Setting Up Cloud Connector with BTP Integration over OAuth2 Authorization Code for Inbound Email processing via Microsoft 365 to SAP System
In my latest Project I had to connect Microsoft 365 Mailbox to SAP System, As an On-Prem Mailing server wasn’t available for me as a solution.
Many Companies migrate their mailing system to cloud based with a variety of solutions.
In order to achieve inbound mailing to SAP systems I’m going to break it down to the necessary actions needed to be done
- Have a mailbox that you want to get inbound messages to SAP system.
- Create an API on Microsoft Azure Active Directory with OAuth2 Authorization Code Credential.
- Register to SAP BTP
- Install and configure Cloud Connector On-Prem
- Create integration on CPI service on SAP BTP integration suite
- Transfer mail to SAP system
Step 1 –
At first you should decide on a mailbox that you wish to Receive Inbound messaging to you SAP system and you can login to that mailbox using https://outlook.office365.com/mail/
Step 2 –
Let me recommend on this Blog written by Franz Forsthofer
follow Franz Forsthofer instructions on how to create it on Azure Cloud Services.
important note is to determine the Redirect URL which is configured during the creation of the secret credential on the Security Material Section on the Integration suite – CPI access from the BTP Cockpit, so you must create your API on Azure alongside the creation of the Security Material.
Step 3 –
You Have to register to SAP BTP using – see this link on how Get a Free Account on SAP BTP Trial
To enter the BTP Cockpit Integration Suite go to your BTP Account, Services, Service Marketplace, Integration Suite, Go to application
Enter The Security Material And Create New
Once you get Authorized – the security material is ready to use and the name will be used for future configuration in the integration process.
Note that the scope option is very important and must be written as shown in the picture.
User name will be the mailbox that is in use.
Authorization URL, Token Service URL, Client ID a Client Secret is provided during the creation on the API in Microsoft Azure Active Directory.
Regarding the permission to the API – the only permission needed is marked here:
After filling all of the necessary information, an authorization will be prompt to log in to the dedicated mailbox, after approving the authorization on Microsoft 365 Administration the status Deployed on CPI Security Material.
Step 4 –
Installing Cloud Connector:
in this blog you can find the installation instruction, Prerequisites and downloads that are necessary to install cloud connector
I was using Windows based Cloud connector. however, I’ve also installed it on a Linux Suse and the installation and configuration was almost the same.
Here is an example for a windows installation:
Here is the download link for the Cloud Connector Installation:
SAP JVM is also necessary
Visual C++ Redistributable Packages for Visual Studio 2013 that matches the server architecture
Important note –
After installing the cloud connector, you must open Firewall access from cloud connector to AWS/Azure that is used and configured on the Tenant creation on SAP BTP cockpit.
That can be achieved by monitoring the traffic via your company’s Firewall depending on which Cloud Services the BTP Service is connected to.
Currently the Cloud options are Amazon Web Services (AWS), Microsoft Azure, Google Cloud, and Alibaba Cloud.
After installing Cloud Connector and Changing the First Administrator Password, we need to connect BTP Tenant to the cloud connector by adding the subaccount name to the cloud connector, the email and password and cloud provider.
You can find more information in this Blog
Cloud Connector With URL Configurations
you can see the URL on BTP Cockpit
After connecting your cloud connector to your BTP Tenant you can find it under connectivity à Cloud Connectors.
Add Destination to your Cloud Connector specify the SMTP Port Preconfigured on the On-Prem Cloud Connector:
Connection Check can verify that the connection to the On-Prem Cloud Connector works.
Step 5 –
The next step in to create Integration Process using the Destination And the security material that configured in the previous steps
The Integration Process for Inbound Mailing to SAP System should be configured as shown here
Create New Integration Flow
The allowed header field can be modified according to the Integration Process you wish to apply
In this situation only the from and subject field are being processed, however you can add “to” field and it can be very useful
The processing can be modified to specific Folder with selection of Unread mails or all mails,
And the post processing is the behaviour of the mailbox after transferring the email to the SAP System, I recommend on configuring only new messages from the inbox and mark as read.
The scheduler is the behaviour of the Pull Process that can be modified according to your project
I recommend on pulling every 10 Seconds on a daily basis so that the Mailing processing can be accurate and updated all the time.
On the receiver side the connection should be configured as your SAP system configured in the cloud connector and the location ID is the Destination created in the BTP Cockpit in the earlier steps of this blog
The processing step is the allowed headers from the Sender Configuration step
Finally save the configuration, deploy the process and return to the integration suite to monitor the Pulling Process.
Once the status changes to started. Integration content information will be shown about the process and can be monitored.
Step 6 –
Regarding the configuration on SAP Application
SMTP port should be activated and configured as a Service Shown on T-Code SMICM on SAP System.
That can be Achieved by adding it to the System Profile
icm/server_port_<*> = PROT=SMTP,PORT=<port>
and activating the SAPConnect Service on SICF T-Code
All of the information regarding SAP Application configuration are provided in this note
On T-Code SOIN the Inbound mails can be monitored and shown.
I hope that this article can simplify the process of retrieving inbound mailing system to SAP system after Migrating the company mailing system to Microsoft Cloud.