Configuration Guide Version11 Docusign Included

CONFIGURATION GUIDE | PUBLIC
SAP Sourcing and SAP Contract Lifecycle Management

Document Version: 1.4 – 2020-05-29
Configuration Guide for SAP Sourcing 11.0

© 2020 SAP SE or an SAP affiliate company. All rights reserved.
THE BEST RUN

Content
1 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2 Define System Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6
3 Set Up SMTP Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
4 Context, Cluster, and Directory Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

4.1 Manual Context, Cluster, and Directory Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
4.2 Create Cluster Template. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
4.3 Create Internal Directory Template. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
4.4 Create External Directory Template. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
4.5 Create Tenant Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
4.6 Managing the SSL Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
5 Create and Verify Purchaser User. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
6 Master Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
6.1 Overview of Master Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
6.2 Create Master Data Manually. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
6.3 Import Master Data Using CSV File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
6.4 Workbooks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Overview of Workbooks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Download and Customize Workbooks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Import Master Data Using Workbooks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
7 Create and Verify Supplier User. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
8 Install Company Logo. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
9 Specify Internal Address of SAP Sourcing Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
10 Update Master Time Zone. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37
11 Install License Key. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
12 Change Session Timeout and Related System Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
13 Enable Contract Authoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40
14 Configure Change History Tracking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

14.1 Configure Security Profile Settings for Change History Tracking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
14.2 Define Document Change History Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

2 PUBLIC Content
15 E-Signature. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
15.1 NetWeaver: Set Up Proxy Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
15.2 SAP Sourcing: Set Up User Rights. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
15.3 SAP Sourcing: Set Up Scheduled Task to Retrieve E-Signature Status. . . . . . . . . . . . . . . . . . . . . . . . . . 46
15.4 Complete DocuSign Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
15.5 Complete Adobe Sign Configuration (SOAP). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
15.6 Complete Adobe Sign Configuration (REST). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Adobe Sign: Create API Application. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
SAP Sourcing: Set the System Properties for the E-Signature Type and URL. . . . . . . . . . . . . . . . . . . 54
SAP Sourcing: Set Up Integrated System Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .55
15.7 After Configuration is Complete. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
15.8 Changing E-Signature Solutions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
16 Configure Workbench. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
17 Configure Branding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
18 Configuring Supplier Workflow Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
19 Fiori My Inbox Integration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

19.1 SAP Sourcing Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Create Integrated System Configuration for Fiori. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Define System Property for Trusted Domain. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Set Up Web Service Definitions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
19.2 Fiori My Inbox Installation and Setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
19.3 Authentication: UME Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
On the ABAP system: enable logon tickets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
On the Java system. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
19.4 Custom Task Provider Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Activate TASKPROCESSING OData service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71
Configure NetWeaver gateway system. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Enable My Inbox app access in the SAP Fiori Launchpad. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Enabling User List for Task Gateway Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Content PUBLIC 3
Document History
 Note
Make sure that you have the latest version of this document, on SAP Help Portal at https://help.sap.com/
sourcing [choose Version] Configuration
The following table provides an overview of the most important document changes.
Document History
Version Date Description
1.0 2018-01-12 Initial Release
1.1 2018-07-03 Clarified aspects of e-signature configuration.
1.15 2018-08-21 Added mention of CLM-only workbooks.
1.2 2018-10-12 Clarified dependency between Fiori My Inbox and related integration com
ponent.
1.3 2019-09-25 ● Added Complete Adobe Sign Configuration (REST) [page 53]
● Clarified SSL certificate instructions for DocuSign and Adobe Sign
(SOAP)
● Added certificate instructions specific to NetWeaver 7.5 SP 11 and
higher
● Updated link to documentation for SAP Fiori My Inbox
1.4 2020-05-29 ● Added description of timeout properties

upp.metering.timeout.redirect.buy and
upp.metering.timeout.redirect.sell, new with 11 SP 11: see
Change Session Timeout and Related System Properties [page 39]
● Added description of how to determine the correct URL for DocuSign:
see Complete DocuSign Configuration [page 47]
● Added troubleshooting suggestion for a possible error in the DocuSign
section of the System Information Audits tab: see After Config
uration is Complete [page 56]

4 PUBLIC Document History
1 Introduction
This guide describes the deployment of SAP Sourcing 11.0 on SAP NetWeaver.
How to Construct an SAP Sourcing Login URL
At various points, this guide will instruct you to log in as a certain user. You can log in as a purchaser user, a supplier
user, the enterprise user, or the system user. You must connect to the system using a different URL depending on
which user the instructions call for. This section explains how to construct the correct login URL for the specified
user.
SAP Sourcing login URLs can be constructed as follows:
[protocol]://[hostname]:[port]/[context]/[login type]/[login path]
[protocol] http or https. Typically https for customer productive

systems.
[port] The [port] element is optional.
[context] This is the context you defined during installation.
[login type] Use one of the following, depending what user is called for in
the instructions:
● If the instructions call for a purchaser user, use

fsbuyer.
● For a supplier user, use fsvendor.
● For the system user, use fssystem.
● For the enterprise user, use fsenterprise .
[login path] For fsbuyer, fsenterprise, and fssystem, this is

portal/login.
For fsvendor, this is vendordesktop/login.
 Example
● https://www.mycompany.com/mycontext/fsenterprise/portal/login
● https://www.mycompany.com/mycontext/fsvendor/vendordesktop/login
● https://www.mycompany.com/mycontext/fssystem/portal/login
 Note
After the initial login, the system prompts you to change your password

Introduction PUBLIC 5
2 Define System Properties
 Note
Some system properties can be overridden at the enterprise level. To do so, log in as the enterprise user.
J2EE System Properties
Make sure you have set appropriate values for the system property set j2ee. For more information, see Define
J2EE System Properties in the Installation Guide for SAP Sourcing on SAP Help Portal at https://help.sap.com/
sourcing [choose Version] Installation and Upgrade .
 Note
These properties can also be defined automatically using a dbimport script.
Virus Scanner Properties
You have two options for virus scanning:
● Symantec Protection Engine for Cloud Services

● VSI
To enable virus scanning using either method, you must log in as the system user and set the system,
system.avscanner.enabled system property to true.
If you use Symantec Protection Engine for Cloud Services, log in as the system user and configure the properties in
the Symantec Properties table.
If you use VSI, log in as the system user and configure the properties in the VSI Properties table.
Symantec Properties
 Note
If you are deploying the Symantec Protection Engine for Cloud Services to scan uploaded attachments for
viruses, you will use the Remote Access API.
Property Description
system,system.avscanne Set to TRUE.

r.enabled

6 PUBLIC Define System Properties
system, Determines the type of scan mechanism . Set to SYMANTEC_AV.

system.avscanner.type
system, Set to the Symantec engine IP address.

system.avscanner.hostn
ame
system, Set either to SCAN_ONLY or SCAN_REPAIR.

system.avscanner.polic
y
system, Set to the Symantec ICAP port. The default value is 1344.
system.avscanner.port
 Note
You must also configure the protocol (ICAP) and port (1344) in the Symantec Management
console.
system, Socket timeout. The default value is 30 seconds.

system.avscanner.readW
riteTime
VSI Properties
system, Determines the type of scan mechanism. Set to VSI_AV.

system.avscanner.type
system.avscanner.vsi_p Enter the name of the configured Sourcingspecific AV profile.

rofile
For more information, navigate to the Help Portal page for the appropriate version of NetWeaver: https://help.sap.com/
viewer/p/SAP_NETWEAVER [choose SAP NetWeaver Platform] and then search for "Virus Scan Interface."
For general information including a list of currently supported anti-virus solutions, see SAP Note 1494278 .
Security System Properties
system, system.security.csrf.trusted_referrer_domains
You can specify patterns to identify authorized URLs from which users may submit requests.
A request is trusted under the following circumstances:
● If the referrer (the URL from which the request originates) is absent, it is trusted.
● If the referrer's domain name is exactly the same as the application's domain, it is trusted.
● If the referrer's domain name matches any of the patterns in the system,
system.security.csrf.trusted_referrer_domains system property, it is trusted.

Define System Properties PUBLIC 7
To protect the enterprise itself, set this property as the enterprise user. To provide protection for system-level tasks,
you must also set this property as the system user.
 Example
If you set this property only as the enterprise user, any URL can refer requests for system user functionality, but
requests for supplier functionality must come from URLs that match one or more patterns in this system
property. If you set this property as the system user also, then even requests for system user functionality must
come from a trusted URL.
Set the value of the system property system, system.security.csrf.trusted_referrer_domains by

adding one or more of the following patterns, separated by semi-colons:
Pattern Description
* Any referrer is trusted.
*.name.com Trusted referrer domains must end with the specified string.
 Example
*.mydomain.com
Requests from www.mydomain.com and

mobile.mydomain.com and cloud.mydomain.com, etc,
would all be trusted.
Requests from www.mydomain.org would not be trusted.
name.com Trusted referrer domains must match the specified string ex
actly.
 Example
www.mydomain.com
Only requests from www.mydomain.com would be trusted.
If you add more than one pattern to the property, requests that match any of the included patterns will be trusted.
 Example
www.yourdomain.com; *.mydomain.com
Requests from any domain ending in .mydomain.com would be trusted, along with requests from the
www.yourdomain.com domain.
 Note
By default this system property is empty, so the only trusted domain is the application's own domain.
Other Security System Properties
This table lists the other security system properties in SAP Sourcing.

system, system.cookies.enable_http_only When True, the browser denies Javascript access to cookies.
system, system.cookies.enable_secured When True, cookies can only be passed using the secure
https protocol.
system, When True, error messages for failed login attempts distin
system.security.directory.display_entry_does_no guish between invalid credentials (password) and nonexistent
t_exist_error directory entry (username). When False, both failures result
in the same error message.
system, When True, this property forces the system to work only un
system.security.domain.validate_redirect_url der a single domain. This can adversely affect performance.
system, system.security.separate_pswd_and_name When True, creation or modification of a user account results

in two separate email notifications: one with a username, one
with a password.
system, system.allow.embed.in.iframe When True, SAP Sourcing can be embedded in an iframe.
Global Search Properties
The system administrator can influence whether Global Search functionality is available at all and which document
classes are searchable by setting the values of the system properties described in this section.
 Note
The system administrator can also influence which users have access to Global Search functionality, by using
the Global Search User security profile. This security profile has the Global Search activity within the
System group set to Allow.
The Application User security profile also has the Global Search permission in the System group set to
Allow, so that by default all purchaser users have access to Global Search functionality.
To restrict access to Global Search to a subset of users or groups, change the Application User security
profile so that the Global Search activity has the value Deny, and then add the Global Search User
security profile to all users who should have access to Global Search.
The Global Search User security profile can be applied to groups and sub-groups as well.
globalSearch.enable
Global Search functionality can be turned on or off using the userinterface, globalSearch.enabled system
property. If the value of this property is True, Global Search functionality is available. If the value is False, this
functionality is not available.
globalSearch.classIds

