Skip to Content
ServicesSAP Service Offerings OverviewSAP Cloud Integration
Service offering

SAP Cloud Integration

SAP Integration Suite is the strategic integration platform for every SAP cloud landscape — replacing SAP PI/PO and consolidating process integration, API management, event-driven architecture, B2B/EDI, and on-premise connectivity under one managed service on BTP. We design, develop, and operate Integration Suite landscapes that are secure, observable, and built to scale.

Cloud Integration (CPI)API ManagementAdvanced Event MeshEdge Integration CellOpen Connectors (170+)Integration AdvisorTrading Partner MgmtPI/PO MigrationCloud Connector (HA)IDoc · SOAP · OData · AS2
SAP Integration Suite — integration flow overview

SAP Integration Suite — Capability Map

SAP Integration Suite bundles seven integration capabilities under one BTP subscription. Together they replace dedicated middleware (SAP PI/PO), standalone API gateways, and bespoke B2B adapters — consolidating the entire integration landscape onto a single managed platform.

Cloud Integration
iFlow development · message mapping · routing · adapters · monitoring
API Management
API proxies · rate limiting · OAuth · developer portal · monetisation
Advanced Event Mesh
Pub/sub topics · AMQP · MQTT · event streaming · S/4HANA business events
Open Connectors
170+ pre-built connectors · Salesforce · ServiceNow · Workday · normalised API
Integration Advisor
ML-assisted mapping · MIG · MAG · B2B message standards
Trading Partner Mgmt
B2B/EDI · AS2 · AS4 · EDIFACT · ANSI X12 · partner onboarding

Platform Architecture

SAP Integration Suite mediates all message flows between source and target systems — cloud-to-cloud, cloud-to-on-premise, and on-premise-only. It runs as a managed multi-cloud service on BTP, with a static set of public IP addresses that simplify firewall allowlisting.

SAP Integration Suite — end-to-end connectivity architecture
Source Systems
SAP S/4HANA (Cloud & On-Premise)SAP SuccessFactorsSAP Ariba / ConcurThird-party SaaS (Salesforce, ServiceNow…)Trading partners (B2B/EDI)SFTP / File servers
↕ HTTPS (static IP) · Cloud Connector tunnel (on-premise) · AMQP / MQTT (events)
SAP Integration Suite (BTP Subaccount)
Cloud Integration — iFlow runtimeAPI Management — proxy & gatewayAdvanced Event Mesh — brokerOpen ConnectorsBTP Destination ServiceBTP Connectivity ServiceKeystore & credential managementEdge Integration Cell (EIC) ← on-premise runtime
↕ HTTPS / IDoc / SOAP / OData / RFC (via Cloud Connector)
Target Systems
SAP S/4HANA On-Premise (IDoc · BAPI · OData)SAP ECC (IDoc · RFC · SOAP)SAP BTP apps & CAP servicesThird-party cloud & SaaSGovernment / compliance endpointsSFTP / AS2 trading partners

iFlow Design — Message Processing Pipeline

An Integration Flow (iFlow) is the fundamental deployment unit in Cloud Integration. It defines the complete processing pipeline for a message — from the sender adapter that receives it, through transformation, routing, and enrichment steps, to the receiver adapter that delivers it.

Typical iFlow pipeline — synchronous request/reply
SenderHTTP · OData · IDoc · AS2
Start EventTrigger type
Content ModifierSet headers & properties
MappingXSLT · Graphical · Groovy
RouterCondition-based routing
End EventSend reply
ReceiverSOAP · OData · RFC · SFTP
Pattern — Synchronous
Request / Reply
The sender blocks and waits for a response. Used when the calling system needs an immediate result — e.g. an OData call from a Fiori app that requires data from a backend system in the same user session.
HTTP · OData · SOAP · RFC adapters in request-reply mode · synchronous exception handling
Pattern — Asynchronous
Fire and Forget / Store & Forward
The sender does not wait for a response. Messages are queued in JMS message queues for guaranteed delivery, with configurable retry and dead-letter handling. Used for IDoc replication, high-volume batch events, and decoupled system-to-system transfers.
JMS adapter · data store · IDoc adapter · retry with exponential back-off · dead letter queue
Pattern — Event-Driven
Publish / Subscribe via Advanced Event Mesh
S/4HANA publishes a business event (e.g. BusinessPartner.Created) to Advanced Event Mesh. Multiple subscribers — BTP CAP extensions, CPI iFlows, third-party systems — react independently and asynchronously without tight coupling.
Advanced Event Mesh · AMQP 1.0 · MQTT 3.1 · topic hierarchy · S/4HANA Business Event Handling
Pattern — Batch
Scheduled / Timer-Triggered Processing
An iFlow runs on a cron-like schedule, polls a source (SFTP, OData feed, database), splits the payload using a Splitter step, processes each item individually through exception subprocesses, and delivers results to the target system in bulk or individually.
Timer start event · SFTP / OData polling · Splitter · General Splitter · Gather · exception subprocess

Adapter Ecosystem

Cloud Integration ships with over 50 technology adapters covering SAP protocols, standard web service standards, file transfer, messaging, and B2B EDI. For third-party SaaS platforms, Open Connectors extends the ecosystem to 170+ pre-built connectors with a normalised REST API.

