SAP Cloud Integration

SAP BTP: SAP Cloud Integration Prerequisites

To allow the cloud service to be configured, the following prerequisites must be done in SAP BTP by an administrator.

  1. If one does not exist already, create a service instance in the chosen subaccount of type Process Integration Runtime with plan api. Ensure that the correct roles are assigned:

    1. for the Neo environment:



      • NodeManager.readsecuritycontent


    2. for Cloud Foundry:

      • DataStoresAndQueuesRead

      • MonitoringDataRead

      • SecurityMaterialDownload

  2. An OAuth authentication service is required to be configured and activated. This is done following the SAP documentation and depends on whether you use the Neo or Cloud Foundry environments.

    It is recommended to use the OAuth Client Credentials Grant option. The created service key will have the details required for calling the OAuth service and the API.

OAuth2 Client Credentials

Create SAP Cloud Integration cloud service in Avantra

  1. The next step is to create a cloud service for SAP Cloud Integration. To do so, select Systems ⇒ Cloud Services and click New. The New Cloud Service dialog is displayed. From the Service Type drop-down list, select SAP Cloud Integration and fill in the rest of the parameters. Click New to create the SAP Cloud Integration service.

    New Cloud Service Dialog

    Double-click the newly created service to open its Properties panel, where you can set up a connection to the SCI.

    It is important to ensure that the correct Cloud Environment is selected and the URL is populated with the tenant management node URL. Without these two pieces of information, Avantra cannot communicate with the SAP Cloud Integration. We’ll complete our example with a Cloud Foundry environment.

    Cloud Environment for Cloud Foundry

    Enter the required details and Save the properties, but do not activate Monitoring yet.

  2. Select the Credentials tab and tick the OAuth credentials, select OAuth (Client Credentials), then edit.

    SAP SCI OAuth

    Populate the credentials fields with the data from the service key.

    OAuth Credentials Dialog

    Press OK and click Apply (Save) the credentials.

    Modification Confirmation
  3. Activate the monitoring via the Monitoring switch and allow time for the check cycles to run, and the checks will be displayed.

    The four checks are implemented automatically once the service has been saved. These checks are:

    • CPI_MessageLogs: View details of all failed messages over a period of time where the statuses are ESCALATED or FAILED

    • CPI_KeystoreExpiration: View any certificates that are due to expire within the next 120 days

    • CPI_JMSMessageQueues: This check displays the SCI JMS message queues so their status can be monitored in Avantra

      If you do not have JMS Message Queues activated, then disable this check
    • CPI_CertificateUserMappingExpiration (only for SAP Neo): View any certificates that are due to expire within the next 120 days.