There are two different types of integrations that need to be set-up during an implementation of SAP S/4HANA Cloud, Public Edition. Integrations based on SAP Best Practices content located in SAP Signavio Process Navigator
, and customer-driven integrations that either use resources from the SAP Business Accelerator Hub
, or are entirely custom developments. The primary difference is where the resources are located, and ownership of the integration itself.
It's in everyone's best interest to use integrations based on SAP Best Practices content, if available for the particular scenario, because SAP has already built the integration package, loaded it into the SAP S/4HANA Cloud, Public Edition system through the Communication Arrangements SAP Fiori app
on the launchpad, and provided a set-up guide in SAP Signavio Process Navigator with instructions on how to enable the integration. If SAP has created the integration and published it on SAP Signavio Process Navigator, SAP is responsible for maintaining the integration through future release upgrades. Therefore, the implementation project team members save time when setting up the integration, and the customer saves time in the long run because they don't have to worry about maintenance of the integration.
Certain business processes may include a setup guide along with the business process flow and test script, which typically indicates an integration needs to be enabled for the business process to function correctly. Each line of business (LoB) configuration expert is responsible for setting up these integrations, as the integration is part of the overall setup and configuration of the business process that falls within their LoB area of expertise. In addition, if an integration requirement is identified either on the Digital Discovery Assessment or the Fit-to-Standard workshops, the LoB consultant is responsible for searching SAP Signavio Process Navigator for potential integration content. If you identify integration content in SAP Signavio Process Navigator, download the set-up guide and review the prerequisites section to determine if any additional information needs to be gathered, or activities need to occur before you can begin the actual setup of the integration.
Not all SAP Best Practices integrations are in SAP Signavio Process Navigator. Many additional integration scenarios can be found in the SAP Help Portal → Extend and Integrate Your SAP S/4HANA Cloud
. Make sure to do a thorough search across Process Navigator and the SAP Help Portal to identify predelivered integration scenario content provided by SAP.
Before moving forward in the setup of an SAP Best Practices integration, check to see if the integration is supported by the free Cloud Integration Automation Service (CIAS)
. This service runs in SAP Business Technology Platform. The Plan for Cloud Integration Scenario app to launch the service can be accessed from SAP Cloud ALM or the SAP Maintenance Planner. If an integration scenario is supported by CIAS, you can use a guided workflow to partially automate the integration setup, instead of following the integration set-up instructions and completing the steps manually in SAP S/4HANA Cloud. You can also assign integration tasks to different roles to ensure the person with the right permission can execute each task, and the service tracks who completed each task in the workflow. The types of tasks the CIAS are:
Watch this video to learn more about the Cloud Integration Automation Service.
Not all SAP Best Practices integrations relevant for public cloud are supported by CIAS, but it's worth checking to see if you can save yourself some time on the setup of the integration scenarios in your LoB area. While the CIAS is always free to use, it does require some initial setup to subscribe to the service, as described in the SAP Help Portal here
After subscribing to the CIAS, it can be accessed from two locations:
SAP Best Practices integrations have already been preloaded into your SAP S/4HANA Cloud system as Communication Arrangements. The set-up instructions found in SAP Signavio Process Navigator, or instructions provided in the SAP Help Portal will provide the details about the prerequisites (e.g. access to other productive systems required for integration, authorizations, etc.), the Communication Arrangement ID, and how to set up and name the Communication User and Communication System(s) involved in the arrangement.
You can check which role is required for your business user to access an application on the Fiori launchpad by looking up the relevant app in the SAP Fiori Apps Reference Library.
The Communication User is created to define how the Communication System will be authenticated when sending messages to, or receiving messages from, another system. This is a technical user, meaning not an actual person within the organization. Within the app, Maintain Communication Users, you create a name (all capitals, no spaces) and description for the user, and either enter your own password, have the system propose a complex password, or upload a security certificate. It's not necessary to have both a password and security certificate; these are different types of authentication. The set-up instructions typically recommend a name to use, and if a certificate is required, how to generate the certificate from another system.
The Communication User covers two types of authentication:
The Communication System is created to define technical information about the system sending or receiving data, and how the messages will be authenticated.
For inbound communication scenarios, data is being received into SAP S/4HANA Cloud from an external system. You can select the checkbox in the Technical Data section → Inbound Only, which hides fields and sections that aren't necessary for inbound communication scenarios, such as the Host Name. You will still need to assign a User for Inbound Communication to provide authentication. The set-up instructions from SAP Signavio
For outbound communication scenarios, the Technical Data section is important, because the details entered here and the User for Outbound Communication are used to register the sending system with the external receiving system. Outbound communication often requires a more stringent level of authorization. Depending on the integration scenario, you may not need to create a Communication User through the Maintain Communication Users app, because OAuthentication (OAuth) token-based authorizations can only be defined in the Communication System itself.
OAuth is an open standard for applications and websites to handle authorization. Instead of using passwords, OAuth uses authorization tokens to prove an identity between systems exchanging data. It allows you to approve on application interacting with another on your behalf without giving away a password. These types of OAuth can be defined in the Communication System:
For example, in a different HR integration scenario between SAP SuccessFactors Employee Central and SAP S/4HANA Cloud, you subscribe to the Master Data Service on SAP Business Technology Platform (BTP) and generate a Service Key. The Service Key provides certain credentials (clientid, clientsecret, url, uri) you enter in the Technical Data section of the Communication System. This creates a secure connection between SAP S/4HANA Cloud and the Master Data Integration Service on SAP BTP.
Get a deeper understanding of OAuth in this SAP Blog: Fundamentals of Security in SAP BTP.