SAP Protocol Adapters
  • IDoc — SAP Intermediate Document (inbound & outbound)
  • RFC / BAPI — Remote Function Call to ABAP systems
  • OData V2 / V4 — SAP OData services (S/4HANA, BTP)
  • SOAP — SAP web services (ABAP, PI/PO interfaces)
  • SuccessFactors — SFAPI & OData for HCM payloads
  • Ariba — cXML & Ariba Network connectivity
  • Concur — SAP Concur REST APIs
  • S/4HANA Cloud — dedicated inbound/outbound adapter
Standard / Cloud Adapters
  • HTTP — REST/HTTP sender & receiver
  • OData — Generic OData V2/V4 (non-SAP)
  • SFTP — Secure file transfer (poll & push)
  • Mail (SMTP / IMAP) — Email-based integration
  • AMQP 1.0 — Message queue connectivity
  • MQTT — IoT / lightweight pub/sub messaging
  • Kafka — Apache Kafka topic producer/consumer
  • JDBC — Direct database connectivity
  • JMS — Internal message queuing (guaranteed delivery)
B2B / EDI Adapters
  • AS2 — Applicability Statement 2 (EDI over HTTPS)
  • AS4 — ebMS 3.0 / AS4 profile (e-SENS, Peppol)
  • EDIFACT — UN/EDIFACT message parsing & generation
  • ANSI X12 — North American EDI standard
  • EANCOM — EAN variant of EDIFACT (retail/grocery)
  • Odette — Automotive EDI (VDA, OFTP2)
  • Open Connectors — 170+ SaaS (Salesforce, ServiceNow, Workday, NetSuite, Zendesk, Hubspot…)

Edge Integration Cell — On-Premise Runtime

The Edge Integration Cell (EIC) is a Kubernetes-based deployment of the Integration Suite runtime that runs inside your private network — on-premise or on a hyperscaler private cloud. It executes the same iFlow runtime as the cloud Integration Suite, enabling a build-once, deploy-anywhere approach.

Integration domain coverage: Cloud Integration Suite vs Edge Integration Cell
Cloud Integration Suite
Cross-Domain Integrations
Recommended for cloud-to-cloud and cloud-to-on-premise flows where messages cross network boundaries. Static public IPs reduce firewall exceptions. Managed by SAP — no infrastructure to operate.
  • SAP SaaS ↔ third-party SaaS
  • Cloud ↔ on-premise (via Cloud Connector)
  • B2B / EDI with trading partners
  • Central monitoring across all iFlows
  • Managed runtime — SAP operates the infrastructure
Edge Integration Cell (EIC)
On-Premise-Only Flows
Deployed inside your private network on Kubernetes. Messages never leave the private network boundary — required for data sovereignty, regulatory compliance, or latency-sensitive on-premise-to-on-premise flows.
  • On-premise system ↔ on-premise system
  • Private hyperscaler network integrations
  • Data sovereignty / air-gapped requirements
  • Same iFlow runtime — reuse existing artefacts
  • Managed centrally from BTP cockpit

A single iFlow can be deployed with different configurations to both Cloud Integration Suite and the Edge Integration Cell — the same artefact covers both cross-domain and private network scenarios without duplication. Central administration and monitoring remain in the BTP cockpit regardless of where the iFlow runs.

SAP PI/PO Migration

SAP PI (Process Integration) and SAP PO (Process Orchestration) on NetWeaver reach end of standard maintenance in 2027 and extended maintenance in 2030. SAP Integration Suite is the designated migration target, with dedicated tooling to accelerate and de-risk the transition.

PI/PO to Integration Suite — migration flow
SAP PI/POExisting interfaces · ICOs · BPM
Migration AssessmentEffort estimate · scenario scoring · readiness report
Migration ToolingWizard-based · semi-automated artefact conversion
Integration SuiteConverted iFlows · validated · tested
ProductionCutover · decommission PI/PO

Migration Assessment analyses your existing PI/PO landscape, scores each interface for migration complexity, and produces a detailed effort estimate with recommended migration sequence. Migration Tooling (integrated into Cloud Integration) converts PI/PO ICO (Integrated Configuration Objects) artefacts into Cloud Integration iFlows in a wizard-driven, semi-automated process.

