Edit

Share via

Extend an SAP landing zone to support Microsoft Power Platform

  • Article

This article is part of the SAP and Power Platform article series:

When you integrate SAP systems with Microsoft Power Platform, the actions you take depend on your use cases and the connector that you use. Each connector has unique technical requirements that you need to address.

This article outlines integration options and provides links to implementation guides that can help you establish the connections and technical setup required for each scenario. Based on your organization's needs and use cases, you can select and implement the appropriate components to extend your SAP environment by using Microsoft Power Platform.

Architecture

Depending on your scenario for using Microsoft Power Platform with SAP, you might need to deploy a middleware component.

Diagram that shows an architecture diagram of Power Platform integration with a typical SAP landing zone.

Download a Visio file of this architecture.

Prerequisites

Before you begin, ensure that you have:

  • Administrative access to your SAP systems and Azure subscription.
  • The necessary licenses for Microsoft Power Platform components. Consider using trial licenses for pilot projects.
  • An understanding of your network infrastructure, including firewalls and virtual networks.
  • An existing SAP landing zone to extend.

Integration options

SAP GUI–based RPA in Power Automate for desktop

When you're looking for ways to automate frequent, mundane, and rule-based tasks, follow the SAP GUI automation patterns and best practices described here and in subsequent articles:

Reporting and analytics with Power BI on SAP HANA Business Warehouse

If you want to implement real-time analytics, dynamic data visualization, and timely decision making on SAP Business Warehouse (BW), see Power Query SAP Business Warehouse Application Server connector.

To use the SAP BW Message Server connector in Power BI, you need to install SAP .NET Connector. For more information, see Power Query SAP Business Warehouse Message Server connector.

Reporting and analytics with Power BI on SAP HANA

If you want to implement real-time analytics, dynamic data visualization, and timely decision making on SAP HANA systems, see Power Query SAP HANA database connector.

Note

Access to the SAP HANA database ports from your desktop might not always be permitted. You might need to configure firewall rules to enable this access.

Custom applications and copilots that use connectors

When you create apps, copilots, web pages, or automation by using the SAP ERP or SAP OData connector, you need to establish the appropriate network connectivity. The specific configuration varies depending on the connector you use and the location of your SAP systems.

Note

In a RISE with SAP context, where SAP systems are hosted on Azure and managed by SAP AG, required middleware components like the firewall, the on-premises data gateway, and Azure API Management are installed in your Azure subscription, and the RISE with SAP network is peered with your Azure virtual network.

To learn how to establish network connectivity of your Azure subscription with the networks in the scope of RISE with SAP, see Integrating Azure with SAP RISE managed workloads.

SAP ERP connector

This connector requires an on-premises data gateway: a locally installed Windows client application that serves as a bridge between your local on-premises data sources and services in the Microsoft cloud. It provides quick, high-security data transfer and requires no inbound ports to your network. It only needs outbound ports to reach the Azure web service to which the gateway connects.

  • The on-premises gateway should be installed on a Windows VM in close proximity to the SAP system and positioned behind a firewall, as illustrated in the architecture diagram.
  • Segment on-premises data gateways for nonproduction and production SAP environments.
  • Consider combining on-premises data gateways for nonproduction environments.
  • For business-critical use cases on production environments, consider implementing two on-premises data gateways for redundancy.
  • To learn how to set up this configuration, see On-premises and virtual network data gateways documentation.

For more information, see SAP ERP connectors.

Note

In a RISE with SAP context, the on-premises data gateway is installed within your Azure subscription and connects to the RISE with SAP environment via network peering. If your SAP systems are still running on-premises, the gateway must be installed in your on-premises environment.

SAP OData connector

Unlike the SAP ERP connector, the SAP OData connector opens communication through an HTTP/S-based protocol. A connection is triggered from the connector in Microsoft Power Platform.

For more information, see SAP OData connectors.

At a minimum, you need to configure your firewalls to allow communication between the public IPs of Microsoft Power Platform and your SAP system. Doing so ensures the necessary functionality for integration.

For production workloads, we recommend that you include API management, which enables single sign-on (SSO) and other helpful features. For more details, see the next section.

Note

In a RISE with SAP context, you can use the SAP API management service on the SAP Business Technology Platform.

Set up SSO

In addition to basic, anonymous, and API key authentication, the SAP OData connector now supports SSO (currently in preview), through Azure API Management. It enables SAP principal propagation with SAP services like SAP Gateway, S/4HANA Cloud, RISE, and many more by using Microsoft Entra ID (formerly Azure Active Directory) as the identity provider. With this approach, users of your low-code solutions that span the Microsoft and SAP ecosystem are mapped from their Microsoft Entra ID identities to their named SAP back-end users. SAP authorizations are fully retained.

Diagram that shows Microsoft Power Platform integration with SSO.

To learn more about the options for using SSO, see these resources:

Next step

Innovate with SAP and Azure