# Connect to SAP OData
The SAP OData connector runs in all SAP On-Premise systems supporting OData under SAP Business Suite, SAP S/4HANA Cloud, Private Edition and SAP S/4HANA Cloud, Public Edition. You can deploy an on-prem agent within the same subnet domain in cases in which the SAP system is behind a firewall.
CONNECT TO SAP ON-PREMISE SYSTEMS
Complete the following steps to connect to the SAP On-premise system through On-prem agent:
Navigate to the OPA installation file structure that allows you to grant agent access to HTTP resources.
Navigate to the config directory and configure your config.yml file.
For development environments, you can test your connection by maintaining the following entry in the config.yml file located in the OPA installation directory conf folder:
http:
trustAll: true
verifyHost: false
However, if you want to connect to the SAP on-premise systems without an on-prem agent, then you can allow traffic from Workato by whitelisting these IP addresses (opens new window) for HTTPS port (maintained in SMICM transaction code in SAP application or SAP Web dispatcher port if you use it for exposing HTTPS calls) in the inbound rules of the SAP server's firewall.
# Supported authentication
SAP OData connector supports following authentication types:
- Basic Authentication: supported by SAP On-Premise Business Suite applications, SAP S/4HANA Cloud Private Edition and SAP S/4HANA Cloud Public Edition.
- Client Certificate Authentication: supported by SAP S/4HANA Cloud, Public Edition.
- OAuth 2.0 Authentication: supported by SAP On-Premise Business Suite applications and SAP S/4HANA Cloud, Private Edition.
- OAuth BTP Authentication: supported by SAP S/4HANA Cloud, Public Edition.
# Minimum permissions required
The following permissions are required to establish a basic connection:
SAP On-Premise Business suite applications and SAP S/4HANA Cloud, Private Edition
The following authorizations are required to establish a basic connection:
| Authorization Object | Activity (ACTVT) |
|---|---|
| S_USER_GRP | 03 |
| Authorization Object | SRV_NAME | SRV_TYPE |
|---|---|---|
| S_SERVICE | [Service ID as captured in transaction code ST01] | [Service Type as captured in transaction code ST01 ] |
Additional authorization required for OAuth2 connection:
| Authorization Object | Activity (ACTVT) |
|---|---|
| /IWFND/ADM | 03 |
| Authorization Object | OA2_CLIENT | OA2_SCOPE |
|---|---|---|
| S_SCOPE | [OAuth 2.0 Client ID created in transaction code SOAUTH2] | [OAuth 2.0 Scope ID assigned to the Client ID. For example: /IWFND/SG_MED_CATALOG_0002] |
SAP S/4HANA Cloud, Public Edition
Ensure that you set up Communication Management (opens new window) in your SAP S/4HANA Public Cloud instance to provide access to specific services to which you plan to connect. Refer to the SAP S/4HANA official documentation (opens new window) to check the relevant Communication Scenario to which the OData service is associated.
Last updated: 10/17/2024, 2:01:21 AM