Skip to Content
Technical Articles

Connect SAP Workflow Sevice in the NEO environment to My Inbox on-premise


Do you use My Inbox on-premise with SAP Business Suite or SAP S/4HANA? Do you at the same time use My Inbox on the SAP Business Technology Plaform (BTP) to process your SAP Workflow Service tasks?

In case the above is valid, you might as well have probably wished for one single My Inbox to manage all your tasks.

In this post I am going to demonstrate how to technically connect My Inbox on-premise to SAP Workflow Service in the NEO environment,  in order to have your on-premise My Inbox as the single entry point for managing all your tasks from your on-premise task provider systems and also those from the SAP Workflow Service.

As a result, you will no longer need a separate My Inbox for the local SAP Workflow Service case but instead you can use My Inbox on-premise to process all your tasks.


  • One My Inbox to manage all tasks you are responsible for
  • Higher user productivity through a harmonized user experience
  • Seamless integration between SAPvWorkflow Service on the NEO environment and My Inbox on-premise( including custom actions and custom task Fiori UIs)

Status quo

Prior to this integration being explored, business users who work with workflow tasks generated both by SAP S/4HANA and non-SAP S/4HANA systems, as well as the SAP Workflow Service engine, have to use two separate My Inbox apps – one on the on-premise SAP Fiori Launchpad, and the second on the SAP Launchpad homepage for the local SAP Workfow Service case. Refer to the screenshots below.

Screenshot 1 below visualizes My Inbox on the on-premise Gateway Hub system, which harmonizes workflow tasks from the connected company-specific backend task provider systems.

Screenshot 1:


Screenshot 2 represents My Inbox on the SAP Launchpad for the local SAP Workflow case in the NEO environment of SAP BTP.

Screenshot 2:


The goal of this post is to demonstrate how to bring the SAP Workflow tasks to My Inbox on-premise running on the Gateway Hub system (Screenshot 1).


General Approach

Hereinbelow I have added a diagram to visualize the general principal of approaching the integration:

As can be observed, the approach is to use SAP Web Dispatcher as a proxy server. In the setup above, SAP Web Dispatcher handles all browser requests from My Inbox on-premise. Based on predefined rules, it routes synchronous requests to the SAP BTP  NEO environment in order to load the relevant task UI resources, custom or standard actions, and task properties for the SAPWorkflow tasks.


Note: The SAP Web Dispatcher can be installed on a dedicated on-premise system as well without any restrictions to end-to-end functionality.

Implementation Guide

Hereby, I will guide you through the necessary configuration which enables My Inbox on-premise to seamlessly consume tasks from SAP  Workflow Sevice in the NEO environment.

  • Configure SAP Web Dispatcher

SAP Web Dispatcher comes with a .pfl file. This file provides the options to configure hosts, ports, rules, etc., so that you, as an Administrator, can define how the SAP Web Dispatcher handles each request it intercepts.

  1. Configure .pfl file of SAP Web Dispatcher

Open the .pfl file of SAP Web Dispatcher. To enable our end-to-end scenario, change the default values of the properties as I have indicated below:

  • Configure the port  SAP Web Dispatcher listens to
icm/server_port_<xx> = PROT=HTTPS,PORT=<port_number>​

Note: The <port_number> can be any open port. <xx> stands for a number. The numbers must start from 0 and must be used in ascending order.


icm/server_port_2 = PROT=HTTPS,PORT=2080
  • Configure path to the SAP BTP NEO environment system

wdisp/system_0 = SID=<BTP NEO SID>, EXTSRV=<absolute URL path to BTP NEO Fiori Launchpad>, SRCSRV=*:<port_number>, SRCURL=/html5apps/;/sap/fiori/, SAML_IDP_SYSTEM=<SID of Gateway Hub system>, SAML_SP_ENTITY_ID=<absolute URL path to BTP NEO account>


