Setting up SAP Best Practices Integrations

Objectives

After completing this lesson, you will be able to:

  • Identify SAP Best Practices integration packages in SAP Signavio Process Navigator
  • Use the Cloud Integration Automation Service to automate SAP Best Practices integrations
  • Use the SAP Fiori Communication Management apps to set up an SAP Best Practices integration

SAP Best Practices Integration in SAP Signavio Process Navigator

Differences between SAP Best Practices & Customer-Driven Integrations

There are two different types of integrations that need to be set-up during an implementation of SAP S/4HANA Cloud, Public Edition. Integrations based on SAP Best Practices content located in SAP Signavio Process Navigator and SAP Help Portal, and customer-driven integrations that either use resources from the SAP Business Accelerator Hub, or are entirely custom developments. The primary difference is where the resources are located, and ownership of the integration itself.

It's in everyone's best interest to use integrations based on SAP Best Practices content, if available for the particular scenario, because SAP has already built the integration package, loaded it into the SAP S/4HANA Cloud, Public Edition system through the Communication Arrangements SAP Fiori app on the launchpad, and provided a set-up guide in SAP Signavio Process Navigator with instructions on how to enable the integration. If SAP has created the integration and published it on SAP Signavio Process Navigator, SAP is responsible for maintaining the integration through future release upgrades. Therefore, the implementation project team members save time when setting up the integration, and the customer saves time in the long run because they don't have to worry about maintenance of the integration.

SAP Best Practices Integrations in SAP Signavio Process Navigator

Certain business processes may include a setup guide along with the business process flow and test script, which typically indicates an integration needs to be enabled for the business process to function correctly. Each line of business (LoB) configuration expert is responsible for setting up these integrations, as the integration is part of the overall setup and configuration of the business process that falls within their LoB area of expertise. In addition, if an integration requirement is identified either on the Digital Discovery Assessment or the Fit-to-Standard workshops, the LoB consultant is responsible for searching SAP Signavio Process Navigator for potential integration content. If you identify integration content in SAP Signavio Process Navigator, download the set-up guide and review the prerequisites section to determine if any additional information needs to be gathered, or activities need to occur before you can begin the actual setup of the integration.

SAP Best Practices Integrations in the SAP Help Portal

Not all SAP Best Practices integrations are in SAP Signavio Process Navigator. Many additional integration scenarios can be found in the SAP Help Portal ⇒ Extend and Integrate Your SAP S/4HANA Cloud. Make sure to do a thorough search across Process Navigator and the SAP Help Portal to identify predelivered integration scenario content provided by SAP.

Cloud Integration Automation Service (CIAS)

Cloud Integration Automation Service (CIAS)

Before moving forward in the setup of an SAP Best Practices integration, check to see if the integration is supported by the free Cloud Integration Automation Service (CIAS). This service runs in SAP Business Technology Platform. The Plan for Cloud Integration Scenario app to launch the service can be accessed from SAP Cloud ALM or the SAP Maintenance Planner. If an integration scenario is supported by CIAS, you can use a guided workflow to partially automate the integration setup, instead of following the integration set-up instructions and completing the steps manually in SAP S/4HANA Cloud. You can also assign integration tasks to different roles to ensure the person with the right permission can execute each task, and the service tracks who completed each task in the workflow. The types of tasks the CIAS are:

  • Automated tasks, where the respective applications provide APIs, which allows the CIAS to automate the corresponding configuration step.
  • Semi-automated tasks, which may include customer-specific data to partially automate certain tasks. For example the customer tenant URL required for connecting systems to each other.
  • Manual tasks, which will show the respective excerpt of the setup guide for the responsible person to apply the necessary setting manually before confirming the task.

Watch a video

Watch this video to learn more about the Cloud Integration Automation Service.

Accessing the CIAS

Not all SAP Best Practices integrations relevant for public cloud are supported by CIAS, but it's worth checking to see if you can save yourself some time on the setup of the integration scenarios in your LoB area. While the CIAS is always free to use, it does require some initial setup to subscribe to the service, as described in the SAP Help Portal here.