Define System Properties PUBLIC 9
The globalSearch.classids system property can control what document classes are searchable when Global
Search is enabled. By default, all document classes are searchable; the system administrator can limit which
document classes are searchable by defining the userinterface, globalSearch.classIds system property.
The default value of this property is ALL, which means that all document classes are searchable.
 Note
Similarly, if this property is absent, for example because it has been deleted and not added back, the default
behavior of the Global Search feature is to search all document classes.
If the value of the globalSearch.classIDs system property is left blank or contains only invalid values, the fields
associated with Global Search will not be displayed in the UI, even if the value of globalSearch.enable is True.
To restrict Global Search functionality to a subset of the searchable document classes, set the value of this
property to a semicolon-delimited list of searchable class IDs. For example, if the value of this property were
816;905;5006;1003, then users could search only in Auction, RFx Response, Scenario, and Agreement
documents.
The following table describes all supported class IDs:
Class ID Description
397 Global Discussion Manager
816 Auction
900 RFx
905 RFx Response
1003 Agreement
1004 Master Agreement
1100 Project
1600 XPress Request
1623 XPress Quote Request
1801 Clause
5006 Scenario
9999101 User Defined BizDoc 1

3 Set Up SMTP Server
1. Navigate to Setup System Setup Configuration System Properties.

2. Edit the system property in the messaging set for the SMTP mailhost messaging.smtp.mailhost as follows:
Property Value
Set Messaging
Name messaging.smtp.mailhost
Value <your mailhost name>
Context <your context>
Notes Hostname of the SMTP server. This assumes port 25 and

anonymous connection. If using a different port or if a user
name and password are required, three additional properties
can be set:
○ messaging.smtp.port
○ messaging.smtp.username
○ messaging.smtp.password
3. Save.

Set Up SMTP Server PUBLIC 11
4 Context, Cluster, and Directory
Configuration
To establish a working environment, you must configure the following components:
● Context
● Cluster
● Directory configurations (internal and external)
Log on as the system user to access all of these configurations. These can be individually created and manually
associated, or they can be configured using the Tenant Configuration utility. When using the utility, the individual
cluster and directory components are created as templates. The Tenant Configuration utility will then create the
context and associate the context, cluster, and directories automatically.
For the purposes of clarity, the association between the three components is as follows:
● Context: None
● Cluster: Context
● Directory configuration: Context and cluster
 Note
If SSL Termination is occurring in the load balancer prior to arrival at SAP Sourcing, add the HTTP header X-
Original-HTTPS to the request with a value of on. Sticky sessions must also be enabled by cookie or another
method.
For information related to using SAML 2.0 for the authentication mechanism, see “Single Sign-On User
Authentication” in the Security Guide for SAP Sourcing, located at https://help.sap.com/sourcing [choose
Version] Security .
For more information about Cluster Configuration, see the SAP Sourcing help, at http://help.sap.com/sourcing
[choose Version] [choose a language] Application Help SAP Sourcing for Purchasers Setup System
Setup Configuration Cluster Configuration .
4.1 Manual Context, Cluster, and Directory Configuration
 Note
The manual procedures described in this section can be used instead of using templates for context, cluster,
and directory configuration. If you choose to use templates, do not execute these procedures; you can skip this
section. In general, if you need to make several configurations, using the templates can save you time and
effort. If you only have to make one, or a small number, you might prefer to make them manually.

12 PUBLIC Context, Cluster, and Directory Configuration
Procedure
Create the Enterprise Context
1. Log on as the system user.

2. Choose Setup System Enterprise Contexts .
3. Choose New.
4. Fill in the following fields:
○ Display Name
○ External ID
○ Sys Admin Password
○ Sys Admin Password (again)
5. Choose Save. This will take several minutes to complete.
6. Choose Done
Create a Cluster Configuration
A cluster configuration is the setup object in SAP Sourcing that provides the means to assign the host name, port,
and selected protocol for the system. In addition, this is where the services that will be available to this cluster are
assigned.

2. Choose Setup System Cluster Configuration , then choose New.
3. Create a new cluster, replacing the parameters in the following example with values appropriate to your needs:
Field Value Description
Display Name ClusterExample
External ID cluster.example
Context Select the context you created in the previous procedure.
Host Name example.sap.com
Supply the IP address or fully qualified hostname.
Port 50000
Supply the appropriate port. The default is 50000.
4. In the Settings area:

○ Choose either HTTP or HTTPS.
 Note
We suggest starting with HTTP and enabling HTTPS later.
○ Leave Automatically add new services and Enable Load Balancing on this cluster unchecked.
5. Add the service or services to the cluster by executing the following steps for each service you want to add:
1. In the Cluster Members collection, choose Add.

Context, Cluster, and Directory Configuration PUBLIC 13
2. In the Host Name field, supply the host name.
3. Using the picker, add a service.
4. Select the Active checkbox.
5. Choose OK.
6. Choose Save.
 Note
The cluster will display the following message:
“This cluster is inactive and cannot be used until it is assigned to both a user directory and enterprise context.”
The Inactive Cluster checkbox will be grayed out. This is expected, and will be dealt with later in the manual
configuration process.
Create an Internal Directory Configuration
The internal directory configuration is the setup object that allows the configuration of the authentication method
to be used by internal (buyer-side) users. It can be NetWeaver UME or one of the supported LDAPs. The example
below uses UME.
 Note
The users in the UME or LDAP must have the same usernames as the users in SAP Sourcing. You can achieve
this by pushing the user accounts from SAP Sourcing to the UME or LDAP, or by pulling them from the UME or
LDAP to SAP Sourcing. Select Push or Pull in the Edit Mode field on Attributes Mapping tab, as appropriate.
 Example
NetWeaver UME Directory Configuration
1. Log on as the system user and choose Directory Configuration.

2. Choose New.
3. Create the directory configuration, replacing the (example) parameters:
○ External ID: directory.internal.example
○ Display Name: Internal Directory Example
○ Context: using the dropdown, choose the context created above.
○ Default: Select (checked)
○ Usage: Active Internal
○ Authentication Support: true
○ External Role: Assigned UME Sourcing Role
○ Case Sensitive Username: false
○ Driver: NetWeaver UME
○ Cluster: using the picker, choose the cluster created above.
○ Features: Select (check) the following:
○ Changeable Passwords
○ Expired Passwords
○ New Accounts
○ Browsing
○ Properties Tab

 Note
These Properties Tab values are recommended, though not required.
○ Property Name: bypass_error_block

○ Property Value: true
○ Attributes Mapping Tab
○ Local ID: NAME
○ Mapped ID: uniquename
○ Edit Mode: Pull
○ Local ID: EMAIL
○ Mapped ID: email
○ Edit Mode: Pull
○ Local ID: FIRST_NAME
○ Mapped ID: firstname
○ Edit Mode: Pull
○ Local ID: LAST_NAME
○ Mapped ID: lastname
○ Edit Mode: Pull
Create an External Directory Configuration
The external directory configuration is the setup object that allows the configuration of the authentication method
to be used by external (supplier-side) users. It can be NetWeaver UME or one of the supported LDAPs. The example
below uses UME.
 Note
The users in the UME or LDAP must have the same usernames as the users in SAP Sourcing. You can achieve
this by pushing the user accounts from SAP Sourcing to the UME or LDAP, or by pulling them from the UME or
LDAP to SAP Sourcing. Select Push or Pull in the Edit Mode field on Attributes Mapping tab, as appropriate.
 Example
1. Log on as the system user and choose Directory Configuration.

2. Choose New.
3. Create the directory configuration, replacing the (example) parameters:
○ External ID: directory.external.example
○ Display Name: External Directory Example
○ Context: using the dropdown, choose the context created above.
○ Default: Select (checked)
○ Usage: Active External
○ Cluster: using the picker, choose the cluster created above.

○ Features: Select (check) the following:
○ Changeable Passwords
○ Expired Passwords
○ New Accounts
○ Browsing
○ Properties Tab
 Note
These Properties Tab values are recommended, though not required.

○ Attributes Mapping Tab
○ Local ID: NAME
○ Edit Mode: Pull
○ Local ID:EMAIL
○ Edit Mode: Pull
○ Edit Mode: Pull
○ Edit Mode: Pull
Finish and Test the New Context / Cluster / Directory Configuration
In order to complete the configuration, the new cluster must be made active, as follows:

2. Choose Cluster Configuration.
3. Choose and edit the inactive cluster configuration you created above.
4. Uncheck the Inactive checkbox.
5. Save the cluster.
Test the new enterprise login as follows:
1. Log out as the system user and log on as the enterprise user, as follows:
<hostname>:<port>/<context>/fsenterprise/portal/login?cid=<cluster-id>
 Note
<cluster-id> is the external ID of the new cluster.

4.2 Create Cluster Template
Cluster Templates can be created to make the tenant configuration process faster, but it is not necessary to create
them. The cluster information can also be entered manually in the Create Tenant Configuration [page 20].
Procedure
1. Log on as the system user and choose Cluster Templates

2. Choose New
3. Create a new cluster template with the following (example) parameters:
○ External ID: cluster.example
○ Display Name: Cluster Example
○ Host Name: example.sap.com
4.3 Create Internal Directory Template
Directory Templates can be created to make the tenant configuration process faster, but it is not necessary to
create them. The directory information can also be entered manually in Create Tenant Configuration [page 20]
Procedure
 Example
1. Log on as the system user and choose Directory Templates.

