Skip to Content
Technical Articles
Author's profile photo Raphael WALTER

S/4HANA iDoc integration with SCP Integration Suite

Very recently a customer wanted me to demonstrate the full integration of iDocs coming from S/4HANA with other systems, using the SCP Integration Suite.

In this post, I will show you how to configure your S/4HANA system and create an integration flow in SCPI to perform this. The integration flow I will create will be very simple, getting an iDoc from a S/4HANA system of Master Data Customer information, using DEBMAS, and I will push this data on a SFTP system hosted in Google Cloud.

First, let’s configure our S/4HANA system. We need to define the SCPI logical system. We’ll use transaction BD54 and simply define it here.

Next we will go in transaction SALE to create a distribution model and message type.

First create the model, then create a message type.

For the message type, the model view will be the one we just created, the sender will be our S/4HANA system, the receiver will be our SCPI logical system that we just created in BD54 and the message type will be the one I decided to use in this demo – DEBMAS.

Now we need to define the trust between our S/4HANA system and our SCPI system. For that will import our certificates. Go to your SCPI system. Click on the certificates and export the 3 levels of certificates using Base-64 encoding to files.

You now have the three certificates, ROOT, CA and HCI certificates. Go back to your S/4HANA system and launch STRUST transaction.

Click on SSL Client Anonymous, import the 3 certificates, one by one and each add them to the certificate list.

Now we can configure our RFC Connection to SCPI with transaction SM59, create a new one in HTTP Connections to External Server.

In the technical Settings, we will give information about our SCPI host, the port will be 443 for HTTPS and the prefix will be whatever you will need for your iDoc, in my case, I am using DEBMAS so I used this : /cxf/debmas05.

You will also define this in SCPI, so exactly use the same deploy URL.

In the Logon & Security Tab, define your authentication method and also select anonymous SSL for secure protocol :

You could test you connection here, but since we didn’t create the Integration flow, we will do that afterwards.

Next we need to create the Port for our iDoc processing, we will use transaction WE21, click on XML HTTP and create a new port. Use the settings in the following screenshot.

Hold on, we’re nearly there! 🙂

Now we need to create a partner profile, for that use transaction WE20, click on Type LS and create a new profile. Give it a name. Define an agent and then add an Outbound Message by clicking the add button for outbound parameter.

Choose the message type, for me it is DEBMAS, choose to pass the iDoc immediately and define the iDoc basic type, here I am using debmas05

Now that’s it for all the configuration on the S/4HANA part! Well done! 🙂

Heading to SCPI for designing the integration flow, we’ll do something very basic. I’ll just get the iDoc for S/4HANA, add some information and save it back to my SFTP server in Google Cloud.

Remember when we defined the path prefix in SM59 RFC destination, here I entered just the last part, the cxf will be added automatically. I also won’t go into the details of how I set up the SFTP part. Now I can deploy this Integration flow. Once it is done, I could also go back to SM59 to test the connection but I’ll test the whole thing but sending an iDoc directly.

Going back to my S/4HANA system, I will use transaction BD12. Select the customer information you want to send, choose DEBMAS for the output type and as a target, the Logical System we defined at the very first!

You’re ready to EXECUTE! ^_^

You should see the following :

Going to SCPI to see if everything went fine, we head into the Message monitor.

The message was correctly processed.

You could also verify that by using transaction WE05 in the S/4HANA system.

If we check our destination SFTP system.

The iDoc was sent to our SFTP system.

Hope this blog was helpful. Don’t hesitate to drop a comment.

All the best.

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Basanth Swain
      Basanth Swain

      Nice to know. Very helpful. Thanks For writing this Raphael

      Author's profile photo Raphael WALTER
      Raphael WALTER
      Blog Post Author

      You're welcome, my pleasure, and thank you for leaving a comment Basanth. 🙂

      Author's profile photo Jelena Perfiljeva
      Jelena Perfiljeva

      Thanks for sharing, Raphael! It's good to know that not much (if anything at all?) changed in the basic IDoc interface configuration compared to ECC. 🙂

      Author's profile photo Raphael WALTER
      Raphael WALTER
      Blog Post Author

      Hello Jelena,

      Thank you for your comment. Yes, it's pretty much the same! 🙂

      All the best and stay safe.

      Author's profile photo Shreya Dhumal
      Shreya Dhumal

      Wonderful blog Raphael. Thanks for sharing this! 🙂

      Author's profile photo Raphael WALTER
      Raphael WALTER
      Blog Post Author

      You're welcome Shreya, I'm glad you liked it's content. 🙂

      All the best

      Author's profile photo Metin Akkus
      Metin Akkus

      Hello Raphaël,

      thank you for your detailed blog.
      I have a general question to this scenario.
      If the S/4HANA system is located in on-premise landscape, is the IDoc send directly to SAP Integration Suite (SAP IS) or is the IDoc send via SAP Cloud Connector to SAP IS?

      Basically, this question is regarding all S/4HANA outbound interfaces which must be implemented using SAP IS.

      Thank you very much in advance for your answer.

      Author's profile photo Longjie Jin
      Longjie Jin

      Hi Raphael .

      Very nice blog and thanks for your sharing .

      I have configured same as you scenario on S4 HANA and SAP integration suite for testing perspective, and I have one doubt about SM59 configuration for basic  authentication setting.

      is that user id and password are same as SAP BTP user id ? Because I get 401Unauthorized error when I triggering IDOC from S4 HANA . do I need any of further authorization setting on SAP integration Suit ?

      thanks advance for your help .








      Author's profile photo Ruediger Fritz
      Ruediger Fritz

      +1 - same problem on my side and I also have no idea what to change

      Author's profile photo Philipp Gehlhaar
      Philipp Gehlhaar

      Hi Longjie,

      I don't know if this is applicable to your setup but we authenticate like this:

      In your BTP subaccount that contains the Integration Suite go to "Instances and Subscriptions" and select your Instance (e.g. we have created a 'Dev' instance). There you can create a service key of type "ClientId/Secret". After creation of the service key you use the url as the host in SM59 (without the https:// at the beginning), the clientid as your user and the clientsecret as your password for basic authentication.

      Also be sure that your S/4HANA OnPremise system can resolve the host url and connect through the cloud connector to the Integration Suite.


      I hope this helps resolve your problem.

      Kind regards,


      Author's profile photo Suman Saha
      Suman Saha

      Hi Rafael,

      Thank you for your wonderful blog.

      So, for each IDoc message type, we need to create separate RFC destination, Port and Logical system?


      Suman Saha

      Author's profile photo Ravi Kanamala
      Ravi Kanamala



      I am confused with logical clients created in the above document, we have a scenario where we need to configure inbound and outbound for s4hana and CPI.


      I am stuck at logical client creation since our CPI subaccount doesn't have logical client, is this something i can create dummy one and create logical port in we21? this is our fist config on s4 systems.

      appreciate your help



      Author's profile photo Juergen Limbach
      Juergen Limbach


      thanks for sharing this. I do have the same / a very similar requirement (sending ORDERS02 via xml to BTP) but with an addition that I will have to authenticate using oAUTH.

      Basically I was provided with two end point

      1. authentication to get token
      2. send data

      I set up two destination in SM59 to basically test connectivity (firewall, certificates...) - connection seems okay,

      Unfortunately I do not see any solution to call two URLs when sending the iDoc. Is there any standard to implement this or do I need to set up a custom report


      1. Create iDoc with status 01 / 30 using standard settings
      2. Process idoc in Z report
        1. Get Token
        2. Send iDoc