Skip to Content
Technical Articles
Author's profile photo Yonatan Samuel

Setting Up Cloud Connector with BTP Integration over OAuth2 Authorization Code for Inbound Email processing via Microsoft 365 to SAP System

In my latest Project I had to connect Microsoft 365 Mailbox to SAP System, As an On-Prem Mailing server wasn’t available for me as a solution.

Many Companies migrate their mailing system to cloud based with a variety of solutions.

In order to achieve inbound mailing to SAP systems I’m going to break it down to the necessary actions needed to be done

  1. Have a mailbox that you want to get inbound messages to SAP system.
  2. Create an API on Microsoft Azure Active Directory with OAuth2 Authorization Code Credential.
  3. Register to SAP BTP
  4. Create integration on CPI service on SAP BTP integration suite
  5. Install and configure Cloud Connector On-Prem
  6. Transfer mail to SAP system

At first you should decide on a mailbox that you wish to Receive Inbound messaging to you SAP system and you can login to that mailbox using https://outlook.office365.com/mail/

Let me recommend on this Blog written by Franz Forsthofer

https://blogs.sap.com/2023/02/18/cloud-integration-send-mail-via-microsoft-graph-api-with-oauth-2.0-authorization-code/

and

https://blogs.sap.com/2020/08/20/cloud-intgration-connect-to-microsoft-365-mail-with-oauth2/

follow Franz Forsthofer instructions on how to create it on Azure Cloud Services.

important note is to determine the Redirect URL which is configured during the creation of the secret credential on the Security Material Section on the Integration suite – CPI access from the BTP Cockpit, so you must create your API on Azure alongside the creation of the Security Material.

Integration%20Suite

Integration Suite

Once you get Authorized – the security material is ready to use and the name will be used for future configuration in the integration process.

Note that the scope option is very important and must be written as shown in the picture.

User name will be the mailbox that is in use.

Authorization URL, Token Service URL, Client ID a Client Secret is provided during the creation on the API in Microsoft Azure Active Directory.

Security%20Material

Security Material

Regarding the permission to the API – the only permission needed is marked here:

API%20Permissions

API Permissions

After filling all of the necessary information, an authorization will be prompt to log in to the dedicated mailbox, after approving the authorization on Microsoft 365 Administration the status Deployed on CPI Security Material.

Deployed%20Status

Deployed Status

Installing Cloud Connector:

in this blog you can find the installation instruction, Prerequisites and downloads that are necessary to install cloud connector

https://blogs.sap.com/2015/07/13/cloud-connector-a-brief-guide-for-beginners/

I was using Windows based Cloud connector. however, I’ve also installed it on a Linux Suse and the installation and configuration was almost the same.

Here is an example for a windows installation:

Windows%20Prerequisites%20Example

Windows Prerequisites Example

Here is the download link for the Cloud Connector Installation:

https://tools.hana.ondemand.com/#cloud

Cloud%20Section%20on%20Development%20Downloads

Cloud Section on Development Downloads

SAP JVM is also necessary

SAP%20JVM%20For%20Windows

SAP JVM For Windows

And

Visual C++ Redistributable Packages for Visual Studio 2013 that matches the server architecture

Important note –

After installing the cloud connector, you must open Firewall access from cloud connector to AWS/Azure that is used and configured on the Tenant creation on SAP BTP cockpit.

That can be achieved by monitoring the traffic via your company’s Firewall depending on which Cloud Services the BTP Service is connected to.

Currently the Cloud options are Amazon Web Services (AWS), Microsoft Azure, Google Cloud, and Alibaba Cloud.

After installing Cloud Connector and Changing the First Administrator Password, we need to connect BTP Tenant to the cloud connector by adding the subaccount name to the cloud connector, the email and password and cloud provider.

You can find more information in this Blog

https://blogs.sap.com/2019/03/27/how-to-guide-connectivity-setup-with-abap-and-sap-cloud-connector/

and here

https://blogs.sap.com/2018/11/12/how-to-setup-cloud-connection/

https://blogs.sap.com/2022/03/04/cloud-integration-sending-email-from-microsoft-365-to-sap-backend-in-private-network-using-sap-cloud-connector/

By Peter UrbanekYury HotsmanCarlos Delgado And Sowmya Dutta Burra

https://blogs.sap.com/2023/02/26/inbound-email-integration-from-o365-to-sap-s4-via-sap-cpi/

BTP%20Cockpit%20Overview

BTP Cockpit Overview

 

Cloud%20Connector%20Starting%20Screen

Cloud Connector Starting Screen

BTP%20Cockpit%20Overview%20after%20connecting%20the%20Cloud%20Connector%20to%20BTP%20Tenant

BTP Cockpit Overview after connecting the Cloud Connector to BTP Tenant

After connecting your cloud connector to your BTP Tenant you can find it under connectivity à Cloud Connectors.

Add Destination to your Cloud Connector specify the SMTP Port Preconfigured on the On-Prem Cloud Connector:

BTP%20Cockpit%20Destination%20Information

BTP Cockpit Destination Information

Connection Check can verify that the connection to the On-Prem Cloud Connector works.

The next step in to create Integration Process using the Destination And the security material that configured in the previous steps

The Integration Process for Inbound Mailing to SAP System should be configured as shown here

Integration%20Workflow

Integration Workflow

Runtime%20Configurations

Runtime Configurations

The allowed header field can be modified according to the Integration Process you wish to apply

In this situation only the from and subject field are being processed, however you can add “to” field and it can be very useful

Sender%20Inbound%20Connection

Sender Inbound Connection

Processing%20Fields

Processing Fields

The processing can be modified to specific Folder with selection of Unread mails or all mails,

And the post processing is the behaviour of the mailbox after transferring the email to the SAP System, I recommend on configuring only new messages from the inbox and mark as read.

Scheduler

Scheduler

The scheduler is the behaviour of the Pull Process that can be modified according to your project

I recommend on pulling every 10 Seconds on a daily basis so that the Mailing processing can be accurate and updated all the time.

On the receiver side the connection should be configured as your SAP system configured in the cloud connector and the location ID is the Destination created in the BTP Cockpit in the earlier steps of this blog

Receiver%20Connection%20Configuration

Receiver Connection Options

The processing step is the allowed headers from the Sender Configuration step

Receiver%20Processing%20Options

Receiver Processing Options

Finally save the configuration, deploy the process and return to the integration suite to monitor the Pulling Process.

CPI%20Integration%20Suit

CPI Integration Suit

Once the status changes to started. Integration content information will be shown about the process and can be monitored.

Processing%20Status

Processing Status

Regarding the configuration on SAP Application

SMTP port should be activated and configured as a Service Shown on T-Code SMICM on SAP System.

SMICM%20on%20SAP%20Application

SMICM on SAP Application

That can be Achieved by adding it to the System Profile

icm/server_port_<*> = PROT=SMTP,PORT=<port>

is/SMTP/virt_host_<*>

and activating the SAPConnect Service on SICF T-Code

SICF%20on%20SAP%20Application

SICF on SAP Application

All of the information regarding SAP Application configuration are provided in this note

https://launchpad.support.sap.com/#/notes/455140

On T-Code SOIN the Inbound mails can be monitored and shown.

 

I hope that this article can simplify the process of retrieving inbound mailing system to SAP system after Migrating the company mailing system to Microsoft Cloud.

Assigned Tags

      Be the first to leave a comment
      You must be Logged on to comment or reply to a post.