2. Choose New
3. Create a new directory template with the following (example) parameters:
○ Properties

○ Attributes Mapping
○ Local ID: NAME
○ Edit Mode: Pull
○ Local ID: EMAIL
○ Edit Mode: Pull
○ Edit Mode: Pull
○ Edit Mode: Pull
 Example
MSAD LDAP Directory Configuration

2. Choose New
○ Driver: LDAP Microsoft Active Directory
○ LDAP Configuration
○ Host: msad.ldap.com
○ Port: 636
○ User ID Attribute: samaccountname
○ Local ID: NAME
○ Mapped ID: sAMAccountName
○ Edit Mode: Pull
○ Local ID: EMAIL
○ Mapped ID: mail
○ Edit Mode: Pull
○ Mapped ID: givenName
○ Edit Mode: Pull
○ Mapped ID: sn
○ Edit Mode: Pull

4.4 Create External Directory Template
Directory Templates can be created to make the tenant configuration process faster, but it is not necessary to
create them. The directory information can also be entered manually in Create Tenant Configuration [page 20] .
Procedure
 Example

2. Choose New.
○ Properties
○ Local ID: NAME
○ Edit Mode: Pull
○ Local ID: EMAIL
○ Edit Mode: Pull
○ Edit Mode: Pull
○ Edit Mode: Pull
 Example
MSAD LDAP Directory Configuration

2. Choose New

○ Driver: LDAP Microsoft Active Directory
○ LDAP Configuration
○ Host: msad.ldap.com
○ Port: 636
○ User ID Attribute: samaccountname
○ Local ID: NAME
○ Mapped ID: sAMAccountName
○ Edit Mode: Pull
○ Local ID: EMAIL
○ Mapped ID: mail
○ Edit Mode: Pull
○ Mapped ID: givenName
○ Edit Mode: Pull
○ Mapped ID: sn
○ Edit Mode: Pull
4.5 Create Tenant Configuration
The creation of a tenant configuration will also create:
● a context
● a cluster
● an internal directory
● an external directory
The information necessary can be retrieved from cluster and directory templates or entered manually.
 Note
For multiple landscape use, all the configurations must have the same name. If not, migration will be affected.

Procedure
1. Log on as the system user and choose Tenant Configuration

2. Choose New
3. Create a new tenant configuration with the following (example) parameters:
Using Templates
● External ID: tenant.example

● Display Name: Tenant Example
● Sys Admin Password:
● Sys Admin Password (again):
● Cluster: Cluster Example
● Directory Internal Site: Internal Directory Example
● Directory External Site: External Directory Example
No Templates
● External ID: tenant.example

● Display Name: Tenant Example
● Sys Admin Password:
● Sys Admin Password (again):
● Overwrite Templates Configurations:
○ Cluster (checked)
○ Directory Internal Site (checked)
○ Directory External Site (checked)
● Cluster Configuration [page 17] step
● Internal Directory Configuration [page 17] step
● External Directory Configuration [page 19] step
4.6 Managing the SSL Certificate
In order to write to an Active Directory, Microsoft requires that communication to the LDAP is conducted over SSL.
Getting SSL Working
In order to enable SSL communication, you need to do the following:
● Change the communication port in the Directory Configuration from 389 (the default setting) to 636.
● Select the SSL checkbox in the Directory Configuration.
● Verify that the Certificate Authority (CA) that issued the server certificate is in the Java Keystore.
● When an intermediate CA is used to generate server certificates, the intermediate CA certificate will need to be
imported manually.

If any "Issuer" CA certificates required to complete the server certificate chain are missing from the Java
security repository on the application server, install them manually into that repository.
Use the following command to install the certificate:
<JAVA_HOME>\bin\keytool -import -trustcacerts -keystore cacerts -file

<Location_of_exported_Certificate xxx.crt> -alias <some_alias>
<JAVA_HOME> is the location of the SAPJVM. For example /sapmnt/<SID>/exe/jvm/linuxx86_64/

sapjvm_5.1.064/sapjvm_5.
For this <JAVA_HOME>, the cacerts file would be located at /sapmnt/<SID>/exe/jvm/linuxx86_64/

sapjvm_5.1.064/sapjvm_5/jre/lib/security/.
After performing these tasks, restart NetWeaver and test by creating a new user in SAP Sourcing.

5 Create and Verify Purchaser User
Users in SAP Sourcing and the UME or LDAP must have the same username.
If the user is pulled from the UME or LDAP to SAP Sourcing, an e-mail is generated, giving the user a path to the
application and his or her user name. If the account is pushed from SAP Sourcing to the UME or LDAP, a temporary
password is also mailed. A system property determines whether this information is delivered in the same e-mail or
separate e-mails.
1. Choose Setup System Administration Internal Accounts and create a purchaser user as follows:
1. On the Account Properties tab, enter required information.
2. On the Account Management tab, enter information as follows:
○ Enable User to Login: Select
○ Directory: Select as needed
○ User ID: Type userid
○ Create Directory Account: Select
○ Generate a New Password: Select
○ Send Notification: Select
3. On the Security tab, enter information as follows:
○ Purchaser: Select
○ Purchaser Manager: Select
○ System Administrator: Select
○ Supplier Administrator: Select
○ Make sure this first user is given Administrator privileges to import the Company Workbook.
2. Wait for the e-mail to be sent and received. If you do not receive it, check the following:
○ To verify the mail was sent, choose Setup System Administration Processed Messages .
○ To check for stuck or failed messages, choose Setup System Administration Queued Messages .
3. To test the new account, log on as a purchaser user, using the credentials sent in the e-mail.
4. Reset your password and choose OK.
If you can successfully log into the new purchaser account, the context cluster and directory are properly
configured and the SMTP server is processing e-mail.

Create and Verify Purchaser User PUBLIC 23
6 Master Data
Gathering Critical Information
For each deployment, gather critical information, including (but not limited to) the following:
● Purchaser organizational data: Locations, Companies, Organizational Units, Groups, and Users
● Supplier organizational data: Suppliers and Contacts
● Commodity Information: Product and External Categories
The current implementation methodology recommends defining these attributes before going live to maximize
efficiency. Data attributes may be modified or added throughout the life of the implementation using the Setup
module.
6.1 Overview of Master Data
SAP Sourcing provides the following means to install master data:
● Manual entry from Setup

● Import from CSV file
● Import from deployment workbook
Define the components of master data that exist within each context after contexts and clusters have been defined.
The following table lists the master data object types requiring definition for the enterprise. The data classification
Configurable indicates that default data is provided but can be customized for deployment. The data classification
Custom indicates that no default data is provided and the deployment must provide the data.
If you are using integration to SAP ERP, data elements with * are ERP master data and should be replicated from
ERP, not created using workbooks. Consult the ERP documentation at https://help.sap.com/viewer/p/SAP_ERP
and the Configuration Guide for Integrating SAP ERP and SAP Sourcing at https://help.sap.com/sourcing
[choose Version] Integration .
Contents Data Classification Description
Numbering table definitions for enter Configurable Defines the format of IDs. For example,
prise-level objects an RFP might follow the format: RFP-
nnnn, where nnnn increments for each
new rfp created.
Default list of extendible enterprise-level Configurable Lists those enterprise-level objects which
objects can be extended

24 PUBLIC Master Data
Default list of objects that can used refer Configurable One type of extension allows a reference
enced in an extension to another type of object. This list identi
fies the allowed kinds of references.
Value List Types Configurable Default value list types
Value List Values Configurable Default value list values, such as coun
tries, time zones, and so on
Unit of Measure ISO Codes* Configurable ISO-standard unit of measure codes
Units of Measure* Configurable Standard units of measure used through

out the system
Currency ISO Codes* Configurable ISO-standard currency codes
Currencies* Configurable A list of all currencies used by your or

ganization
Currency Conversions Configurable Default values for any currency conver

sion rates
Document Link Definitions Configurable Lists the allowable kinds of document

links
Scheduled Task Types Configurable Used to define categories of scheduled

tasks
Scheduled Tasks Configurable Lists scheduled or background tasks
Metrics Configurable Used to define metrics for scorecards
Incoterms* Configurable Define code for each term and whether

Location is required
Agreement Terms Configurable Used to define terms on contracts
Master Agreement Types Configurable Types define what set of master agree
ment and sub-agreement features are
available
Contract Document Phase Definitions Configurable Defines sequence of phases for contract
document workflow
Contract Document Types Configurable Used to assign phase definitions and no
tification behavior by contract type
Projects Configurable Phase Definitions Configurable Defines sequence of phases for project
workflow

Master Data PUBLIC 25
Project Types Configurable Types define what set of Project features

are available
RFx Types Configurable Types define what set of RFx features are
available
Auction Types Configurable Types define what set of Auction features

are available
DA Types Configurable Types define what set of Demand fea

tures are available
Security Profiles Configurable Identifies the security profiles installed

with the system
Rights on security profiles Configurable Defines the rights for each security pro
file
Time Periods Configurable Defines information about quarters,

years, and so on
Reporting Calendars Configurable Used for managing how data is reported

with relation to the calendar
Collaborator Roles Configurable Defines the role (rights and responsibili

ties) of a person/group on a specific
document instance
Document Security Templates Configurable Sets up the default collaborators and se
curity when new documents are created
Global Discussion Manager Configurable A list of discussion forums available as a

channel and not relating to a specific
document
Workbench Channels Configurable Channels available on a user's desktop
Workbench IFrames Configurable Data to create iFrames
Workbench Channel Configurations Configurable Channel configuration parameters
Workbench Pages Configurable Predefined desktop pages
Workbench Page Configurations Configurable Channel content and placement settings

for predefined pages
Configuration Properties Configurable Various deployment settings, including

mail

Enterprise Extensions Custom Actual extensions on enterprise-level ob

jects
Directory Configurations Custom Used for the LDAP directory configura

tion
Geographies Custom Used to represent the Geographic re

gions
Locations Custom Locations of plants, companies, and

other organizational elements
Payment Terms* Custom Terms of payment between the pur

chaser and supplier
External Categories Custom Typically this data set consists of indus

try standard category codes, such as UN-
SPSC or SIC codes, if used by your or
ganization.
Product Categories* Custom All internal purchasing categories used

by the purchaser
Suppliers* Custom Used in all components for various pur

chasing actions
Supplier Extensions in List Form Custom Actual extensions on enterprise-level ob

jects
Companies* Custom Used by all components of the system for

purchasing actions such as Auctions and
RFPs
Registration Categories Custom Defines mapping from arbitrary category

names to actual internal or external cate
gories. Used during supplier self-registra
tion.
Organizational Units Custom Further definition of the organizational hi

erarchy. Use to define departments, busi
ness units, and so on.
Groups Custom Arbitrary groups of purchaser users
Contacts Custom Used for all suppliers to distinguish the

various contacts at each supplier
Accounts Custom Handles all user accounts for the system

