Technical Articles
Inbound Email integration from O365 to SAP S4 via SAP CPI
This blog is an overview on flow and the high-level setup involved in Inbound Email integration from O365 to SAP via SAP CPI.
High-level flow –
The email ids on which incoming mails reach SAP system are to be identified and setup in O365 in customer’s domain. SAP CPI polls these mailboxes at set polling interval for new mails and whenever there is one, it is picked and forwarded to the configured backend system. SAP S4 has to be configured to receive mails.
For this flow to function, SAP CPI has to be
- integrated with Outlook to be able to read content of these mailboxes when authenticated via OAuth2 on IMAPS protocol
- integrated with backend SAP S4 system via Cloud Connector on SMTP protocol to forward the mails fetched from O365 on nominated mailboxes
Design – Inbound email integration
Setup in O365 –
The mailboxes for incoming mails to SAP S4 have to be setup in O365. This can also be one or more shared mailboxes. Mails from external mail servers are sent to these mailboxes.
Setup in Azure AD –
Setup a user with subscription to O365. If you have shared mailboxes, assign them to this user. The user as well as the shared mailboxes must be IMAP enabled.
In simple terms, OAuth 2.0 is a type of authorization flow with different grant types; and grant type is the way in which an application gets access. You are allowed to connect to O365 via OAuth2 with authorization code grant type.
Register a new application in Azure AD with the Redirect URI of your CPI tenant. The authorization token generated by this app must be configured to be consumed by the user created in the prior step.
The application should be granted permissions either of these ways –
- Admin consents permissions to the application or
- A user grants consent to the application or
- Add delegated permissions between the account and the Azure application via Graph API – offline_access, SMTP.Send, IMAP.AccessAsUser.All
Configuration in SAP CPI –
In SAP CPI,
- Create OAuth2 Authorization code credential
- An iflow has to be configured with –
- Sender Mail Adapter to pickup mails from O365 – outlook.office365.com on IMAPS with OAuth2 Authorization Code; select Outlook folder from where mails have to be picked & polling interval
- Receiver Mail Adapter to send mails to SAP S4 – with address of virtual host & port as defined on SAP Cloud Connector on SMTP protocol
Configuration in SAP Cloud connector (SCC) –
In the SAP Integration Suite sub-account, create a destination for the backend system of type TCP on SMTP port. If you have multiple application servers, you can use a load balancer between SCC & SAP S4 that is capable of balancing SMTP traffic based on health and load of the application server. Note that Web dispatcher is not an option for SMTP load balancing.
Configuration on SAP S4 –
Setup profile parameters.
Enable the SICF node SAPConnect & provide a system user credentials in Access & Control.
Conclusion –
Overall, this method of integration for inbound emails is more transparent to SAP consultants with routing rules and flow defined in SAP CPI & SAP Cloud Connector. I have referenced pages & blogs that have screenshots and detailed configuration steps. You can post any questions in the comments section.
References –
https://launchpad.support.sap.com/#/notes/455140
https://blogs.sap.com/2020/08/20/cloud-intgration-connect-to-microsoft-365-mail-with-oauth2/
Amazing article Sowmya and very descriptive. Thank you..!!!.
Hi , Do you have some scree shots for the above steps to how to set up? IT would be great.
Regards,
Sri
Hello,
Regarding to the section
Configuration on SAP S4 –
Setup profile parameters.
Enable the SICF node SAPConnect & provide a system user credentials in Access & Control.
I've followed the Note https://launchpad.support.sap.com/#/notes/455140
How Can you see the Inbound Mailing In S4 ?
What Is the Mailing Server? Is it Cloud Connector? 365? BTP? CPI?
after Configuring the connection Between CPI to BTP to Cloud Connector.
Regards
You can check inbound mails in tcode SOIN
What do you mean by Mailing server?
Dear Sowmya
Thank you for Replying my question
when i check the SOIN T-Code It shows nothing.
on T-code SCOT i'm supposed to configure the Inbound / Outbound mailing server
im using Microsoft 365 Mailing Services in this case,
however, the BTP CPI Integration Flow is configured to Receive the Inbound Mails by Pulling them with Microsoft Graph API through OAuth 2,
do i need to configure Anything on the SCOT Tcode On my S4 system?
how can the S4 system Receive Inbound messaging?
who is my Inbound mailing server in SCOT? is it the Cloud Connector? BTP CPI? or Microsoft 365?
or should i leave it blank?
Regards
Yonatan.
Did you enable SAPconnect node and maintain credentials?
Please breakdown what is working and what is not to check.
I have not maintained any inbound mailing server in SCOT.
You can add email ids in SCOT -> Settings -> Inbound messages -> Inbound Processing, but not mandatory.
Dear Sowmya
My Issue has resolved
The Location ID had to be Filed along with the Address on the Integration Process Flow to the Receiver, On-Prem with SMTP Port.
thanks you for your Help
Yonatan
Hi Sowmya Dutta Burra
Thanks for the article.
You mentioned "use a load balancer between SCC & SAP S4 that is capable of balancing SMTP traffic based on health and load of the application server.".
Have you, or do you know anyone, that has used a LB to SMTP service on ABAP app servers?
If so, what type of LB (Layer 4 or 7), and were there any special considerations for this LB solution?
Best Regards
Dave
Hi Dave,
We are using AWS Network load balancer and it works seamlessly for routing SMTP requests to app servers.
Thanks,
Sowmya
Hi Sowmya ,
Thanks for the blog on inbound Email integration from O365 , it is really helpful to understand the new technology.
We need to configure inbound email channel for our vendors and We are using Suite on HANA ( ECC EHP8 on NW 750) on premise.
Our Exchange Server recently move to Cloud with Exchange online and for incoming email to SAP ECC, Exchange team don't want to create a sub domain following SAP note -455140 - Configuration of e-mail, fax, paging/SMS via SMTP. Our company security team still did not approve BTP.
I am just wondering if we can use OAuth2 on IMAPS using SAP Cloud connector and SAP CPI without BTP. Is it possible to use SAP Cloud connector with Azure Cloud where Exchange online is hosted ?
Your reply will be appreciated , Thanks
Al Mamun
Hi Al Mamun,
You can use OAuth2 on IMAPS using SAP cloud connector and SAP CPI.
Thanks,
Sowmya
Hi experts,
It's possible to configure the flow from O365 (outlook.office356.com:993)<->SAP Cloud connector directly without SAP SCPI?
Regards,
Joao Paulo Reis