After subscribing to the CIAS, it can be accessed from two locations:

  • SAP Cloud ALM in the SAP Cloud ALM for Implementation section ⇒ Cloud Integration Automation Service app
  • SAP for Me in the Services & Support dashboard ⇒ Application Lifecycle Management tab ⇒ Maintenance Planner ⇒ Plan for Cloud Integration Scenario app

Create a Communication Arrangement in SAP S/4HANA Cloud

Setting up an SAP Best Practices Integration with the Communication Management SAP Fiori Apps in SAP S/4HANA Cloud

SAP Best Practices integrations have already been preloaded into your SAP S/4HANA Cloud system as Communication Arrangements. The set-up instructions found in SAP Signavio Process Navigator, or instructions provided in the SAP Help Portal will provide the details about the prerequisites (e.g. access to other productive systems required for integration, authorizations, etc.), the Communication Arrangement ID, and how to set up and name the Communication User and Communication System(s) involved in the arrangement.

Note

You can check which role is required for your business user to access an application on the Fiori launchpad by looking up the relevant app in the SAP Fiori Apps Reference Library.

Create a Communication User

The Communication User is created to define how the Communication System will be authenticated when sending messages to, or receiving messages from, another system. This is a technical user, meaning not an actual person within the organization. Within the app, Maintain Communication Users, you create a name (all capitals, no spaces) and description for the user, and either enter your own password, have the system propose a complex password, or upload a security certificate. It's not necessary to have both a password and security certificate; these are different types of authentication. The set-up instructions typically recommend a name to use, and if a certificate is required, how to generate the certificate from another system.

The Communication User covers two types of authentication:

  • Basic Authentication - Manually defined technical user name and password.
  • Authentication with Certificate - Secure Socket Layer (SSL) certificate generated from the sending or receiving system.
    • For example, you can generate an X509 certificate from SAP SuccessFactors Employee Central and upload the certificate to the Communication User in SAP S/4HANA Cloud for one type of HR integration scenario.

Create a Communication System - Inbound Communication

The Communication System is created to define technical information about the system sending or receiving data, and how the messages will be authenticated.

For inbound communication scenarios, data is being received into SAP S/4HANA Cloud from an external system. You can select the checkbox in the Technical Data section ⇒ Inbound Only, which hides fields and sections that aren't necessary for inbound communication scenarios, such as the Host Name. You will still need to assign a User for Inbound Communication to provide authentication. The set-up instructions from SAP Signavio

Create a Communication System - Outbound Communication

For outbound communication scenarios, the Technical Data section is important, because the details entered here and the User for Outbound Communication are used to register the sending system with the external receiving system. Outbound communication often requires a more stringent level of authorization. Depending on the integration scenario, you may not need to create a Communication User through the Maintain Communication Users app, because OAuthentication (OAuth) token-based authorizations can only be defined in the Communication System itself.

OAuth is an open standard for applications and websites to handle authorization. Instead of using passwords, OAuth uses authorization tokens to prove an identity between systems exchanging data. It allows you to approve on application interacting with another on your behalf without giving away a password. These types of OAuth can be defined in the Communication System:

  • Authentication with OAuth 1.0
  • Authentication with OAuth 2.0
  • Authentication with OAuth 2.0 mTLS (mutual Transport Layer Security)

For example, in a different HR integration scenario between SAP SuccessFactors Employee Central and SAP S/4HANA Cloud, you subscribe to the Master Data Service on SAP Business Technology Platform (BTP) and generate a Service Key. The Service Key provides certain credentials (clientid, clientsecret, url, uri) you enter in the Technical Data section of the Communication System. This creates a secure connection between SAP S/4HANA Cloud and the Master Data Integration Service on SAP BTP.

Note

Get a deeper understanding of OAuth in this SAP Blog: Fundamentals of Security in SAP BTP.

Create a Communication Arrangement

Finally, you create the Communication Arrangement defined in the set-up instructions from SAP Signavio Process Navigator or the SAP Help Portal and attach the Communication System. Because the Communication System already has a Communication User attached, both are pulled into the arrangement. The Communication Arrangement defines exactly what inbound and/or outbound messages are being received or sent from the Communication System. Some arrangements have additional parameters you can use to control the data being received/sent, and for outbound communication, you may be able to define a schedule and/or package size for the data. After entering the required information and saving the arrangement, it will be activated. If you have been following set-up instructions for a business process and have configured the rest of the process, now is the time to complete the test script to verify the end-to-end process functions as expected.

Log in to track your progress & complete quizzes