Skip to Content
Product Information

SAP Cloud for Customer Enable S/MIME Encryption for Employee Support E-mails

The intent of email encryption is to protect email messages and attachments sent over the Internet, so that eavesdroppers can’t gain access to messages or alter their contents.

In this blog post I will show you how to configure your SAP Cloud for Customer system to send and receive encrypted mail for the Employee Support (HR Help-desk) Scenario.

Prerequisite to send and receive encrypted emails :

Create an Employee with an outlook email address in the C4C system that can be used to send email to the Employee support system.

1. Cloud for Customers Business Configuration Settings to be maintained:

  1. Login in to your Cloud for Customer system as an Administrator user with the HTML5 client.
  2. Navigate to Business Configuration > Overview.
  3. Search for “encrypt” in the Business configuration search.
  4. Select Load Certificate and Activate Signing and Encryption for E-mails.
  5. Select the Activate S/MIME tab on the Configure S/MIME screen and select the boxes        labeled Encrypt Outgoing E-mails and Signing Outgoing E-mails.
  6. Select Save and close to save the changes.

2. Upload the certificate for the business user:

Employee’s individual certificate can be uploaded to the system either by emailing the certificate to the security channel’s email address or by uploading the certificate for the business user. 

E-mailing the Certificate to the Security Channel E-mail address:

An employee’s Individual certificate can be uploaded to the system by signing the e-mail message while composing and then sending the message to security@xxx-custxxx.mail.dev.sapbydesign.com. The certificate is then associated to the business user.

Uploading via the Administrator Workcenter: 

To Upload a certificate for the Business user:

  1. Navigate to Administrator > General settings.
  2. Under Users section, Select – Business users.
  3. Search for the user for whom the certificate is to be uploaded and select Manage certificate.
  4. Select Upload S/MIME Certificate and upload the certificate for the business user.

Prerequisite for Incoming emails: 

Configuration to be maintained for E-mail encryption and Signature check for incoming  emails:

  1. Login in to your Cloud for Customers system with the HTML5 client as administrator.
  2. Navigate to Business Configuration >
  3. Search for “e-mail” in the Business configuration element list.
  4. Select E-mail Encryption and Signature Check.
  5. For incoming e-mails for the SAP Cloud for Service: E-Mail Security, Employee Support Scenario, you can select Check or Do Not Check whether incoming e-mails include trustworthy signatures.Note: The encrypted incoming e-mails are decrypted automatically.

Prerequisite for Outgoing emails: 

  1. Login in to your Cloud for Customer system with HTML5 client as an Administrator.
  2. Navigate to Business configuration > Overview screen.
  3. Search for “e-mail” in the Business configuration element list.
  4. Select E-mail encryption and Signature check.For preconfigured e-mail scenarios it is possible to sign outgoing e-mails and to encrypt them using the Secure/Multipurpose Internet Mail Extensions (S/MIME) standard, and to check incoming e-mails for trustworthy signatures.
  5. In the Outgoing E-mail section, for the SAP Cloud for Service: E-Mail Security, Employee Support Scenario, you can specify for e-mail scenario whether outgoing e-mails are encrypted and whether they are signed.
  6. If you select Encrypt if possible, all outgoing emails from the Cloud for Customer system are encrypted and the receiver should also receive an encrypted email response.
  7. Select Save and close to save the changes.

Decrypting incoming emails:

To decrypt incoming e-mails, the email received from the employee must contain the certificate provided by the Cloud for Customer system.

The certificate can be downloaded from the S/MIME configuration page.

Distribute the certificate to all business partners or employee that need to send encrypted e-mails to the support e-mail address. Business partner or Employee need to import the certificate in their email client to encrypt and send e-mails. The system will then be able to decrypt these e-mail message automatically.

If you select Encrypt if possible, all outgoing emails from the Cloud for Customer system are encrypted and the receiver should also receive an encrypted email response.Select Save and close to save the changes.

Downloading of certificate: 

  1. Login in to your Cloud for Customer system with HTML5 client as an administrator.
  2. Navigate to Business configuration > Overview.
  3. Search for “e-mail” in the Business configuration element search.
  4. Select Load Certificate and Activate Signing and Encryption for E-mails.
  5. In the Incoming E-mail section, select the e-mail of the desired channel and select Download certificate.
  6. Once the certificate is downloaded, have the employee or business user import the certificate to their e-mail client.

Assigning certificate to an employee:

For an employee using an Microsoft outlook mail client: 

  1. Open Outlook and select on New E-mail.
  2. In the from address, enter the employee support email id. For example: employeesupport@xxx-custxxx.mail.dev.sapbydesign.com.
  3. Open the contact and select Edit Outlook Contact.
  4. Select Certificates on the tool bar.
  5. Select Import… to import the certificate that was downloaded.
  6. Use the file browser to choose the certificate and select Import.
  7. Select Save and close to save the certificate.

Test certificate setup: 

  1. Open Outlook mail client which has the certificate imported and select on New email.
  2. Enter the employee support e-mail address in the To
  3. Select on Options tab and choose Encrypt.
  4. Compose a test message and send. The sent message is encrypted and displays the encrypted icon.
  5. Once the email is received in the system, navigate to the Ticket and select Interactions. The content of the e-mail should be the same as it was sent, and the SCOT entry should be encrypted.
  6. Send an e-mail response from the ticket to the employee’s email address from whom the email was received and ticket was created.
  7. The response received by the employee should also be encrypted.This screen image shows example of encrypted e-mail messages.

By following the above mentioned steps, you should be able to send and receive encrypted emails to and from the SAP Cloud for Customer system for an employee support scenario.

Be the first to leave a comment
You must be Logged on to comment or reply to a post.