Structured and secure integration of internal and external partners
In modern integration landscapes, companies must connect not only internal systems, but also a large number of external partners efficiently and securely. Especially with integration platforms such as the SAP Integration Suite, new requirements arise in terms of security, controllability and scalability.
Internal and external partners must be integrated into integration processes in a partner-specific, secure and traceable manner. Without a clearly defined concept for partner data management, the connection can quickly become complex and time-consuming.
As part of the InnovateSAP initiative, we support companies in developing suitable best-practice concepts for secure and efficient partner integration.
Starting situation
Many companies currently do not have a central, partner-specific concept for connecting internal and external partners to their integration platform.
This creates several challenges during operation:
- High effort in connecting new partners
- Complex care and maintenance of existing connections
- Lack of central controllability of access
- Potential security risks
A structured concept for partner connection via SOAP, HTTP or OData interfaces is therefore becoming a central success factor for a stable and secure integration architecture.
Approach
Several architectural concepts are available for the secure and efficient connection of internal and external partners. These differ in terms of security level, scalability and administration effort.
Depending on the requirements and number of partners, three established concepts can be used:
Concept I – Role-based BTP Service Keys
Partners are connected via service instances and service keys within the SAP Business Technology Platform. Access is role-based and can be accessed via various authentication mechanisms:
- Basic Authentication
- OAuth
- Certificates
Integration via an identity provider is also possible, for example via SAP Cloud Identity Services or external identity providers such as Microsoft Azure Active Directory.
For an increased level of security, it is recommended to use OAuth or certificate authentication .
Concept II – Certificate-based partner connection
In this approach, authentication is carried out via client certificates, which achieves a particularly high level of security.
Typical features:
- Partner-specific integration flows
- Clear separation of partner access
- High traceability and auditability
This concept is particularly suitable for companies with regulatory requirements or particularly sensitive data.
Concept III – SAP API Management
SAP API Management can be used to build a flexible and scalable partner ecosystem.
Various security mechanisms are available:
- OAuth
- API Keys
- IP Filters
- Quotas and Spike Arrest
- Threat Protection
By combining OAuth and API Keys , fine-grained access control can be implemented.
All concepts also support secure connection to on-premise systems via the SAP Cloud Connector. This enables a secure tunnel between the on-premise landscape and the cloud integration platform.
Steps of implementation
The structured use of these concepts enables companies to systematically develop their partner integration and adapt it to your individual requirements.
Providing clarity
In the first step, the existing partner landscape is analyzed. The following are examined:
- How many internal and external partners are connected
- What are the safety requirements
- which interfaces are used
- which regulatory requirements must be taken into account
This analysis creates transparency about the requirements and forms the basis for the selection of a suitable integration concept.
Enabling innovation
Based on the analysis, the appropriate architectural concept is defined. Depending on the requirements, different models can be used.
Concept I – Simple and efficient
- Fast implementation
- Low integration effort
- Cost-efficient with a small number of partners
- Easy administration
Ideal for: few partners with moderate security requirements
Concept II – Maximum safety
- Highest level of security through certificates
- High auditability
- Clear partner separation
- suitable for regulated industries
Ideal for: a few partners with high security requirements
Concept III – Flexible and scalable
- Flexible authentication
- High scalability
- fine-grained access control
- Protection against overload through quotas and spike arrest
Ideal for: larger partner ecosystems with different requirements
Accelerate proof of concept
In the next step, a proof of concept (PoC) is implemented, in which the selected concept is tested in a realistic integration scenario.
The following are examined:
- how to connect new partners
- How authentication and access control work
- how maintenance and administration can be implemented
The PoC makes it possible to validate the chosen architecture under realistic conditions before it is rolled out company-wide.
Results and Benefits
The result is a structured and secure partner integration concept that is being implemented as part of the InnovateSAP initiative.
This provides companies with a clear strategy for connecting internal and external partners to the SAP Integration Suite.
The added value is evident on several levels.
Operational
- Less effort for partner connections
- Simplified administration and maintenance
- Clear access controls and responsibilities
Professional
- stable and secure integration processes
- Transparent partner communication
- Better traceability of data flows
Management
- Clear governance for partner integrations
- Better controllability of the integration architecture
- Reduced safety and operational risks
Within the framework of InnovateSAP , this approach supports companies in developing their integration landscape in a structured way and in building a secure, controllable partner integration that is adapted to the respective requirements .