wdisp/system_0 = SID=CAN, EXTSRV=, SRCSRV=*:2080, SRCURL=/html5apps/;/sap/fiori/, SAML_IDP_SYSTEM=XYZ, SAML_SP_ENTITY_ID=
  • Configure on-premise Gateway Hub system properties
wdisp/system_1 = SID=<SID of Gateway Hub system>, MSHOST=<Message Server host of Gateway Hub system>, MSPORT=<Message Server port of Gateway Hub system>, SRCSRV=*:<port_number>, SRCURL=/, CLIENT=<SID of Gateway Hub system>, SSL_ENCRYPT=2 


wdisp/system_1 = SID=XYZ,, MSPORT=8101, SRCSRV=*:2080, SRCURL=/, CLIENT=000, SSL_ENCRYPT=2 
  • Configure “first match” semantics. If a matching conflict occurs, then the request is routed to the first system, which is configured, i.e. wdisp/system_0. In our case, this would be the SAP  Workflow Service in NEO environment.
  • See the wdisp/system_0 descriptor in the final .pfl file provided as an example in Result section below.
wdisp/system_conflict_resolution = 1
  • Specify the location of rules file
icm/HTTP/mod_0 = PREFIX=/,FILE=<file path to rules.txt>


icm/HTTP/mod_0 = PREFIX=/,FILE=C:\webdispatcher_7.73\rules.txt

Result: After the above configurations, the .pfl file should look similar to this example:

# Profile generated by sapwebdisp bootstrap

# unique instance identifier

# unique instance number

# add default directory settings
DIR_INSTANCE = C:\webdispatcher_7.73
Autostart = 1
Restart_Program_00 = local $(DIR_EXECUTABLE)\sapwebdisp$(FT_EXE) pf=$(DIR_PROFILE)\sapwebdisp.pfl

# SAP Web Dispatcher Ports
icm/server_port_0 = PROT=HTTP,PORT=1080
icm/server_port_1 = PROT=HTTPS,PORT=4300
icm/server_port_2 = PROT=HTTPS,PORT=2080

wdisp/system_conflict_resolution = 1
is/HTTP/show_detailed_errors = TRUE

wdisp/system_0 = SID=CAN, EXTSRV=, SRCSRV=*:2080, SRCURL=/html5apps/;/sap/fiori/, SAML_IDP_SYSTEM=XYZ, SAML_SP_ENTITY_ID=
wdisp/system_1 = SID=XYZ,, MSPORT=8101, SRCSRV=*:2080, SRCURL=/, CLIENT=000, SSL_ENCRYPT=2

# number of parallel connections
icm/max_conn = 2000

# SAP Web Dispatcher Web Administration
icm/authfile = $(DIR_PROFILE)/icmauth.txt
icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=./admin,AUTHFILE=$(icm/authfile)

icm/HTTP/mod_0 = PREFIX=/,FILE=C:\webdispatcher_7.73\rules.txt


2. Configure the rules.txt file of SAP Web Dispatcher


The function of this file is to inform SAP Web Dispatcher which requests should be redirected and how.

For our scenario, we should add a prefix for the requests which contain /html5apps or /bpmworkflowruntime. My Inbox delivers these routes and appends them to the URL for SAP Workflow Service tasks. This way, the relevant requests will be properly redirected to the SAP BTP.

This will make it possible to load task resources available on the SAP BTP, such as task custom UI, custom defined actions via API, standard actions or task properties.

  •  Copy and paste the following rules “as is” in the rules.txt file:
if %{PATH} RegIMatch ^/html5apps(.*)
RegIRedirectUrl ^/html5apps(.*) /sap/fiori/bpmmyinbox/html5apps$1

if %{PATH} RegIMatch ^/bpmworkflowruntime(.*)
RegIRedirectUrl ^/bpmworkflowruntime(.*) /sap/fiori/bpmmyinbox/bpmworkflowruntime$1


  • Assign Alias for SAP BTP in the NEO environment to the Gateway Hub

In order to show SAP Workflow tasks in My Inbox on-premise, a system alias has to be added to the Task Gateway. This configuration is done on the Gateway Hub system.