Event Terms Templates Custom Standard terms and conditions phrases

to which a supplier must agree before ac
cessing an event
ERP Regions* Custom Geographic categories in SAP ERP
Company Codes* Custom Central organizational units for account

ing in SAP ERP
Price Conditions* Custom Codes representing pricing factors in

SAP ERP
Valuation Classes* Custom Grouping for accounting in SAP ERP
Service Divisions* Custom Product line representation in SAP ERP
Service Categories* Custom Grouping codes for services in SAP ERP
Purchasing Organization* Custom An organizational unit in SAP ERP, subdi

viding an enterprise according to the re
quirements of purchasing
Purchasing Group* Custom A key for a purchaser or group of pur

chasers in SAP ERP
Vendor Account Group* Custom A classifying feature of supplier master

records in SAP ERP
Business System* Custom Represents a system in the landscape,

for example SAP Sourcing or SAP ERP
Text ID* Custom Represents SAP ERP header and item

texts
Transaction Type* Custom Represents SAP ERP transation types
After configuring the enterprise master data, you must next configure the company master data. This data must be
created once for each sub-context. This example only uses a single context, so this data must only be created once.
UFNs System Metadata for RFx utility functions
System Answered Sources Configurable Defines the available sources of system

answered questions
Company Extension Definitions Configurable List of company-scoped objects which

have extensions

Document Security Templates Configurable Sets up the default collaborators and se
curity when new documents are created
Library Item Phase Configurations Configurable Used to define Phases for Contract Gen
eration library documents
Variable Library Configurable Used to define Tags for Contract Genera

tion
Company extensions Custom List of extensions on individual object

types
Accounts Payable Types Custom Used for general accounting purposes
Activities Custom Used for general accounting purposes
Cost Centers Custom Used for accounting purposes to assign

cost on a center by center basis
Cost Center Groups Custom
Entities Custom Used for accounting purposes for pur

chasing by division
GL Accounts Custom Used for general accounting purposes
Plants* Custom Plants or facilities
Materials* Custom Standard materials for use in line items
Services* Custom Standard services for use in line items
Category Managers Custom Users who are responsible for certain

categories
Master Data Security
When configuring and importing Master Data there are some things to remember about security:
1. Each piece of importable master data has an Import right as part of its ACL list. By default, this right is only
added for the System Administrator security profile, and therefore, only those users can import master data out
of the box. As always, an admin can add Import rights to other security profiles, on an object-by-object basis.
 Example
If Supplier Administrators need to import Supplier records, then that can be enabled.

2. When importing Master Data, be it via CSV, XLS, XML, etc., the user running the imports must have Import
right allowed for all objects in question. The enterprise user is considered trusted and can import any of these
objects.
6.2 Create Master Data Manually
1. Log on as the enterprise user.

2. Create objects from within the Setup module.
3. Log on as a purchaser user with administrative rights to configure company master data.
For more information, see the SAP Sourcing help at http://help.sap.com/sourcing [choose Version] [choose
Language] Application Help SAP Sourcing for Purchasers . In the help, choose Setup System Setup
Master Data .
6.3 Import Master Data Using CSV File
 Note
The user account being used to import the following must have Allow Import rights on these specific objects. If
you do not have Allow Import on these objects, it must be added or the import will fail.
You can import master data files with CSV, XLS, or XLSX format in two ways:
● Use the standard web user interface

● Use a client application distributed with the system, which allows data to be imported outside of the web
environment
The following procedure describes how to import using the web-based UI.
Procedure
1. If application users have already been created, log on as a purchaser user with administrative rights. If users
have not been created, log on as the enterprise user.
2. Navigate to Setup System Administration Import and Export Tools Import Data .
3. Choose Create.
The import wizard opens.
4. Specify whether you want to upload the file to the server or whether the file is already located on the
application server and choose Next.
5. Choose Upload Import File and select the CSV or Deployment Workbook file to import.
6. For CSV files, select the object type and choose Next.

7. Indicate whether you want to wait for the import to finish or perform the import in the background and then
choose Next.
8. Choose Finish to view the results.
6.4 Workbooks
6.4.1 Overview of Workbooks
 Note
There are many sheets in the workbooks that have the prefix eso. While these sheets may appear as duplicates
of other sheets, the data in them is in fact different. These sheets should be imported by default. You may also
add data to these sheets if you would like to augment the data provided in the sample workbooks.
We recommend using the deployment workbook for initial deployment of the system to ensure that all required
data is imported into the system.
To facilitate the import of data, SAP Sourcing provides an alternative to CSV files for import. SAP Sourcing provides
the ability to import Microsoft Excel files containing one or more master data imports. The system processes these
Excel files directly without the user having to export the data to a raw CSV file. The Enterprise Deployment
Workbook and Company Deployment Workbook are two sample deployment workbooks delivered with SAP
Sourcing.
Anyone with system administrator access rights can download the deployment workbooks from the web user
interface. The deployment workbooks are included in the online Reference Guide (RG). When using these, choose
the pair of workbooks corresponding to your licensed product:
● Use the CLM Enterprise Deployment Workbook and CLM Company Deployment Workbook if your license is for
Contract Lifecycle Management (CLM) only.
● Use the Enterprise Deployment Workbook and Company Deployment Workbook if your company has licensed
all modules of SAP Sourcing/CLM.
When starting a new deployment project, preserve the original workbook templates by making a copy of them and
saving them with a new name. Import data using your modified templates only. By doing so, you assure continuity if
future, additional deployments are required.
 Note
Keep the following in mind when using deployment workbooks:
● The Configuration Sheet controls the import process. Refer to the Help Sheet for input specifications of
Configuration Sheet columns.
● The system can import the workbooks directly, but there are limitations to what Excel constructs are
supported. The Help Sheet describes the rules that must be observed.
● The same importing process supports both CSV files and Excel workbooks.

● There is a one to one relationship with the workbook configuration file and the worksheet tabs.
6.4.2 Download and Customize Workbooks
The sample enterprise and company workbooks that you download from SAP Sourcing are designed for you to
configure a base system using a sample enterprise context. We recommend modifying the default deployment
workbooks. Choose the appropriate pair of workbooks from this table:
System Workbooks
SAP Sourcing/CLM (all modules) ● Enterprise Deployment Workbook

● Company Deployment Workbook
Contract Lifecycle Management (CLM) ● CLM Enterprise Deployment Workbook

only
● CLM Company Deployment Workbook
Users setting up a base system should adjust the various settings in these workbooks prior to running them in the
system. For example, the company data should be updated to reflect specifics about the company that is installing
the system. Similarly, you should review other tabs to ensure that the configurations are consistent with the
desired implementation.
 Note
If you want to use SAP Sourcing on an iPad, open the Configurations tab in the workbook, and ensure that
Workbench Page and Channel Configuration are marked Yes in the Enabled column. These configurations
enable structures required for iPad use.
For details on customizable fields, see Master Data [page 24].
Procedure
1. Log on as the enterprise user and choose Reference Guide. Download the sample enterprise and company
workbooks appropriate for your system.
 Note
The enterprise workbook should be run as the enterprise user. The company workbook should be run as a
system administrator associated with the company object intended to be configured.
2. From the Enterprise Deployment workbook, open the file and find the sheet labeled locations and edit this
sheet as necessary.
Only one location is required.
3. Find each sheet, review each sheet and the comments in the sheet, and update the data accordingly.
4. Provide at least one product category.
5. Find the sheet labeled companies and edit it as necessary.

6. Repeat for org_units, groups, accounts, and so on.
Your are establishing a hierarchy. To configure the hierarchy correctly, you must ensure that the child
references the parent correctly. For example, the PARENT column in the org_units page should include a valid
EXTERNAL_ID from the companies sheet.
 Note
To build all custom data in the user interface, simply deactivate the import of the above data types in the
deployment workbook. See the Help page for instructions on how to skip a specific worksheet.
7. Import the enterprise and company workbooks into SAP Sourcing by choosing Setup System
Administration Import and Export Tools Import Data and then choose Create.
6.4.3 Import Master Data Using Workbooks
1. Log on as the user specified in this table, and choose Setup.
To import this workbook... Log in as this user:
Enterprise Deployment Workbook or CLM Enterprise Deployment Workbook Enterprise user
Company Deployment Workbook or CLM Company Deployment Workbook Purchaser user
 Caution
Import only one of each type of workbook (enterprise and company). Do not try to import all four
workbooks.
2. Navigate to Setup System Administration Import and Export Tools Import Data .
3. Choose New to start a new import job.
4. Choose Upload to Server and then choose Next.
5. Select the modified workbook and choose Next.
6. Choose a value for Import Control.
○ Choose In background and click Next. The next page indicates that your request has been submitted. Click
Finish to display the import status.
○ Choose Wait for import to finish and click Next. The next page shows the status of the import. Typically,
running the enterprise workbook can take several minutes. After it completes, click Next and then Finish.
7. Use the breadcrumb to return to the list of Import Data requests. Click Refresh to refresh the list of import
requests so that it shows the most recent.

7 Create and Verify Supplier User
Create a supplier user to test the supplier portal. A supplier user is a contact on a supplier record.
1. Choose Supplier Management Create Supplier .

2. Enter and save the required information.
3. Choose the Contacts tab.
4. Under Supplier Contacts, choose Add.
5. Enter and save the required information.
6. Log on as a supplier user, using the credentials provided in the test user e-mail.
7. Reset the password as prompted and accept the usage terms.

34 PUBLIC Create and Verify Supplier User
8 Install Company Logo
 Note
We do not recommend installing an image larger than 200 x 29.

2. Attach the logo as follows:
1. Choose Setup Organization and Accounting Information Companies .
2. Select the enterprise company from the list and choose Edit Document.
3. Attach your logo image to the company using the Logo Attachment field.
3. Save your entries.
Resize Company Logo
If you have uploaded a company logo in your source release, you must resize the image to 200x29.
1. Log on as a purchaser user with system administrator rights.

2. Choose Setup.
3. On the Master Data tab, find the Organization and Accounting section and choose Companies.
4. Choose the company.
5. Choose Edit.
6. In the Logo field, upload the resized image.

Install Company Logo PUBLIC 35
9 Specify Internal Address of SAP Sourcing
Server
When SAP Sourcing is first installed or whenever a new server is added to an application cluster, the Internet
address that is used for internal communications within SAP Sourcing is initially set to the external host name of
the server. In many cases, this will result in unexpected or delayed behavior in the application.
If the application landscape includes a network firewall, accessing the server through this name requires exiting the
firewall and re-entering. If the firewall blocks incoming traffic on SAP Sourcing’s notification ports, this will result in
failure to deliver notifications for some events. To avoid this, do the following:

2. Open the System Information record for editing.
3. Change the value in the Internal Address field to an internal IP address or host name.
4. Save your changes.

