SAP Analytics Cloud (SAC) provides two options for sending email notifications from the platform. This includes :
We will discuss in detail about these options and the pre-requisites need to configure these options.
Default SMTP
This is the option which comes with the tenant by default. Customers need not do anything to configure this.
When this option is selected , the email are sent from SAP Analytics Cloud <[email protected]> and it uses SAP’s SMTP servers to send the emails
Default SMTP Option Under System Administration
Header Sender Address
Under Default SMTP, there is an additional option named Header Sender Address. This option lets the customers configure the SMTP From header in the emails sent from SAC.
When this field is populated with a syntactically valid email address, the emails will be delivered with this email address in the From header
Please note that the actual sender address will still be the default address [email protected] . But since email clients display the address in the From header of the email , the email will appear to be received from the address mentioned in the field.
e.g. If we configure [email protected] as the header sender address as shown below
Configuration for header sender address
The email received would look like this.
Email delivered with header sender address set
Custom SMTP
Customers have a choice to configure their own publicly available SMTP server for email delivery from SAP Analytics Cloud instead of using the default option.
There are authentication types which are supported for custom SMTP server :
We will discuss both these options in detail below.
Basic Authentication
Pre-Requisites
- The SMTP server must be publicly accessible over internet.
- SMTP server must support TLS
- These details must be known in prior before configuring the SMTP server:
- Host name
- Port
- Username
- Password
- Allowed sender email address
Steps
- Go to System > Administration from the menu and click on Notifications tab
- Click on Edit button and scroll down to Email Server Configuration section.
- Switch to Custom option in the radio button. Select Basic in the drop down.
- Fill the details in the form
Host |
SMTP host FQDN |
Port |
SMTP port |
User Name |
SMTP account user name which is allowed to send emails. It need not be email necessarily and depends on your SMTP provider. |
Password |
Password of the SMTP account |
Envelope Sender Address |
The email address which will be used as sender of the emails for all the emails sent from the tenant. Note that some SMTP account may restrict sending the email only from a particular email address and only that must be used here. |
Header Sender Address |
This is an optional field and can be used to override the From SMTP. Please refer to the Header Sender Address section in Default SMTP. Please note that this may not be allowed by many SMTP providers like Microsoft and Gmail . Do check with the SMTP provider before configuring this field or leave it blank. |
- Click on Check Configuration to check if the settings are correct. If all the details are correct and connection is established successfully, the person who is configuring will receive an email like this
- If the settings are incorrect, an error will appear indicating failure
- If the connection is successful, the settings can be saved using the save button on the page
- If the settings are saved successfully, this toast message should appear
OAuth Authentication
Pre-Requisites
- The SMTP server must be publicly accessible over internet.
- OAuth application must be configured and necessary scopes must be provided to the application.
- Some additional steps may be required based on the vendor. We will discuss about Microsoft Office 365 as an example.
Configure Microsoft 365 as Email Provider
These steps are derived from Microsoft’s documentation and assumes customer has a Microsoft 365 tenant available with appropriate licenses required
- Go to the Azure portal (https://portal.azure.com/) and sign in with your Azure account
- Navigate to the “App registrations” blade in the Azure portal and click on “New registration” to create a new app registration
- Fill in the required details for the app registration, such as the name, supported account types, and redirect URI. The redirect URI is the URL where the authorization code will be sent after the user grants consent. Copy the Redirect URL from the SAP Analytics Cloud configuration page as described below in Steps section
- After creating the application, generate the client secret for the application.
Client ID also needs to be noted down from this same page.
Directory tenant ID is needed to form the auth urls. Note down that too
- Once it’s generated, copy the client secret value and keep it safe. It’ll be needed in configuration later.
- Click on API permissions and add Mail.Send permission from Microsoft Graph permissions. Click on Add permissions
- The permission should appear now like this.
- Click on Grant admin consent button and after that the app should like like this
- OAuth application is now ready. We should be able to use it to generate refresh token using this now. However, we need some more configurations yet in order to be able to send emails.
- Now we need to have a user account in Microsoft 365 which will be responsible for sending emails.
