This blog is an overview on flow and the high-level setup involved in Inbound Email integration from O365 to SAP via SAP CPI.
High-level flow –
The email ids on which incoming mails reach SAP system are to be identified and setup in O365 in customer’s domain. SAP CPI polls these mailboxes at set polling interval for new mails and whenever there is one, it is picked and forwarded to the configured backend system. SAP S4 has to be configured to receive mails.
For this flow to function, SAP CPI has to be
Setup in O365 –
The mailboxes for incoming mails to SAP S4 have to be setup in O365. This can also be one or more shared mailboxes. Mails from external mail servers are sent to these mailboxes.
Setup in Azure AD –
Setup a user with subscription to O365. If you have shared mailboxes, assign them to this user. The user as well as the shared mailboxes must be IMAP enabled.
In simple terms, OAuth 2.0 is a type of authorization flow with different grant types; and grant type is the way in which an application gets access. You are allowed to connect to O365 via OAuth2 with authorization code grant type.
Register a new application in Azure AD with the Redirect URI of your CPI tenant. The authorization token generated by this app must be configured to be consumed by the user created in the prior step.
The application should be granted permissions either of these ways -
Configuration in SAP CPI –
In SAP CPI,
Configuration in SAP Cloud connector (SCC) –
In the SAP Integration Suite sub-account, create a destination for the backend system of type TCP on SMTP port. If you have multiple application servers, you can use a load balancer between SCC & SAP S4 that is capable of balancing SMTP traffic based on health and load of the application server. Note that Web dispatcher is not an option for SMTP load balancing.
Configuration on SAP S4 –
Setup profile parameters.
Enable the SICF node SAPConnect & provide a system user credentials in Access & Control.
Conclusion –
Overall, this method of integration for inbound emails is more transparent to SAP consultants with routing rules and flow defined in SAP CPI & SAP Cloud Connector. I have referenced pages & blogs that have screenshots and detailed configuration steps. You can post any questions in the comments section.
References –
https://launchpad.support.sap.com/#/notes/455140
https://help.sap.com/docs/CLOUD_INTEGRATION/368c481cd6954bdfa5d0435479fd4eaf/f1145cc852ff476db659dc5...
https://blogs.sap.com/2022/03/04/cloud-integration-sending-email-from-microsoft-365-to-sap-backend-i...
https://blogs.sap.com/2020/08/20/cloud-intgration-connect-to-microsoft-365-mail-with-oauth2/
High-level flow –
The email ids on which incoming mails reach SAP system are to be identified and setup in O365 in customer’s domain. SAP CPI polls these mailboxes at set polling interval for new mails and whenever there is one, it is picked and forwarded to the configured backend system. SAP S4 has to be configured to receive mails.
For this flow to function, SAP CPI has to be
- integrated with Outlook to be able to read content of these mailboxes when authenticated via OAuth2 on IMAPS protocol
- integrated with backend SAP S4 system via Cloud Connector on SMTP protocol to forward the mails fetched from O365 on nominated mailboxes
Design - Inbound email integration
Setup in O365 –
The mailboxes for incoming mails to SAP S4 have to be setup in O365. This can also be one or more shared mailboxes. Mails from external mail servers are sent to these mailboxes.
Setup in Azure AD –
Setup a user with subscription to O365. If you have shared mailboxes, assign them to this user. The user as well as the shared mailboxes must be IMAP enabled.
In simple terms, OAuth 2.0 is a type of authorization flow with different grant types; and grant type is the way in which an application gets access. You are allowed to connect to O365 via OAuth2 with authorization code grant type.
Register a new application in Azure AD with the Redirect URI of your CPI tenant. The authorization token generated by this app must be configured to be consumed by the user created in the prior step.
The application should be granted permissions either of these ways -
- Admin consents permissions to the application or
- A user grants consent to the application or
- Add delegated permissions between the account and the Azure application via Graph API - offline_access, SMTP.Send, IMAP.AccessAsUser.All
Configuration in SAP CPI –
In SAP CPI,
- Create OAuth2 Authorization code credential
- An iflow has to be configured with –
- Sender Mail Adapter to pickup mails from O365 – outlook.office365.com on IMAPS with OAuth2 Authorization Code; select Outlook folder from where mails have to be picked & polling interval
- Receiver Mail Adapter to send mails to SAP S4 – with address of virtual host & port as defined on SAP Cloud Connector on SMTP protocol
Configuration in SAP Cloud connector (SCC) –
In the SAP Integration Suite sub-account, create a destination for the backend system of type TCP on SMTP port. If you have multiple application servers, you can use a load balancer between SCC & SAP S4 that is capable of balancing SMTP traffic based on health and load of the application server. Note that Web dispatcher is not an option for SMTP load balancing.
Configuration on SAP S4 –
Setup profile parameters.
Enable the SICF node SAPConnect & provide a system user credentials in Access & Control.
Conclusion –
Overall, this method of integration for inbound emails is more transparent to SAP consultants with routing rules and flow defined in SAP CPI & SAP Cloud Connector. I have referenced pages & blogs that have screenshots and detailed configuration steps. You can post any questions in the comments section.
References –
https://launchpad.support.sap.com/#/notes/455140
https://help.sap.com/docs/CLOUD_INTEGRATION/368c481cd6954bdfa5d0435479fd4eaf/f1145cc852ff476db659dc5...
https://blogs.sap.com/2022/03/04/cloud-integration-sending-email-from-microsoft-365-to-sap-backend-i...
https://blogs.sap.com/2020/08/20/cloud-intgration-connect-to-microsoft-365-mail-with-oauth2/
- SAP Managed Tags:
12 Comments