36 PUBLIC Specify Internal Address of SAP Sourcing Server
10 Update Master Time Zone
This procedure is required to enable SAP Sourcing to normalize all dates and times that are used in sourcing
events. Normalizing allows time fields to be presented differently for each user, according to his or her preferred
time zone, while maintaining a consistent reference to the same point in time.

2. Choose Setup System Setup Configuration System Properties .
3. Edit the system.master_timezone property in the system set. This property value should be set to the Java time
zone identifier that corresponds to the current database server time zone.
 Note
The SAP Sourcing Time Zone Value List Type provides a relatively comprehensive list of java time zone
identifiers. To view this list, log on as a purchaser user and navigate to Setup Master Data Value List
Types and Values Time Zone. . The Alternate Name column of this list contains the java time zone identifier
for the corresponding time zone.
 Example
“America/New_York” is the alternate name of the SAP Sourcing Timezone Value List Value for “(GMT-5:00)
Eastern Standard Time”.

Update Master Time Zone PUBLIC 37
11 Install License Key
You must install a license key before the SAP Sourcing system can be used in production mode.
1. Choose Setup System Administration System Management System Information .

2. Note the installation ID from the Installation ID field on the Service Registration tab.
3. Create a support ticket including this ID and a list of the requested modules to license (include the optimizer)
for SAP Customer Support. You will receive a .csv file including all the license keys.
 Note
Requesting the optimizer key without installing an optimizer server will result in a high volume of irrelevant
optimizer-related messages in your log files. If you do not intend to install an optimizer server, do not
request an optimizer key.
4. Log on as the enterprise user and choose Setup System Administration Import and Export Tools
Import Data .
5. Use the import tool to import the licenses you received from Support, as follows:
1. On the Import Wizard: Select a File screen, type a description such as License Keys and choose Upload
Import File to upload the .csv file. Choose Next.
2. On the Import Wizard: CSV Contents screen, select Module License as the Object Type, choose Next, and
follow any additional prompts to finish the process. The successful file import is displayed on the File
Import tab.
6. If installing the Optimizer, verify that the J2EE system properties described in Section 2, Define System
Properties, have been created and assigned proper values.
7. Choose Setup System Administration System Management System Information .
8. Choose the Components tab and verify that the appropriate licenses are checked under SRM Module Licenses.
9. If you are installing the optimizer, verify that a new Optimizer tab appears and displays an appropriate Status
Queue value and JVM information. (If the optimizer is not installed, the Status Queue value is OFFLINE and the
JVM Information is set to unknown.)

38 PUBLIC Install License Key
12 Change Session Timeout and Related
System Properties
 Note
This is optional.
The deployment descriptor for the SAP Sourcing application defaults to a 30-minute session timeout or to the
value that was set during installation.
1. Log on as the system user and set the following system properties in SAP Sourcing:
upp.metering.login_inactivity_timeout Set to the timeout that was chosen when running the config
ure utility.
upp.metering.cleanup_interval Defines the time between runs of the daemon that removes
inactive sessions. It is recommended that this value be set to
a value slightly larger than the
upp.metering.login_inactivity_timeout setting.
(11 SP 11+) upp.metering.timeout.redirect.buy If TRUE, the system automatically redirects to the logout
page after the inactivity timeout period. If FALSE (default),
the redirect happens when the user clicks anywhere on the
page after the timeout period ends.
(11 SP 11+) upp.metering.timeout.redirect.sell If TRUE, the system automatically redirects to the logout
page after the inactivity timeout period. If FALSE (default), a
popup warning displays halfway through the timeout period,
and the redirect happens when the user clicks anywhere on
the page after the timeout period ends.
2. Set the time-out using the configure tool. For information about the configure tool, see the Installation Guide
for SAP Sourcing on the SAP Help Portal at https://help.sap.com/sourcing [choose Version] Installation
and Upgrade .
 Note
Both internal property in SAP Sourcing and configuration tool in NetWeaver should be set to the same
value.

Change Session Timeout and Related System Properties PUBLIC 39
13 Enable Contract Authoring
Use
Contracts, amendments, and clauses use the contract generation service to generate contract documents.
Procedure
To use the DOCX Contract Generation Service, follow these steps:
1. Choose Setup System Properties .

2. From the Name dropdown list, choose contractgen.wordservice.enabled.
3. Make sure the value is FALSE. If not, set the value to FALSE.

40 PUBLIC Enable Contract Authoring
14 Configure Change History Tracking
SAP Sourcing monitors key changes to master agreements. You can leave the default change tracking in place, or
set up a Document Change History Configuration to define which specific agreement fields and collections are
tracked. For fields and collections that are tracked, each individual change triggers its own change history record,
including:
● Timestamp
● Value before and after the change
● User who made the change
Two reports allow you to review change history:
● Document Change History Report shows the change history for an individual master agreement or sub-
agreement. Generate this report from within the agreement by selecting Reports Document Change
History .
● Agreements Change History Report lists change history for one or more agreements, filtered by start date,
end date, and user who made the change. For this report, navigate to Contract Management Reports
Master Agreement Agreements Change History .
By default, SAP Sourcing tracks the following changes to agreements:
1. All standard header-level agreement fields

2. The following additional data:
○ "Document has been modified" message generated each time a change is made. Differences between this
record and other change history records include:
○ Only one "Document has been modified" message is created each time the document is saved,
regardless of how many individual field changes are saved by that action.
○ This message is generated even when the field or collection changed is not defined to have change
tracking.
○ Any "event" category change history, for example:
○ Creation of a new contract document version
○ Changes made by Document Security Template synchronization. When a user changes the default
collaborators on a Document Security Template, each document template that takes its collaborator
list from that Document Security Template is updated. This registers as a change to that document
template for the change history.
○ For ERP integrated systems, status changes to an agreement publish
○ Document close
○ Document cancel
○ Contract document check-out cancelled
○ Contract document workflow activity
Once a Document Change History Configuration is in place:
1. #1 above is replaced by the list of fields and collections defined in the Document Change History Configuration.
2. The same additional data is always tracked.

Configure Change History Tracking PUBLIC 41
14.1 Configure Security Profile Settings for Change History
Tracking
Set up security profiles so that the appropriate users are authorized to create and edit the Document Change
History configuration and view the change history reports.
Context
For general information about security profiles in SAP Sourcing, see the Help topic Security Profiles at Setup
System Administration Tab Accounts and Security Security Profiles and also its sub-topic, Access Rights.
Procedure
1. Log in as a user with appropriate permissions to edit security profiles.

2. To set authorization to the Agreements Change History Report:
a. Navigate to Setup System Administration Accounts and Security Security Profiles .

b. Open the relevant class-level security profile or create a new one.
c. Navigate to the permission for Business Documents Master Agreements View Agreements Change
History Report and set this permission to Allow or Deny, as needed.
3. The Document Change History Report is generated from within an agreement, so the user of the report will be
a collaborator on that agreement. You will need to set this permission specifically on one or more security
profiles corresponding to collaborator roles. To set this authorization:

b. Open a security profile corresponding to a document collaborator role, such as Document Collaborator,
Document Owner, Document Approver.
c. Navigate to the permission for Business Documents View Document Change History Report and set
this permission to Allow or Deny, as needed.
4. Select one or more user profiles to which you will grant authority to create and edit the Document Change
History Configuration:

b. Open the relevant security profile or create a new one.
c. Navigate to the permission for System Document Change History Configuration and set this
permission to Allow or Deny, as needed.

42 PUBLIC Configure Change History Tracking
14.2 Define Document Change History Configuration
Set up a Document Change History Configuration to specify for which fields and collections on Master Agreements
and Agreements you would like to track change history. You can create separate change history configurations for
Master Agreements and Agreements. Each can have exactly one active Document Change History Configuration.
For information about creating a Document Change History Configuration, see the Help topic Document Change
History Configuration at Setup System Setup Configuration Document Change History Configuration
and also its sub-topic, Field Help for Document Change History Configuration.

Configure Change History Tracking PUBLIC 43
15 E-Signature
Releases of SAP Sourcing/CLM prior to 11 SP 9 support two possible E-Signature solution vendors: Adobe Sign
(SOAP protocol) and DocuSign (REST protocol). As of 11 SP 9, Adobe Sign can be configured for either SOAP or
REST protocol.
 Note
Only one E-signature vendor/protocol can be configured at a time.
15.1 NetWeaver: Set Up Proxy Settings
 Caution
If ECC Integration or SRM Integration is enabled with the SAP Sourcing instance, there is a potential for conflict
with the Proxy settings. Please consult and implement instructions as documented in SAP note 2035261 .
Set Up Proxy Settings
The steps to set up proxy settings for Netweaver-based systems are the same for both DocuSign and Adobe Sign.
1. Configure the HTTP properties as described in the SAP NetWeaver Administration guide on the SAP Help
Portal. Navigate to the product page for your version of NetWeaver, for example http://help.sap.com/nw74, and
search for Web Service Administration. Within the guide, navigate to Web Service Administration
Configuring Web Services and Web Service Clients Configuring SAP NetWeaver Administrator Configuring
HTTP Proxy Settings .
2. To add proxy parameters to JVM settings in NetWeaver, navigate to http://<host>:<port>/nwa
Configuration Infrastructure Java System Properties Additional VM Parameters , and add the
following parameters with the appropriate values:
○ -Dhttp.proxyHost
○ -Dhttp.proxyPort
○ -Dhttp.nonProxyHosts
 Note
This setting is required only if your system is integrated with SAP ERP or SAP SRM.
○ -Dhttps.proxyHost
○ -Dhttps.proxyPort
○ -Dhttps.nonProxyHosts

44 PUBLIC E-Signature
 Note
This setting is required only if your system is integrated with SAP ERP or SAP SRM.
 Note
If your proxy server requires a username and password, provide this information with the following
parameters:
○ -Dhttp.proxyUser
○ -Dhttp.proxyPassword
○ -Dhttps.proxyUser
○ -Dhttps.proxyPassword
15.2 SAP Sourcing: Set Up User Rights
 Note
Make sure each CLM user who will be requesting signatures has a corresponding user account on the E-
Signature vendor side with the same e-mail address.
Signers (users who will be asked to sign documents, but who will not be creating requests) do not need their
own accounts on the Adobe Sign/DocuSign side.
Assign Right to Send Contract Documents for Signatures, or to Resolve Errors
To enable a user to use the E-Signature features for contract documents, a system administrator adds to the user's
security profiles.
1. In Setup, choose System Administration Security Profiles

2. Ensure that there exists a security profile with the rights described below, or create one.
3. In Setup, choose System Administration Internal User Accounts .
4. Select the desired user account.
5. Choose the Security tab. Assign to the user one or more roles/security profiles conferring the rights described
below.
Right Description
ESO_CONTRACT_ESIGNATURE Users with this right can send contract documents out for
signatures using the E-Signature feature.
This is access right Contract Generation Contract
Document E-Signature

E-Signature PUBLIC 45
Right Description
ESO_CONTRACT_ESIGNATURE_ADMIN This right allows designated users to resolve errors. Users

with this right can:
This is access right Contract Generation Contract
1. change a contract document while it is out for signa
Document E-Signature Administration tures.
2. choose Reset Status to enable the contract document
signature process to be re-started from the SAP Sourc
ing/CLM side. The state of the signature request on the
E-Signature vendor’s side is unaffected.
SAP recommends that system administrators assign this

right only to other administrators, not to standard users.
6. Choose Done.
15.3 SAP Sourcing: Set Up Scheduled Task to Retrieve E-

Signature Status
Use a Scheduled Task to retrieve the E-Signature statuses of all contract documents, at a frequency you specify,
automatically.

