Skip to Content
Technical Articles
Author's profile photo Sarita Pal

SAP Copilot — An SAP Offering to make ERP intelligent

I am writing this blog to give a detailed procedure on how to implement the SAP Copilot on S4 HANA. The Idea here is to utilize an S4HANA 1709 on-premise application to implement the SAP Copilot hosted on SCP. By Using this blog SAP Administrator can be able to end2end setup of SAP CoPilot.
What is intelligent S4? – AN ERP you can talk to and hear from. Simply intelligent to understand human with a blend of NLP(Natural Language Processing) and Artificial Intelligence.

What is SAP Copilot – An SAP offering that helps to make S4 intelligent enough to understand human in the context of working with SAP. It helps Complete all your enterprise tasks from one place, with voice or text. Get your work done wherever you are, whether on your mobile device or desktop.

Objectives of SAP CoPilot — SAP CoPilot, your digital assistant and bot integration hub for the enterprise, has a twofold objective: to provide a delightful, personalized experience, as well as intelligently consolidated work data to increase efficiency for business users.


Prerequisites – Before start configuration makes sure the below prerequisite is met.

  1. S/4 HANA should be at least NetWeaver 7.51 SP06 or higher/7.52 SP01 or higher
  2. SAP WebDispatcher 7.53 or greater must be installed and configured
  3. SAP Cloud Connector 2.11.03 with Principal Propagation
  4. Subscription to SCP account with Copilot application access(Tenant URL)

Step by Step Integration of SAP Copilot in S4 on Premise

  1. Configuring Web dispatcher as a reverse proxy and SCP registration
  2. Cloud Connector configuration to connect S/4 on Premise system to SCP
  3. Configuring SCP account to expose SAP Copilot scripts to the backend system
  4. Setting UP backend system to act as Local Identity provider


Task 1. SAP Web Dispatcher Configuration, There are two things that we need to maintain, one is to create below 2 system entries in SAP web dispatcher profile as shown below

wdisp/system_1 = SID=SCP, EXTSRV=<Tenant URL of SAP Copilot>, SRCSRV=*:*, SRCURL=/copilot, SET_X_PROXY_HOST=TRUE,  PROXY=<Webdispatcher hostname>:<Port>, STANDARD_COOKIE_FILTER=OFF, SAML_IDP_SYSTEM=SH1_SSO, SAML_SP_ENTITY_ID=<tenant ID>


wdisp/system_2 = SID=<S4 System SID>, NAME=<S4 System SID >_SSO, MSHOST=< Hostname of S4 System>, MSPORT=<Message server port of S4>, SRCSRV=*:8088, SRCURL=/, CLIENT=<S4 Client>


wdisp/system_conflict_resolution = 1


After doing these activities you need to restart web dispatcher and check the system entries in SAP MMC console of web dispatcher.


And another one is to register the Webdispatcher to SCP using neo utility as shown below


  • neo map-proxy-host –account <Tenant ID> –app-host <tenant URL>/ -h -u <S User ID>


This will ask for your S user password and registration is completed.



Task 2 – Configure Cloud connector

  1. Install the SAP Cloud Connector and connect it to your SAP Cloud Platform account as described in Managing Subaccounts
  2. Configure the security trust for principal propagation between the connected ABAP system and the SAP Cloud Platform described in Configuring Principal Propagation
  3. A list of service paths and their sub-paths need to be exposed on the SAP Cloud Connector. The following shows an example of what this would look like:

Task 3- Configure S4 and SCP for Authentication using Local identity Provider

  • Create the Local Identity Provider in S/4HANA
  1. Start transaction SAML2_IDP.
  2. Select Create and to create a name for the identity provider.
  3. In the browser, create your local identity provider.

4. Enter the provider name, and select Create.

Under the Local Provider tab, download the metadata file and name it s4metadata.xml.

  • Configure the Local Service Provider
  1. Login to the SAP Cloud Platform and go to SecurityTrust Under the Local Service Provider tab, in the Trust Management screen, update the following:
    • Configuration Type: Custom
    • Select Generate Key Pair
    • Principal Propagation: Enabled
  2. Download metadata file for the local service provider by selecting Get Metadata and save it into a file called XML .

  • Configure Mutual Trust to Local SAML 2.0 Identity Provider
  1. In the S/4HANA system, open SAML_IDP.
  2. Under the Trusted Providers, upload the xmlfile downloaded earlier.
  3. Add the xmlfile from the SAP Cloud Platform trust configuration. Select Next.
  4. Verify the entry.

5. Log on to the SAP Cloud Platform and go to Security Trust.

6. Select the Application Identity Provider tab and choose Add Trusted Identity Provider.


7. Select Browse and upload the s4metadata.xml downloaded earlier.

  • Create HTTP Destinations


  1. In the SAP Cloud Platform Cockpit, go to ConnectivityDestinations, and select New Destination.

  1. Create the following destinations:
Destination Details


URL: <URL to your S/4HANA system exposed via the SAP Cloud Connector>

Proxy Type: On-Premise

Type: HTTP

Authentication: Principal Propagation

Description: <Your description>

Additional Properties: sap-client=<CLIENT>



URL: <URL to your S/4HANA system exposed via the SAP Cloud Connector>

Proxy Type: On-Premise

Type: HTTP

Authentication: Basic

User: <Technical provisioning user ID>

Password: <Password>

Description: <Your description>

Additional Properties: sap-client=<CLIENT>


Is should look like this


Now its time to test the configuration.

  1. Login on the FLP URL of your backend server and check whether copilot Icon is visible on the top left or not


Conclusion — In this blog, we have successfully integrated the SAP Copilot with On-Premise S4 System. And in my next blog, I will show how to create Skills to make Copilot more intelligent with Skill builder utility.



Assigned Tags

      1 Comment
      You must be Logged on to comment or reply to a post.
      Author's profile photo Wolfgang Röckelein
      Wolfgang Röckelein

      Hi Sarita Pal ,

      thanks for the helpful blog!

      One question: What are the correct destination name endings, -SSO-NLP and -TECHNICAL-NLPPROV as here in this blog or -SSO and -TECHNICAL as in ?