Skip to Content
Technical Articles

Connect SAP CP Workflow to My Inbox on-premise


Do you use My Inbox on-premise with SAP Business Suite or SAP S/4HANA? Do you at the same time use My Inbox on the SAP Cloud Platform to process your SAP Cloud Platform Workflow tasks?

In case the above is valid, you might as well have probably wished for one single My Inbox to manage all your tasks.

In this post I am going to demonstrate how to technically connect My Inbox on-premise to SAP Cloud Platform Workflow,  in order to have your on-premise My Inbox as the single entry point for managing all your tasks from your on-premise task provider systems and also those from the SAP Cloud Platform Workflow.

As a result, you will no longer need a separate My Inbox for the local SAP Cloud Platform Workflow case but instead you can use My Inbox on-premise to process all your tasks.


  • One My Inbox to manage all tasks you are responsible for
  • Higher user productivity through a harmonized user experience
  • Seamless integration between SAP Cloud Platform Workflow and My Inbox on-premise( including custom actions and custom task Fiori UIs)

Status quo

Prior to this integration being explored, business users who work with workflow tasks generated both by SAP S/4HANA and non-SAP S/4HANA systems, as well as the SAP Cloud Platform Workflow engine, have to use two separate My Inbox apps – one on the on-premise SAP Fiori Launchpad, and the second on the SAP Cloud Platform Launchpad for the local SAP Cloud Platform case. Refer to the screenshots below.

Screenshot 1 below visualizes My Inbox on the on-premise Gateway Hub system, which harmonizes workflow tasks from the connected company-specific backend task provider systems.

Screenshot 1:


Screenshot 2 represents My Inbox on the SAP Cloud Platform Launchpad for the local SAP Cloud Platform Workflow case.

Screenshot 2:


The goal of this post is to demonstrate how to bring the SAP Cloud Platform Workflow tasks to My Inbox on-premise running on the Gateway Hub system (Screenshot 1).


General Approach

Hereinbelow I have added a diagram to visualize the general principal of approaching the integration:

As can be observed, the approach is to use SAP Web Dispatcher as a proxy server. In the setup above, SAP Web Dispatcher handles all browser requests from My Inbox on-premise. Based on predefined rules, it routes synchronous requests to the SAP Cloud Platform in order to load the relevant task UI resources, custom or standard actions, and task properties for the SAP Cloud Platform Workflow tasks.


Note: The SAP Web Dispatcher can be installed on a dedicated on-premise system as well without any restrictions to end-to-end functionality.

Implementation Guide

Hereby, I will guide you through the necessary configuration which enables My Inbox on-premise to seamlessly consume tasks from SAP Cloud Platform Workflow.

  • Configure SAP Web Dispatcher

SAP Web Dispatcher comes with a .pfl file. This file provides the options to configure hosts, ports, rules, etc., so that you, as an Administrator, can define how the SAP Web Dispatcher handles each request it intercepts.

  1. Configure .pfl file of SAP Web Dispatcher

Open the .pfl file of SAP Web Dispatcher. To enable our end-to-end scenario, change the default values of the properties as I have indicated below:

  • Configure the port  SAP Web Dispatcher listens to
icm/server_port_<xx> = PROT=HTTPS,PORT=<port_number>​

Note: The <port_number> can be any open port. <xx> stands for a number. The numbers must start from 0 and must be used in ascending order.


icm/server_port_2 = PROT=HTTPS,PORT=2080
  • Configure path to the SAP Cloud Platform system

wdisp/system_0 = SID=<Cloud Platfrom SID>, EXTSRV=<absolute URL path to Cloud Platform Fiori Launchpad>, SRCSRV=*:<port_number>, SRCURL=/html5apps/;/sap/fiori/, SAML_IDP_SYSTEM=<SID of Gateway Hub system>, SAML_SP_ENTITY_ID=<absolute URL path to Cloud Platform account>