Not all PI/PO patterns convert one-to-one — BPM (Business Process Management) workflows, complex multi-mapping scenarios, and ABAP proxies require manual rework. We scope and de-risk these cases during the assessment phase before committing to a timeline.

API Management

API Management in Integration Suite provides a full API gateway and developer portal — governing how backend services and integration endpoints are exposed to internal and external consumers.

API Proxies
Gateway Between Consumer & Backend
An API proxy fronts a backend service (BTP CAP app, S/4HANA OData, external REST API) and intercepts every request. Policies applied at the proxy layer handle security, traffic management, and message transformation — without modifying the backend.
Route rules · virtual host · target endpoint · policy pipeline (request flow → target → response flow)
Policies
Traffic, Security & Transformation
Policies are configurable enforcement rules applied at proxy level: Rate Limiting (spike arrest, quota), Security (OAuth 2.0 verify, API key verify, SAML assertion, mTLS), Transformation (JSON↔XML, regex-based extract), and Mediation (assign message, raise fault).
Spike Arrest · Quota · OAuth 2.0 · Verify API Key · JSON to XML · Assign Message · Raise Fault
API Products & Developer Portal
Self-Service API Consumption
API products bundle one or more API proxies and publish them to the Developer Portal with documentation, try-it consoles, and subscription management. External or internal developers self-register, subscribe, and generate API keys — reducing the onboarding overhead for API consumers.
API product · developer portal · application registration · API key lifecycle · monetisation plans
Analytics & Monetisation
Usage Visibility & Revenue Models
Built-in API analytics provide call volume, error rates, latency, and consumer-level dashboards. Monetisation plans allow charging per-call, per-quota, or per-period — enabling API-as-a-product business models for external partners.
API Analytics dashboard · custom reports · monetisation policy · billing integration · Apigee Analytics

Security Architecture

Cloud Integration handles credentials, certificates, and message-level security through a built-in Keystore and Security Material store — keeping sensitive credentials out of iFlow artefacts and enabling rotation without redeployment.

Transport Security
TLS & Mutual TLS (mTLS)
All inbound and outbound connections are TLS-encrypted. For systems requiring mutual authentication, client certificates (PKCS#12) are stored in the Keystore and presented during the TLS handshake. Certificate-to-user mapping maps client certificates to CPI users for inbound calls.
Keystore (PKCS#12 · X.509) · certificate-to-user mapping · TLS 1.2+ enforcement · client certificate auth
Message Security
PGP Encryption & XML Signatures
For AS2, SFTP, and EDI scenarios, message-level security is applied independently of transport. PGP encryption/decryption and XML digital signatures are configured as iFlow steps — the message payload is secured even if the transport layer is compromised or passes through intermediaries.
PGP encryptor / decryptor · XML signer / verifier · PKCS#7 · WS-Security (SOAP) · keyring management
OAuth 2.0
Token-Based API Access
Inbound calls to CPI iFlows can be authenticated via OAuth 2.0 using SAP BTP’s XSUAA service (client credentials grant for system-to-system, JWT bearer for user-context flows). Outbound calls to OAuth-protected APIs use stored client credentials or token fetch steps within the iFlow.
XSUAA client credentials · OAuth2ClientCredentials Secure Parameter · ProcessDirect · JWT bearer · token cache
Principal Propagation
Forwarding User Context to On-Premise
In scenarios where the end user’s identity must be propagated to the ABAP backend (e.g. for fine-grained authorisation checks in S/4HANA), Principal Propagation uses short-lived X.509 certificates to forward the authenticated user’s identity through the Cloud Connector tunnel — without sharing passwords.
Cloud Connector principal propagation config · ABAP system trust · SAP Logon Ticket / X.509 propagation

What We Deliver

Integration Architecture & Foundation

Integration Suite tenant provisioning, capability activation, Cloud Connector high-availability installation, Destination Service configuration, and security baseline — Keystore setup, OAuth clients, credential stores. Integration domain model: which flows run in Cloud Integration vs Edge Integration Cell, API vs event vs process integration.

iFlow Development & Delivery

End-to-end iFlow design and development using SAP’s Integration Content Catalog pre-built packages where available, custom development where not. Adapter configuration (IDoc, SOAP, OData, SFTP, AS2, HTTP), XSLT and graphical message mapping, Groovy scripting, exception subprocesses, and JMS-based async queuing with dead-letter handling.

