version 2 from SAP Build Apps and the extension app.
  • SAP Sales and Service Cloud Version 2 shows a shortcut to SAP Build Apps in the app switcher in the upper right corner.
  • SAP Build Apps can automatically create the mashup in SAP Sales and Service Cloud Version 2 during the app's deployment, so the mashup only needs to be displayed on the desired screen.

The following video demonstrates how to connect SAP Sales and Service Cloud Version 2 to SAP Build Apps. Written instructions and further details are available in the SAP Help Portal.

Video Summary:

  1. SAP BTP: iFrame Configuration
    1. Navigate to ServicesInstances and Subscriptions
    2. Create a new service instance for the service Authorization and Trust Management Service and the plan apiaccess for the space you want to deploy apps to
    3. Create a new service key for this instance and download it as JSON
  2. SAP BTP: Download Destination Trust Certificate
    1. Navigate to ConnectivityDestinations
    2. Select Download Trust to download the destination trust certificate
  3. SAP Sales and Service Cloud Version 2: Create a support ticket.

  4. Use the Built-In Support feature or go to SAP for Me, to create a support ticket ("case") for component CEC-CRM-CZM and provide the following details:
    1. URL of SAP Sales and Service Cloud Version 2 (e.g. https://my100xxxx.xxx.crm.cloud.sap)
    2. Username and password for an admin user of SAP Sales and Service Cloud Version 2

      (keep in mind to use the Customer Remote Logon Depot for credentials)

    3. SAP Build Lobby URL (e.g. example.eu10.build.cloud.sap/lobby)
    4. SAP BTP Destination Trust certificate
    5. Service key JSON file
  5. SAP BTP: Import Destinations from SAP Support

  6. Once the SAP support has processed the ticket, import the received destination files:
    1. Navigate to ConnectivityDestinations
    2. Import both files

Connectivity Setup Results

Once the connection is set up, you can use the following features:

  • SAP Build Apps and extension apps can access data from SAP Sales and Service Cloud Version 2 via destinations.Screen capture of the Connectivity window displaying the CX Extensibility Destinations page.
  • You can switch from SAP Sales and Service Cloud Version 2 directly to the SAP Build Apps lobby.Screen capture of the SAP Build Apps icons in the upper left hand corner of the home page.
  • SAP Build Apps allows you to automatically create mashups for deployed apps (C / A – Destination Mashups).Screen capture of the Deploy to Work Zone window and Maship dropdown menu.

Destination Authentication

The destination SAPServiceCloudDiscovery was imported into your SAP BTP sub-account during the connectivity setup. This destination is used by SAP Build Apps and the deployed apps to access data from SAP Sales and Service Cloud Version 2. A key advantage of this destination is the use of the OAuth2SAMLBearerAssertion authentication method. This method ensures that the correct permissions are applied when the extension app accesses data from SAP Sales and Service Cloud Version 2 on behalf of the user. This process is often referred to as Principal Propagation.

If you set up SAP Build Apps without following the connectivity guide and manually creating the destination, it is likely that the destination was created using Basic Authentication with a fixed user. While this approach is simpler to configure and is mentioned in some guides, it is recommended only for test environments. In such cases, you should follow the connectivity setup steps and import the provided destination.

Manually setting up a destination using basic authentication is easier, but it comes with its disadvantages. This method relies on a fixed user account for all data access in SAP Sales and Service Cloud Version 2 independent from the logged in user. That means a user of the extension app may gain access to data in SAP Sales and Service Cloud Version 2 that they should not be able to view, as all data access is conducted through a generic user account.

Screen capture of the destination configuration screen with the Authentication field highlighted.

Lesson Summary:

This lesson explained the technical architecture of side-by-side extensibility. It also demonstrated how to set up the connection between SAP Sales and Service Cloud Version 2 and SAP Build Apps to begin the process of extending your SAP Sales and Service Cloud Version 2 solution. In the next Unit, you’ll learn how to create a new project, design the user interface, set up the data integration and AI Core Services integration.

Log in to track your progress & complete quizzes

Learning

SAP FacebookSAP YoutubeSAP LinkedIn