This is needed to ensure that the requests from My Inbox on-premise are properly redirected to the SAP BTP.

Warning: The value of SAP System Alias must be “NA”, as shown in the Example below


Note: In a Gateway Hub deployment options, here you probably already have configured aliases. In this case, just add a new alias as described above. It is important to make sure the name of the system alias is “NA”, as indicated above.


  • Configure trust between the on-premise Gateway Hub and the SAP BTP

Configure SAML2 authentication between both systems. Follow the instructions documented in Configure Authentication. You need to implement the configurations in all sub-topics of the document structure.

Note: Disregard the references to SAP CoPilot in the above documentation topic. The configuration is valid generically, and is not restricted to SAP CoPilot.


  • Register the SAP Web Dispatcher as a Proxy

Follow the instructions documented in Register the SAP Web Dispatcher as a Proxy


neo map-proxy-host --account abcsampleaccount --app-host --proxy <WD host>:2080 -h -u <username>



As a result of the above configuration, you can already address My Inbox running on the SAP Gateway Hub on-premise system (XYZ) via the SAP Web Dispatcher.  In addition, the workflow tasks generated by the SAP Workflow Service are provisioned seamlessly to My Inbox running on the SAP Gateway Hub System – along with all related resources, such as custom task UIs, custom actions defined using My Inbox API. Refer to the screenshot below:



Known Constraints

  • Only one SAP BTP account can be added as a task provider for SAP Workflow Service in the NEO environment to My Inbox on-premise.
  • The integration described in this blog is currently available for SAP BTP Neo environment only. It is not supported for SAP BTP Cloud Foundry environment currently and cannot be applied.
You must be Logged on to comment or reply to a post.
  • Hi Veneta,

    Thank you for your blog, it has been very interesting.

    Right now, I am investigating something similar... it would be possible to connect to My Inbox in the portal of SCP the tasks from Workflows from S/4 HANA for example? I read something about TCM Compliant OData provider but I can not find detailed information.


    Thank you in advance!


    Antonio García

  • Dear Veneta,

    During the SAML2.0 configuration between Gateway (ECC ABAP) system to Sap Cloud Platform (SCP) we are facing below issue while trying to upload Gateway system metadat to SCP platform.

    We are following the blog, we face issue at "Configure trust between the on-premise Gateway Hub and the SAP Cloud Platform" phase.

    is ECC Abap not supportable IDP for SCP could you please help us with any alternative or solution for this issue.

    your response and solution much appreciated. thanks




  • Dear Veneta,

    Did you create a new catalog and tile for my inbox application and set the prefix /html5apps or /bpmworkflowruntime there?

    It's not clear to me how the my inbox application calls these prefixes that you created.

    Thank you in advance!

    Best regards



  • Hello Veneta,

    is this scenario valid also for SCP Workflow on Cloud Foundry environment?

    I managed to find documentation only for Neo environment.

    Thank you


  • Hello Veneta koleva,


    We tried the same scenario for unified inbox,our requirement is to integrate SAP Cloud platform  My Inbox to On-premise My inbox.

    Here all workflow tasks in SAP Cloud My Inbox will sync and reflect in On-premise My Inbox when ever user approve or reject the task, then task will be closed in On-premise My inbox and same will reflect in Sap Cloud My Inbox.

    As we followed the above procedure we are facing issues during trust configuration,we are trying to configure trust between embedded S/4 system to SCP Platform.

    We are getting below error,could you please help us on this.



    • Hi Avinash,

      embedded deployment of the SAP S/4HANA system is not suitable for multi-origin composition scenario. Federation is done by the SAP Gateway Hub system, as documented in the prerequisites section of this blog. Regarding the authentication issues, this requires detailed RCA, so let’s take it internally.


      Best Regards,


  • Hi Veneta.

    From your previous comments I understand that this scenario is only valid for NEO environment, but I would like to know if there is any possibility to connect SCP Workflow on Cloud Foundry environment to My Inbox on-premise.


    Kind regards,