API Management & Developer Portal

API proxy design and policy configuration (rate limiting, OAuth 2.0, mTLS, quota enforcement). API product bundling and Developer Portal setup for self-service consumer onboarding. API versioning strategy, lifecycle governance, and analytics dashboard configuration. OpenAPI / Swagger specification import and maintenance.

Event-Driven Architecture (Advanced Event Mesh)

Advanced Event Mesh broker provisioning, topic hierarchy design, S/4HANA Business Event Handling configuration, and AMQP/MQTT consumer iFlow development. Event schema registry setup, publisher and subscriber configuration, and dead-letter topic handling for undeliverable messages.

PI/PO Migration

Migration Assessment execution and readiness scoring across your existing PI/PO interface landscape. Migration Tooling-assisted artefact conversion for standard ICO-based interfaces. Manual rework scoping for BPM, multi-mapping, and ABAP proxy scenarios. Parallel-run test strategy and production cutover planning.

Monitoring, Alerting & DevOps

Message processing log configuration, trace-mode activation for debugging, alert rules for failed messages and adapter disconnections. Cloud Transport Management integration for iFlow package promotion (DEV→TEST→PROD). SAP Cloud ALM integration for centralised integration health monitoring and operational dashboards.

How Customers Benefit

1 Platform
Replaces PI/PO, ESB & API Gateway
Integration Suite consolidates process integration, API management, event brokering, B2B EDI, and 170+ SaaS connectors under one BTP subscription — eliminating the cost and complexity of operating separate middleware and gateway products.
Build Once
Deploy to Cloud or Edge
A single iFlow artefact runs on both the managed cloud runtime and the Edge Integration Cell. No parallel development, no duplication — data sovereignty and cloud integration requirements are solved with the same codebase.
2027
PI/PO Migration Deadline is Approaching
Standard SAP PI/PO maintenance ends 2027. Migration Assessment gives you a clear readiness picture and effort estimate now — so you can plan, budget, and migrate systematically rather than reactively under deadline pressure.
170+
Pre-Built SaaS Connectors
Open Connectors ships with pre-built, normalised adapters for Salesforce, ServiceNow, Workday, NetSuite, Zendesk, HubSpot, and 160+ more — removing weeks of custom adapter development for common SaaS-to-SAP integration scenarios.
Static IP
Simplified Firewall Management
Integration Suite operates from a fixed set of publicly documented IP addresses per region. Firewall allowlisting is a one-time activity — no dynamic IPs to track, no NAT gateway complexity, no IP-range management overhead.
Central
Monitoring Across Cloud & Edge
Message processing logs, adapter status, alert rules, and error reprocessing are managed from one BTP cockpit view — regardless of whether the iFlow runs in the cloud or on an Edge Integration Cell in your private network.

How We Work

01

Landscape Analysis & Scope

We inventory your existing integration landscape — PI/PO ICOs, point-to-point connections, middleware components, error rates, and ownership gaps. For PI/PO migrations, we run Migration Assessment to produce an effort estimate, readiness score, and prioritised migration backlog.

02

Architecture & Pattern Design

Integration domain model (Cloud vs EIC), API strategy (which services get proxied), event topology (Advanced Event Mesh topic hierarchy), B2B partner onboarding model, security architecture (mTLS, OAuth, PGP), and Cloud Connector HA placement — documented and approved before any iFlow is built.

03

Foundation Setup

Integration Suite tenant and capability activation, Cloud Connector HA installation and system mapping, Destination Service configuration, Keystore and credential store population, Alert Notification Service rules, and CI/CD pipeline + Cloud Transport Management node setup for integration package promotion.

04

Iterative iFlow Delivery

Critical business interfaces are prioritised and delivered sprint by sprint — each iFlow starting with a pre-built catalog package where available, built custom otherwise. Every iFlow includes exception subprocess, dead-letter handling, retry logic, and message processing log configuration before it goes to TEST.

05

Cutover & Go-Live

Parallel-run period with both old and new integration handling flows, cutover checklist validation, production promotion via Cloud Transport Management, and hypercare monitoring in the first weeks after go-live. PI/PO decommission checklist delivered after stable production operation is confirmed.

06

Knowledge Transfer & Governance

Integration developer workshops (iFlow patterns, adapter configuration, error handling, Groovy scripting), operational runbooks for monitoring and error reprocessing, naming conventions and package governance standards, and a validated onboarding checklist for future interface development.

Ready to connect your systems?

Let’s build your integration layer.

Tell us about your current middleware landscape, PI/PO footprint, and integration requirements — we’ll design a secure, scalable Integration Suite architecture that consolidates your entire integration estate.

Get in touch →
SAP Build WorkzoneSAP Cloud Connector