Skip to Content
Technical Articles
Author's profile photo Nils Knieling

Otto Group IT’s Journey to SAP Cloud Platform

In this blog post I would like to tell you about our way to the SAP Cloud Platform (SCP). By “our” I mean the Otto Group and its subsidiaries. You’ll learn something about our architecture and system design.

About Otto Group IT

The Otto Group IT is the IT service provider of the Otto Group. The Otto Group is a globally active group of retailers and retail-related service providers with around 52,560 employees. Through 30 major company groups it has a presence in more than 30 countries in Europe, North and South America, and Asia. The Otto Group is one of the world’s largest online retailers.

Why Cloud

We operate several large SAP ERP and BW systems for the different business functions. Until the transition to the SAP Cloud Platform, the access of the users was mainly done with the SAP GUI and an SAP NetWeaver Portal. The SAP NetWeaver Portal was mainly used for Employee Self-Services (ESS) and Manager Self-Services (MSS). We had large load peaks at the end of the month when all users wanted to see their payroll. Access was only possible from the corporate network or with a VPN connection.

It wasn’t up to date anymore and we wanted to modernize it. We decided on using the SAP Cloud Platform because all requirements could be fulfilled with it. In particular:

  • Dynamic scalability of resources
  • Outsourced hardware and software maintenance
  • VPN-less access
  • Great integration with our other SAP products in our hybrid system landscape

The big picture

The end user has access to a Fiori Launchpad. We have set up our own domain and SSL host on the SCP Load Balancer. The user authenticates himself with his familiar Microsoft Office 365 login credentials and a second factor. Technically, we created a SAML trust between our Microsoft ADFS Identity Provider and the SAP Cloud Platform.

The Fiori Lauchpad gives the user access to various HTML5 applications. We offer some SAP standard applications and a lot of self-developed applications. With SAP Cloud Platform Identity Provisioning (IPS), we manage which app the user can see. For this purpose, we synchronize the e-mail addresses from SAP ERP user rolls to SCP authorization management groups.

The apps access the data via the SAP Cloud Platform OData Provisioning (GWaaS) service. The GWaaS establishes the connection via the SAP Cloud Connector to our on-premise SAP and non-SAP systems. Authentication against the SAP system is done with X.509 certificates respectively Principal Propagation.

We also use SAP Cloud Platform Integration (CPI), but that would go beyond the scope of this article.

From a developer’s Point of View

Instead of the familiar SE80, the developer now has a free choice of development environment. Most of our colleagues who develop JavaScript have decided to use VS Code and only a few for SAP WebIDE. That’s why we’ve built everything in a way that the development environment can be exchanged easily.

Everything is versioned with git and stored in our GitLab account. As soon as a new version has been pushed, the Continuous Integration (CI) process starts. The new app is built and tested by a GitLab Runner. If everything is OK, the Continuous Delivery (CD) is triggered. The built app is then published to the SAP Cloud Platform as HTML5 app. We have a total of three SCP subaccounts for our 3-tier landscape. Similar to our SAP system landscape, one for development, one for quality assurance and one for production. Like the SAP Cloud Connector, the GitLab Runner is running inside our company network and has access to our SAP systems. The GitLab Runner can therefore also be used to deploy ABAPs to our SAP systems.

If you want to do it the same way, you can find our Docker Image here:


We use the different SAP Cloud Platform Services to provide a modern front-end to our users. The users are very satisfied. Especially the mobile access is very well accepted by the employees. The developers are also happy. They can use a modern toolset.

The Future

In the near future we want to launch SAP Analytics Cloud and integrate it into our Fiori Launchpad. We are currently also exploring ABAP on SAP Cloud Platform.

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Shantanu Sharma
      Shantanu Sharma

      Excellent post. Very useful. Thanks for sharing.

      Author's profile photo Javier Andres Caceres Moreno
      Javier Andres Caceres Moreno

      Good post

      Author's profile photo Aviad Rivlin
      Aviad Rivlin

      Great post. Thanks for sharing!

      Author's profile photo Bertram Ganz
      Bertram Ganz

      Thank You, that's a very informative and crisp blog. I like your SAP Cloud Platform solution diagram as it depicts a very fundamental development and application scenario. I see it as a good candidate for a new "sample diagram" in our next guideline version. I would be pleased if your could send it tom me. Regards, Bertram

      Author's profile photo Nils Knieling
      Nils Knieling
      Blog Post Author

      You got an e-mail.

      Author's profile photo Bertram Ganz
      Bertram Ganz

      Thank you Nils, highly appreciated. Regards, Bertram

      Author's profile photo Alexandre Costa
      Alexandre Costa

      Great post, thanks for sharing !

      Author's profile photo Lennart Meinhardt
      Lennart Meinhardt

      Hi, Thank you very much for this informative blog.

      I am currently also checking for methods for automatic deployment to onprem and cloud, and I have a few questions. Maybe you can help me a bit? That would be very nice.

      1. Do you deploy your HTML5 apps to SAP Cloud Platform as MTA?
      2. Do you use an account on as well as a GitLab instance in your company network? Is there a GitLab service that helps building the connection between the instances?

      Thank you very much in advance.

      Sincerely, Lennart

      Author's profile photo Nils Knieling
      Nils Knieling
      Blog Post Author

      Hi Lennart,

      yes, we deploy HTML5 apps as MTA. We use The Gitlab Runner is installed in the local network. It establishes a connection to via the Internet and waits for commands.

      You can find more information here:

      We use this Docker Image:

      Best regards


      Author's profile photo Mustafa Bensan
      Mustafa Bensan

      Hi Nils,

      Thanks for sharing your experiences on a very relevant scenario.  I would very much appreciate your feedback on the following related questions:

      1.  Do you have any plans to move your solution to the Cloud Foundry Portal Service to align with SAP’s product roadmap of a Central Entry Point / Central Fiori Launchpad, as mentioned in this blog?

      2.  What was the reason for choosing to connect to your backend systems via SCP OData Provisioning service instead of the on-premise NetWeaver Gateway?

      3.  I notice you have included SAP BW as one of the back-end systems in the solution diagram.  Does this mean you are exposing BW BEx Queries as OData services for consumption by custom analytical UI5/Fiori apps deployed on your SCP Fiori Launchpad?

      4.  What is your strategy about what apps will be made available for consumption via the SCP Fiori Launchpad versus the apps currently consumed via SAP GUI and SAP NetWeaver Portal?  Have you now moved all of your ESS and MSS apps from SAP NetWeaver Portal to the SCP Fiori Launchpad?

      5.  Have you made any progress with integrating SAP Analytics Cloud with SCP Fiori Launchpad?