2. Choose Setup.
3. On the System Setup tab, choose Scheduled Tasks.
4. On the subsequent page, choose New, then select E-Signature Status, then choose Continue.
5. Enter the display name and start date. Set the frequency and end date, as desired.
 Note
SAP recommends automatically retrieving E-Signature statuses at least daily, but not more frequently than
every four hours. If the task is run too frequently, then for example the 11:00 status update could start
before the 10:30 status update had finished.
6. Choose Save.
 Note
An end user need not wait for these automated retrievals to see the current E-Signature status of a contract
document. End users can get instant updates of the E-Signature status manually through the contract
document user interface.

15.4 Complete DocuSign Configuration
Set Up E-Signature Account Authentication
After licensing DocuSign, you need to establish communication between SAP Sourcing/CLM and your DocuSign
account.
You can set up the integration using the credentials of a DocuSign user with DocuSign Administrator privileges. The
credentials are the email and password used by this administrator to access your DocuSign account. This
administrator is your authenticating user. This email and password does not necessarily need to be a user in SAP
CLM. SAP recommends that this email and password belong to a shared account that can continue to be used if
the original administrator moves to a different role or leaves your company.
 Note
The authenticating user's DocuSign account permissions must have the following user settings enabled:
● Account-wide rights
● Send on Behalf of rights (API)
The authenticating user's DocuSign email and password is required in the Integrated System Configuration for
DocuSign.
Please consult DocuSign documentation to configure the application and additional users.
The system administrator then configures the E-Signature features of SAP Sourcing/CLM.
Set Up Integrated System Configuration
To set up an account for use with E-Signature, a system administrator creates an integrated system configuration
(ISC) based on a template automatically created as part of the install/upgrade process.
 Note
Integration data security: To protect the data sent via the API's between SAP Sourcing and DocuSign:
● The integration uses https and TLS 1.2 protocol.

● In the SAP Sourcing setup of the Integrated System Configuration, the identifying information for the e-
signature account is masked.

2. Choose Setup System Setup Integration Integrated System Configuration .
3. Choose New.
4. On the subsequent screen, select a System Type of DocuSign, and select Continue.
5. Give the ISC template an External ID, Display Name, and (optionally) Description.
6. Under Configuration Properties, enter the authenticating user's Administrator Email and Password, and choose
Done.

Get the DocuSign SSL Certificate
 Tip
Not all SAP CLM NetWeaver systems will need to install the DocuSign certificate. If you have Java 8, it is
possible that the root certificate is already included in the JVM keystore.
If, after completing all configuration steps, the integration seems not to be working, check the status of the
integration by navigating to Setup System Administration System Information and then to the Audits
tab. If you have an error that includes the phrase “Peer certificate rejected by ChainVerifier,” this indicates a
certificate issue. We recommend you download and install SSL certificate in this case.
1. Navigate to the URL for DocuSign certificates:

https://www.docusign.com/trust/compliance/public-certificates/
2. Click on the appropriate certificate, for example www (NA1) SSL certificate.
 Remember
It is important that you use a current SSL certificate for the correct server.
○ Use the SSL certificate corresponding to the server for your DocuSign URL. For example, if DocuSign
specifies that you should use the URL https://na1.docusign.net/restapi/v2/
login_information, use the SSL certificate for server na1. If you are using the demo URL during
testing, choose the demo SSL certificate.
○ Certificates have validity dates. Plan to update your SSL certificate according to the validity date
provided on the DocuSign certificates webpage.
3. Choose to Save as the certificate .zip file, and choose the directory to which you want to save it.
4. Unzip the certificate.
Import the SSL Certificate into the WebServiceSecurity NetWeaver Key Storage
1. Navigate to <host>:<port>/nwa Configuration Certificates and Keys .

2. Select the WebServiceSecurity keystore view.
3. If you are updating or replacing the DocuSign certificate, remove any previous DocuSign certificates.
4. Choose Import Entry, and select x.509 certificate as the entry type.
5. After installing the certificate, restart NetWeaver.
Import the SSL Certificate into the TrustedCAs NetWeaver Key Storage
(NetWeaver 7.5 SP11 and higher only)
If you are using NetWeaver 7.5 SP11 or higher, the DocuSign SSL certificate needs to be imported into the
TrustedCA Key Storage as well as the WebServiceSecurity Key Storage View. Otherwise, you can skip the following
steps.

2. Select the TrustedCAs keystore view.
3. If you are updating or replacing the DocuSign certificate, remove any previous DocuSign certificates.
Set the System Property for the E-Signature Type
1. Log on to SAP Sourcing/CLM as the system user.

2. On the System Setup tab, choose System Properties.
3. Open contractgen.esignature_type from the Properties list.
4. Enter a value of DOCUSIGN.
5. Choose Done.
Set the System Property for the E-Signature Service URL

3. Open contractgen.esignature_url from the Properties list.
4. Enter the service URL.
○ For testing before purchasing DocuSign:
○ For releases 11 SP 10 and earlier, use the DocuSign demo site: https://demo.docusign.net/restapi/v2/
login_information
○ For releases 11 SP 11 and later, the URL depends on your account number. Build the appropriate URL
as follows.
1. The first portion of the URL is https://demo.docusign.net/restapi/v2/accounts.
2. The final element of the URL is your account number. To find this, log in to your DocuSign account
as an administrator and navigate to your DocuSign profile: in the upper left portion of the screen,
click the initials for your user. This shows your account number under the name: for example,
999999.
3. Assuming the examples named in the earlier steps, the URL would be https://
demo.docusign.net/restapi/v2/accounts/999999. Enter this value in the
contractgen.esignature_url property.
○ When configuring for production use:
○ For releases 11 SP 10 and earlier, enter the service URL provided by DocuSign. This will depend upon
your location but will be in a form similar to https://<server>.docusign.net/restapi/v2/
login_information.
○ For releases 11 SP 11 and later, the URL depends on the base URL for your account, and your account
number. Use these to build the appropriate URL as follows.
1. Log in to your DocuSign account as an administrator and navigate to the Admin tab.
2. In the Integrations section, select API and Keys.
3. In the My Account Information area, locate the Account's Base URL field. This value is the first
portion of the URL: for example, https://na2.docusign.net/.

4. The second portion of the URL is restapi/v2/accounts.
5. The final element of the URL is your account number. Find your DocuSign account number by
navigating to your DocuSign profile: in the upper left portion of the screen, click the initials for your
user. This shows your account number under the name: for example, 999999.
6. Assuming the examples named in the earlier steps, the URL would be https://
na2.docusign.net/restapi/v2/accounts/999999. Enter this value in the
contractgen.esignature_url property.
5. Choose Done.
15.5 Complete Adobe Sign Configuration (SOAP)
 Note
The configuration of Adobe Sign with SOAP protocol is valid for all SP's of 11.0.
Set Up E-Signature Account Authentication
Once you license Adobe Sign, you need to establish communication between SAP Sourcing/CLM and your Adobe
Sign account.
Use your administrator user account to retrieve an integration (API) key. This unique identifier authenticates
communication with Adobe Sign. Note the value for use when creating an Integrated System Configuration in SAP
Sourcing. Please consult Adobe documentation to configure the application and additional users.
The system administrator then configures E-Signature features of SAP Sourcing/CLM.
Set Up Integrated System Configuration
To set up an account for use with E-Signature, a system administrator creates an integrated system configuration
(ISC) based on a template automatically created as part of the install/upgrade process.
 Note
Integration data security: To protect the data sent via the API's between SAP Sourcing and Adobe Sign:
● The integration uses https and TLS 1.2 protocol.

● In the SAP Sourcing setup of the Integrated System Configuration, the identifying information for the e-
signature account is masked.

3. Choose New.

4. On the subsequent screen, select a System Type of Adobe Sign, and select Continue.
5. Give the ISC an External ID, Display Name, and (optionally) Description.
6. Under Configuration Properties, enter the EchoSign Account Key value saved earlier, and choose Done.
Get the Adobe Sign SSL Certificate
Specific steps will vary from browser to browser, but the general process should be similar. Here are sample
instructions for Firefox.
1. Navigate to the appropriate Adobe Sign URL for your release level of SAP Sourcing/CLM. It may depend upon
your location but will be similar to:
https://secure.na1.echosign.com/services/EchoSignDocumentService22
The API version for SAP Sourcing 11.0 is 22, as shown in this example. This is a change in configuration for you
if you are setting up e-signature after upgrading from an earlier release of SAP Sourcing..
2. You can ignore the error message that says "Invalid SOAP request."
3. Choose the lock icon next to the URL.
4. Choose the arrow next to secure.na1.echosign.com, then choose More Information.
5. Open the Security tab.
6. Choose View Certificate.
7. Open the Details tab.
8. Choose Export.
○ From the Save as Type dropdown list, choose the SSL certificate for the version you require.
○ If your operating system does not recognize the exported file as a certificate, add a .cer or .crt extension to
the filename.
 Remember
Certificates have validity dates. Plan to update your SSL certificate according to the validity date provided on
the Adobe Sign certificates webpage.
Import the SSL Certificate into the WebServiceSecurity NetWeaver Key Storage

2. Select the WebServiceSecurity keystore view.
3. If you are updating or replacing the Adobe Sign certificate, remove any previous Adobe Sign certificates.