wdisp/system_0 = SID=CAN, EXTSRV=, SRCSRV=*:2080, SRCURL=/html5apps/;/sap/fiori/, SAML_IDP_SYSTEM=XYZ, SAML_SP_ENTITY_ID=
  • Configure on-premise Gateway Hub system properties
wdisp/system_1 = SID=<SID of Gateway Hub system>, MSHOST=<Message Server host of Gateway Hub system>, MSPORT=<Message Server port of Gateway Hub system>, SRCSRV=*:<port_number>, SRCURL=/, CLIENT=<SID of Gateway Hub system>, SSL_ENCRYPT=2 


wdisp/system_1 = SID=XYZ,, MSPORT=8101, SRCSRV=*:2080, SRCURL=/, CLIENT=000, SSL_ENCRYPT=2 
  • Configure “first match” semantics. If a matching conflict occurs, then the request is routed to the first system, which is configured, i.e. wdisp/system_0. In our case, this would be the SAP Cloud Platform Workflow. See the wdisp/system_0 descriptor in the final .pfl file provided as an example in Result section below.
wdisp/system_conflict_resolution = 1
  • Specify the location of rules file
icm/HTTP/mod_0 = PREFIX=/,FILE=<file path to rules.txt>


icm/HTTP/mod_0 = PREFIX=/,FILE=C:\webdispatcher_7.73\rules.txt

Result: After the above configurations, the .pfl file should look similar to this example:

# Profile generated by sapwebdisp bootstrap

# unique instance identifier

# unique instance number

# add default directory settings
DIR_INSTANCE = C:\webdispatcher_7.73
Autostart = 1
Restart_Program_00 = local $(DIR_EXECUTABLE)\sapwebdisp$(FT_EXE) pf=$(DIR_PROFILE)\sapwebdisp.pfl

# SAP Web Dispatcher Ports
icm/server_port_0 = PROT=HTTP,PORT=1080
icm/server_port_1 = PROT=HTTPS,PORT=4300
icm/server_port_2 = PROT=HTTPS,PORT=2080

wdisp/system_conflict_resolution = 1
is/HTTP/show_detailed_errors = TRUE

wdisp/system_0 = SID=CAN, EXTSRV=, SRCSRV=*:2080, SRCURL=/html5apps/;/sap/fiori/, SAML_IDP_SYSTEM=XYZ, SAML_SP_ENTITY_ID=
wdisp/system_1 = SID=XYZ,, MSPORT=8101, SRCSRV=*:2080, SRCURL=/, CLIENT=000, SSL_ENCRYPT=2

# number of parallel connections
icm/max_conn = 2000

# SAP Web Dispatcher Web Administration
icm/authfile = $(DIR_PROFILE)/icmauth.txt
icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=./admin,AUTHFILE=$(icm/authfile)

icm/HTTP/mod_0 = PREFIX=/,FILE=C:\webdispatcher_7.73\rules.txt


2. Configure the rules.txt file of SAP Web Dispatcher


The function of this file is to inform SAP Web Dispatcher which requests should be redirected and how.

For our scenario, we should add a prefix for the requests which contain /html5apps or /bpmworkflowruntime. My Inbox delivers these routes and appends them to the URL for SAP CP Workflow tasks. This way, the relevant requests will be properly redirected to the SAP Cloud Platform.

This will make it possible to load task resources available on the SAP Cloud Platform, such as task custom UI, custom defined actions via API, standard actions or task properties.

  •  Copy and paste the following rules “as is” in the rules.txt file:
if %{PATH} RegIMatch ^/html5apps(.*)
RegIRedirectUrl ^/html5apps(.*) /sap/fiori/bpmmyinbox/html5apps$1

if %{PATH} RegIMatch ^/bpmworkflowruntime(.*)
RegIRedirectUrl ^/bpmworkflowruntime(.*) /sap/fiori/bpmmyinbox/bpmworkflowruntime$1


  • Assign Alias for SAP Cloud Platform to the Gateway Hub

In order to show SAP Cloud Platform Workflow tasks in My Inbox on-premise, a system alias has to be added to the Task Gateway. This configuration is done on the Gateway Hub system.