- To create a user or edit existing user to be able to send emails using the OAuth app created above, navigate to Microsoft 365 Admin Center and click on Users > Active Users > Add a user and enter the details to create a new user. This is an optional step which can be skipped if you need to configure an existing account.
- Make sure that the license assigned to user ensures that exchange online is available to the user
- Click on the user to enable SMTP for it. Check the Authenticated SMNTP option and save.
- Go to Active Directory menu on Azure portal again and click on Enterprise Applications option. Search and click on the OAuth app which we created earlier.
- Now assign the user which we created to this app. Click on Assign users and groups
- Click on Add user/group. Search and select the user and click on Select and then Assign.
- Once done, the user should appear in the list.
- Check if the assignment is done by clicking on the user and clicking on Applications link
- The user account is ready for configuration for Custom SMTP in SAP Anlaytics Cloud
- Following details are important which will be needed in steps below
- Directory tenant id – Can be fetched from the page in step 5
- Application Client ID – Can be fetched from the page in step 5
- Client Secret – created in step 5
- User Name – email address of the user created
Steps
- Go to System > Administration from the menu and click on Notifications tab
- Click on Edit button and scroll down to Email Server Configuration section.
- Switch to Custom option in the radio button. Select OAuth in the drop down.
Custom SMTP OAuth Configuration
- Fill the details in the form
Host |
SMTP host FQDN |
Port |
SMTP port |
User Name |
SMTP account user name which is allowed to send emails. e.g. Microsoft or Gmail mandates that this user must have a valid email account |
Refresh Token |
This will get populated once Get Token is successful. After filling all the fields correctly , click on Get Token button to fill this |
Envelope Sender Address |
The email address which will be used as sender of the emails for all the emails sent from the tenant. e.g. in Microsoft , this must be same as user name |
Header Sender Address |
This is an optional field and can be used to override the From SMTP. Please refer to the Header Sender Address section in Default SMTP. Please note that this may not be allowed by many SMTP providers like Microsoft and Gmail . Do check with the SMTP provider before configuring this field or leave it blank. For Microsoft Office 365 and Gmail, leave this empty |
Authorization URL |
This is the URL provided by the SMTP provider using which the authorization code can be generated. e.g. for Microsoft 365, this will look something like this : https://login.microsoftonline.com/<m365-tenant-uuid>/oauth2/v2.0/authorize. Replace the <m365-tenant-uuid> with valid Microsoft 365 tenant uuid. |
Token URL |
This is the URL which is used to generate the access token from the refresh token generated as part of Get Token button click. Please note that the Refresh token is saved securely for a tenant once it’s generated. e.g. for Microsoft 365 the URL is https://login.microsoftonline.com/<m365-tenant-uuid>/oauth2/token. Replace the <m365-tenant-uuid> with valid Microsoft 365 tenant uuid |
Client ID |
Client ID of the OAuth application |
Client Secret |
Client secret of the OAuth application |
Scope |
Scope needed to send the emails. This is also added in the OAuth app created as part of pre-requisites. e.g. for Microsoft 365 , the scope is https://outlook.office365.com/SMTP.send |
Redirect URL |
Populated automatically for each SAC tenant. This is where the authorization code is received |
- Click on Get Token button. It should redirect to the login page of the provider where the user need to login to the provider portal and provide the consent.
e.g. for Microsoft 365, it would look like this
- If all pre-requisites are met and the details are correct, the authorization code flow will complete successfully and Refresh Token field will be populated. If there is any problem in pre-requisites from provider, it will throw error in the login popup itself.Please note that population of refresh token doesn’t ensure that configuration is completed. It’s just part of the configuration.
- Click on Check Configuration to check if the settings are correct. If all the details are correct and connection is established successfully, the person who is configuring will receive an email like this
- If the settings are incorrect, an error will appear indicating failure
- If the connection is successful, the settings can be saved using the save button on the page
- If the settings are saved successfully, this toast message should appear
文章来源: https://blogs.sap.com/2023/11/06/steps-to-configure-custom-smtp-server-on-sap-analytics-cloud/
如有侵权请联系:admin#unsafe.sh