Import the SSL Certificate into the TrustedCAs NetWeaver Key Storage
(NetWeaver 7.5 SP11 and higher only)
If you are using NetWeaver 7.5 SP11 or higher, the Adobe Sign SSL certificate needs to be imported into the
TrustedCA Key Storage as well as the WebServiceSecurity Key Storage View. Otherwise, you can skip the following
steps.

2. Select the TrustedCAs keystore view.
3. If you are updating or replacing the Adobe Sign certificate, remove any previous Adobe Sign certificates.
Set the System Property for the E-Signature Type

3. Open contractgen.esignature_type from the Properties list.
4. Enter a value of ECHOSIGN.
5. Choose Done.
Set the System Property for the E-Signature Service URL

3. Open contractgen.esignature_url from the Properties list.
4. Enter the appropriate Adobe Sign service URL for your release level of SAP Sourcing/CLM. It may depend upon
your location but will be in a form similar to:
https://secure.na1.echosign.com/services/EchoSignDocumentService22
Set the System Property for the Adobe Sign E-Signature Timeout
Start by setting the length of the e-signature timeout to 300,000 milliseconds, or five minutes. If you find the e-
signature process is timing out, you can change it.

3. Choose contractgen.esignature_timeout from the Name dropdown menu.
4. Enter a numeral specifying the desired length, in milliseconds, for the timeout in the Value field. The Value field
requires no minimum, nor maximum, value, nor number formatting.

15.6 Complete Adobe Sign Configuration (REST)
The configuration of Adobe Sign with REST protocol is supported for SAP Sourcing version 10 SP 20, and for 11 SP
9 and above.
Adobe Sign: Create API Application
See Adobe Sign: Create API Application [page 53].
SAP Sourcing: Set the System Properties for the E-Signature Type and URL
See SAP Sourcing: Set the System Properties for the E-Signature Type and URL [page 54].
SAP Sourcing: Set Up Integrated System Configuration
See SAP Sourcing: Set Up Integrated System Configuration [page 55].
15.6.1 Adobe Sign: Create API Application
Context
For Adobe Sign REST configuration, create the API Application in your Adobe Sign account to identify each SAP
CLM system that will need to connect to your Adobe Sign corporate account.
Procedure
1. Log in to your Adobe Sign account as an Administrator user.

2. Navigate to the Account section.
3. Within the Adobe Sign API section, select API Applications.
4. Create an Application for each of your systems. For example, you could create one for development, one for
QA, and one for production.
 Tip
You can use one Application for multiple systems by using a semicolon-separated list of URL's in step 5(b)
below. This way the Client ID and Client Secret can be the same for all of your CLM systems.

a. Create a new Application by selecting the + button.
b. Provide a Name and Display Name.
c. Choose Customer as the Domain.
d. Click Save.
5. Select your new Application and click Configure OAuth for Application.
a. Note the Client ID and Client Secret for use when configuring SAP Sourcing/CLM.
b. Populate the Redirect URL field as follows, replacing the values in < > brackets:
https://<sourcing server host>:<port>/<sourcing context>/servlet/

AdobeSignAuthServlet
If you want to use one Application for multiple systems, specify a semicolon-separated list of those
systems here.
 Example
https://abc123.loc.comp.corp:50001/eso/servlet/AdobeSignAuthServlet;https://
abc456.loc.comp.corp:50001/eso/servlet/AdobeSignAuthServlet; https://
abc789.loc.comp.corp:50001/eso/servlet/AdobeSignAuthServlet
c. In the Enabled Scopes section, enable the first six options: user_read, user_write, user_login,
agreement_read, agreement_write, agreement_send. Specify Account as the Modifier for each.
 Note
You can specify a Modifier of Group if you segmented your users into groups within your Adobe Sign
account. Contact Adobe for clarification.
d. Select Save. Verify there are no errors and the application is Active.
e. Log out of Adobe Sign.
15.6.2 SAP Sourcing: Set the System Properties for the E-

Signature Type and URL
Context
Specify the E-Signature Type indicating integration to Adobe Sign using REST protocol, and the URL for connecting
to Adobe.
Procedure

3. Open contractgen.esignature_type from the Properties list. If this property does not already exist, click New to
create it, then choose Set contractgen and Name contractgen.esignature_type.

4. Enter a value of ADOBESIGN.
5. Choose Done.
6. Open contractgen.esignature_url from the Properties list. If this property does not already exist, click New to
create it, then choose Set contractgen and Name contractgen.esignature_url.
7. Work with Adobe to confirm your URL. The value will be similar to https://
api.<server>.echosign.com/api/rest/v5.
 Example
https://api.na1.echosign.com/api/rest/v5
8. Choose Done.
15.6.3 SAP Sourcing: Set Up Integrated System Configuration
Context
A system administrator creates an integrated system configuration (ISC) based on a template automatically
created as part of the install/upgrade process.
Procedure

3. Choose New.
4. On the Select System Type screen, select a System Type of Adobe Sign REST, and choose Continue.
5. Give the ISC an External ID, Display Name, and (optionally) Description.
6. Under Configuration Properties, fill in the Client ID and Client Secret from the earlier Adobe Sign: Create API
Application [page 53] step.
7. Select the Generate OAuth Token button and click OK.
 Remember
OAuth tokens last for 60 days. If no one requests signatures in the SAP CLM system within 60 days from
the time a new OAuth token is generated, the OAuth token is disabled. The 60-day limit starts again every
time a user requests a signature from SAP CLM. If 60 days pass without use, the CLM administrator must
generate a new OAuth token to re-establish a connection to your Adobe Sign corporate account. As long as
one user uses the API at least once every 60 days, the existing OAuth token will continue to be active.
a. You will be asked to log back into Adobe Sign. Sign in with the same account administrator (or any account
administrator user).
b. A confirmation page pops up to Confirm Access to the application with the Client ID and Client Secret that
you set up in your Adobe Sign corporate account in the Adobe Sign: Create API Application [page 53] step.
Click Allow Access to confirm the handshake between your SAP CLM system and that application.

 Note
The Allow Access confirmation only displays the first time you generate an OAuth token for a new
Application. If the connection is already there, the confirmation does not come up again.
c. If the Client ID and Client Secret are valid for an active Adobe Sign Application, you will see a confirmation
message that the connection is successful.
d. Close the popup window. At this point, configuration is complete.
8. Save the Integrated System Configuration record by clicking Done.
15.7 After Configuration is Complete
The following procedures may be useful to administrators in monitoring communication between SAP
Sourcing/CLM and the E-Signature vendor’s site, or to make adjustments during daily use of the E-Signature
process.
Check E-Signature Configuration Status

2. Choose Setup and from there, System Information. Then, on the subsequent screen, choose the Audits tab.
3. Choose the correct context for the enterprise/company from the Context dropdown menu.
4. In the Availability pane, there are entries for Adobe Sign Availability, DocuSign Availability, and (in versions 11 SP
9 and later) Adobe Sign REST Availability. If you configured SAP Sourcing/CLM correctly for E-Signature
functionality, and there is no problem with communication on the E-Signature vendor’s side, OK appears in the
Status column next to the name of your selected E-Signature solution.
Resolve E-Signature Errors
Contract Document Status Frozen
Unexpected errors, such as network or system errors, can freeze the status of a contract document. A user with
the E-Signature Administration right can reset the status of the contract document so that the contract author
can cancel the E-Signature process.
1. The contract author adds a user with the E-Signature Administration right to the affected Master Agreement
as a collaborator.
2. The user with the E-Signature Administration right navigates to the E-Signature tab for the frozen contract
document, and chooses Reset Status.
3. SAP recommends that the contract author log in to DocuSign or Adobe Sign, and manually cancel the E-
Signature process for the contract document.
4. Now the E-Signature process can start over.
E-Signature error on Audits tab (DocuSign or Adobe Sign)

If you have an error on the System Information Audits tab that includes the phrase Peer certificate rejected by
ChainVerifier, this indicates a certificate issue. We recommend you download and install the SSL certificate in this
case.
For DocuSign, see Complete DocuSign Configuration [page 47].
For Adobe Sign, see Complete Adobe Sign Configuration (SOAP) [page 50].
Invalid Password Error (Adobe Sign only)
You may receive the following error message:
Error: Invalid password for user sending a Contract Document to Adobe Sign for signature.
This message indicates that the user sending a request for E-Signatures via Adobe Sign is not properly set up in
their Adobe Sign account. Contact Adobe for assistance in resolving this error.
DocuSign Communication Error (DocuSign only)
You may receive the following error message:
DocuSign communication failed. Please see your system administrator.
This message indicates that the user sending a request for E-Signatures via DocuSign is not properly set up in their
DocuSign account, or there is some other problem with DocuSign access and/or authentication. Navigate to
System Information Audits tab to check the status of communication with DocuSign.
● If that is not OK, make sure that all configuration setup described earlier in this section has been completed
correctly.
● If the Audits tab says DocuSign communication is OK, this message may indicate that the requesting user is
not set up properly in DocuSign.
Depending on the nature of the problem, you may have to seek assistance from DocuSign to resolve the error, and
then re-start the E-Signature process from the SAP Sourcing/CLM side.
DocuSign Connection Error (DocuSign only)
If the DocuSign section of the Audits tab has an error like
HTTP Error: 400
This is probably related to the URL saved in the contractgen.esignature_url system property.
● Check to make sure you are using the correct URL. Depending on your e-signature solution, see Complete
DocuSign Configuration [page 47], Complete Adobe Sign Configuration (SOAP) [page 50], or Complete Adobe
Sign Configuration (REST) [page 53].
● Check for erroneous spaces and correct spelling.
15.8 Changing E-Signature Solutions

In order to switch E-Signature solutions, including from Adobe Sign SOAP protocol to Adobe Sign REST protocol,
SAP recommends you complete any existing signature requests before you make the change.
1. Find any contract documents currently in the E-Signature process. All of these processes must be completed.
○ On the Sourcing/CLM side, ensure that E-Signature processes for all contract documents are completed,
or use Reset Status to interrupt the process. You may want to alert users a couple weeks before you plan to

make the change, so that they can process whatever contract signature cycles can reasonably be
completed, and hold off on any that would get “caught” in or hold up the changeover process.
○ Determine which requests on the E-Signature vendor side remain unprocessed. Close out any signature
requests by logging directly into the site of the vendor you are switching from.
2. Create an Integrated System Configuration of type [new E-Signature system]. Complete the setup for the new
E-Signature solution.
3. When you are ready to make the change, login to SAP Sourcing/CLM as the system user and change the
system properties.
○ Open contractgen.esignature_type from the Properties list. Change the value to the value for the E-
Signature product you now want to be using, ECHOSIGN (for Adobe Sign using SOAP protocol) or
DOCUSIGN or ADOBESIGN (for Adobe Sign using REST protocol). Adobe Sign REST protocol is supported
as of SAP Sourcing/CLM version 11 SP 9.
○ Open contractgen.esignature_url from the Properties list. Change the value to the appropriate URL for your
new E-Signature solution.