This is needed to ensure that the requests from My Inbox on-premise are properly redirected to the SAP Cloud Platform.

Warning: The value of SAP System Alias must be “NA”, as shown in the Example below


Note: In a Gateway Hub deployment options, here you probably already have configured aliases. In this case, just add a new alias as described above. It is important to make sure the name of the system alias is “NA”, as indicated above.


  • Configure trust between the on-premise Gateway Hub and the SAP Cloud Platform

Configure SAML2 authentication between both systems. Follow the instructions documented in Configure Authentication. You need to implement the configurations in all sub-topics of the document structure.

Note: Disregard the references to SAP CoPilot in the above documentation topic. The configuration is valid generically, and is not restricted to SAP CoPilot.


  • Register the SAP Web Dispatcher as a Proxy

Follow the instructions documented in Register the SAP Web Dispatcher as a Proxy


neo map-proxy-host --account abcsampleaccount --app-host --proxy <WD host>:2080 -h -u <username>



As a result of the above configuration, you can already address My Inbox running on the SAP Gateway Hub on-premise system (XYZ) via the SAP Web Dispatcher.  In addition, the workflow tasks generated by the SAP Cloud Platform Workflow are provisioned seamlessly to My Inbox running on the SAP Gateway Hub System – along with all related resources, such as custom task UIs, custom actions defined using My Inbox API. Refer to the screenshot below:



Known Constraints

Only one SAP Cloud Platform account can be added as a task provider for SAP Cloud Platform Workflow to My Inbox on-premise.

You must be Logged on to comment or reply to a post.
  • Hi Veneta,

    Thank you for your blog, it has been very interesting.

    Right now, I am investigating something similar... it would be possible to connect to My Inbox in the portal of SCP the tasks from Workflows from S/4 HANA for example? I read something about TCM Compliant OData provider but I can not find detailed information.


    Thank you in advance!


    Antonio García

  • Dear Veneta,

    During the SAML2.0 configuration between Gateway (ECC ABAP) system to Sap Cloud Platform (SCP) we are facing below issue while trying to upload Gateway system metadat to SCP platform.

    We are following the blog, we face issue at "Configure trust between the on-premise Gateway Hub and the SAP Cloud Platform" phase.

    is ECC Abap not supportable IDP for SCP could you please help us with any alternative or solution for this issue.

    your response and solution much appreciated. thanks




  • Dear Veneta,

    Did you create a new catalog and tile for my inbox application and set the prefix /html5apps or /bpmworkflowruntime there?

    It's not clear to me how the my inbox application calls these prefixes that you created.

    Thank you in advance!

    Best regards



  • Hello Veneta,

    is this scenario valid also for SCP Workflow on Cloud Foundry environment?

    I managed to find documentation only for Neo environment.

    Thank you


  • Hello Veneta koleva,


    We tried the same scenario for unified inbox,our requirement is to integrate SAP Cloud platform  My Inbox to On-premise My inbox.

    Here all workflow tasks in SAP Cloud My Inbox will sync and reflect in On-premise My Inbox when ever user approve or reject the task, then task will be closed in On-premise My inbox and same will reflect in Sap Cloud My Inbox.

    As we followed the above procedure we are facing issues during trust configuration,we are trying to configure trust between embedded S/4 system to SCP Platform.

    We are getting below error,could you please help us on this.



    • Hi Avinash,

      embedded deployment of the SAP S/4HANA system is not suitable for multi-origin composition scenario. Federation is done by the SAP Gateway Hub system, as documented in the prerequisites section of this blog. Regarding the authentication issues, this requires detailed RCA, so let’s take it internally.


      Best Regards,


  • Hi Veneta.

    From your previous comments I understand that this scenario is only valid for NEO environment, but I would like to know if there is any possibility to connect SCP Workflow on Cloud Foundry environment to My Inbox on-premise.


    Kind regards,