16 Configure Workbench
Use
The CLM system is delivered with a base workbench page that is available to all internal users. Additionally, the
system is configured with a workbench page intended to be used by CLM contract managers.
The workbench page is established in the system, but requires additional configuration to make it available to the
desired users. This configuration is done by adding collaborators to the Contract Management Workbench page.
Prerequisites
You must be logged on as the enterprise user.
Procedure
Configure the Contract Management Workbench page with the individual users or user groups that should also have
access to the page.
To do this, go to Setup System Setup Workbench Workbench Page All Workbench Pages . Edit the
Contract Management page and add collaborators.

Configure Workbench PUBLIC 59
17 Configure Branding
The following procedures enable you to change the branding from the default SAP Sourcing to SAP CLM. Four
branding items are affected:
● Branding text in the title bar of the browser (for example, SAP Sourcing)
● SAP CLM logo image for the purchaser login page
● SAP CLM Business Partner logo image for the supplier login page
● Images on the login page
● Images on the splash screen
Procedure
Change the Branding after Installation
1. Choose Setup System Properties .

2. Change the value of system.brand_name to (for example) SAP CLM.
Themes
 Note
The following two steps require editing of themes. For further information about themes, see the SAP Sourcing
help at http://help.sap.com/sourcing [choose Version] [choose Language] Application Help SAP
Sourcing for Purchasers . In the help, choose Setup Themes .
1. Open the current enterprise’s theme Branding area and choose Purchaser Login Banner link, then Image link.
Delete the original path in Image Path field, and paste /images/logos/logo_sapXCLM.gif.
2. Choose Delete on Background Image field.
3. Choose the Supplier Login Banner link, then Image link. Delete the original path in Image Path field, and paste /
images/logos/logo_sapXCLMBusinessPartner.gif.
4. Choose Delete on Background Image field.

60 PUBLIC Configure Branding
18 Configuring Supplier Workflow
Management
By default supplier workflow management feature is disabled in SAP Sourcing. To enable this feature you need to
perform following general steps:
1. Create Workflow Definitions

2. Create Supplier Configurable Phase Definition
3. Create/Modify Supplier Type
4. Create Supplier Field Access Definition (optional)
5. Configure Security Templates
6. Assign Supplier Types to Suppliers
7. Configure Supplier UI Mapping
The following subsections provide details for each of these steps.
Create Workflow Definitions
1. Navigate to Setup System Setup Workflow Workflow Definitions .

2. On the Workflow Definitions List page, click New.
3. On the Workflow Definition Summary page, fill in the fields with workflow information. For details, see the Field
Help for Workflow Definition Summary page.
4. Click the Add New Version button to add a process template to the workflow definition. For details, see the
Field Help for Process Template Dialog Box page.
5. Click Save.
6. Create another Workflow Definition if necessary.
Create Supplier Configurable Phase Definition
Supplier phases determine the actions that can be performed on supplier registration and modification requests.
To create a supplier configurable phase definition:
1. Navigate to Setup Document Setup Suppliers Supplier Configurable Phase Definition .

2. On the Supplier Configurable Phase Definition List page, click New.
3. On the Header page, fill in the fields with phase information. For details, see the Field help for Supplier
Configurable Phase Definition Header page.
4. Click Add to add phases to the definition.
5. In the dialog box that appears, select each phase to include in the phase definition and click OK.
6. (optional) Click the Edit icon for each phase to edit phase information, including the sequence of phases in the
workflow. On this page you can assign workflow definition and supplier field access definition. For details, see
the Field help for Supplier Configurable Phase Header page.

Configuring Supplier Workflow Management PUBLIC 61
7. Click Save.
8. Create another Supplier Configurable Phase Definition if necessary.
Create/Modify Supplier Type
Supplier types can be used to determine whioch workflow phase definition to enable in a supplier registration or
modification requests. The Configurable Phase Definition field of Supplier Type is responsible for defining
whether registration/modification requests will use workflow and which phases will have these requests. If
Configurable Phase Definition is empty then supplier registration and modification requests will not have
configured phases and any supplier administrator will be able to approve or deny request of such type. To enable
supplier workflow management some supplierconfigurable phase definition must be assigned to supplier types.
SAP Sourcing provides one default supplier type. You can modify this type and create new ones.
1. Navigate to Setup Document Setup Suppliers Supplier Type .

2. On the Supplier Type List page, click New for creating new type or select an existing Supplier Type from the list
for editing.
3. On the Type page, fill in necessary fields. On this page you can assign a Supplier Configurable Phase Definition
to the Supplier Type. For details, see the Field Help for Supplier Type page.
Create Supplier Field Access Definition
This step is optional.
Supplier Field Access Definition allows you to configure access rules for approvers on specific phases.
To create a supplier field access definition:
1. Navigate to Setup Document Setup Suppliers Supplier Field Access Definition .

2. On the Supplier Field Access Definition List page, click New.
3. On the UI page fill in necessary fields. For details, see the Field Help for Supplier Field Access Definition page.
4. Click Save.
5. Open existing Supplier Configurable Phase Definition.
6. Click Edit.
7. Click the Edit icon for the phase where you want to configure access rights for approvers. This should be the
approval phase.
8. Click the Lookup icon to select a supplier field access definition to associate with this phase.
9. Save the Supplier Configurable Phase Definition.
Configure Security Templates
This is a very important configuration step. In the case of supplier registrations/modifications without configured
workflows, requests can be viewed and approved by any Supplier Administrator. But in the case of new functionality
collaborator, security is used to define access rights. A document security template is a set of rules governing the

62 PUBLIC Configuring Supplier Workflow Management
way an SAP Sourcing document assigns collaborator roles. You should configure collaborators, defined by role and
user type, that are automatically added to a registration and modification requests.
You must configure two security templates: first for Workflow Supplier Registration and second for Workflow
Supplier Modification. The following must be configured in these templates:
● The document owner must be any specified buy-side user. Otherwise automatic phase transitions will not work
for sell-side and the phase will need to be changed manually by any buy-side user.
● Document creator (current user) must be added to collaborator list with a role that allows viewing, editing, and
changing phases (e.g. Collaborator).
● Supplier administrators should be included on the collaborator list to be able to view and manually complete
registration/modification requests, in case automatic completion should fail for some reason.
Assign Supplier Type to Supplier
The supplier type is used to recognize phases for supplier modifications via workflow. The supplier type can be
changed for any supplier, as follows:
1. Open the supplier whose supplier type you want to reassign.

2. Press Edit.
3. Click the Lookup icon under the Document Type field.
4. Select a new supplier type.
5. Click OK.
6. Click Save.
 Note
When the supplier is created via workflow, the supplier type used for creation is assigned to the created
supplier.
Configure Supplier UI Mapping
The supplier type can be mapped to any supplier-side self-registration form. The Supplier Type UI includes a
collection of Supplier registration UI Mappings. This allows you to configure the mapping between supplier type
and self-registration forms:
1. Open any Supplier Type

2. Click Edit.
3. Click Add under Sell-Side Supplier Registration UI Mapping to add the UI page that will be mapped to this type.
4. Click Save.
 Note
The self-registration form can be assigned to only one supplier type. If no form is assigned to a supplier type,
the default supplier type will be used for registration.

Configuring Supplier Workflow Management PUBLIC 63
19 Fiori My Inbox Integration
You can configure the ability for users to review and approve SAP Sourcing work items via the Fiori My Inbox
approval app. SAP Sourcing / CLM work items currently supported for use with Fiori My Inbox include workflow
approvals for:
● Projects
● Contract documents
● Userdefined objects
● Supplier registrations and modifications
Once configured, users can take the following SAP Sourcing / CLM actions using Fiori My Inbox:
● Use the Approval Inbox to see a list of Sourcing work items that require their approval
● Approve or Reject a work item, including a comment about the approval or rejection
● Display Approval History of a work item before approving or rejecting it
● Download a Contract document and review it before taking actions such as Approve or Reject
As in the standard SAP Sourcing user interface, each user’s access to work items is determined by the user roles
and security profiles assigned to that user.
Terminology used for SAP Sourcing objects in the Fiori UI can be customized as in the standard UI, by defining
alternate UI texts using Localized Resources. The UME authentication model is required for authentication between
ABAP and Java (Sourcing) systems. Sourcing document metadata can be customized using query definition
modifications.
 Note
For current recommendations concerning the version of Fiori My Inbox compatible with your SAP Sourcing
version, consult the Product Availability Matrix at http://support.sap.com/pam .
 Note
Fiori configuration for SAP Sourcing must be performed by a person with the following roles:
● Basis user administration roles

● SAP Sourcing system user
Familiarity with the Fiori My Inbox platform is also required.
Available resources for understanding and setting up this integration include:
● This section of the Configuration Guide for SAP Sourcing, which describes the integration setup in detail.
● Web Services Guide for SAP Sourcing, found on the Help Portal at https://help.sap.com/sourcing [choose
Version] Configuration .
● Sample Fiori Workflow Web Service zip file, found in the SAP SourcingReference Guide: log in to SAP Sourcing
and chooseReference Guide in the upper right area of the page.
● README.txt included with the other sample web service zip files. This document is the same for all three
(project, contract document, RFx) and the general description of how the import files are used is also true for
the Fiori workflow zip file.

64 PUBLIC Fiori My Inbox Integration
● Web Service Cookbook and Troubleshooting Guide, found on the Help Portal at https://help.sap.com/sourcing
[choose Version] Configuration . This guide describes examples of executing scripts and submitting
queries via the SAP Sourcing web service framework, and offers troubleshooting suggestions including the use
of the Web Service Request Log.
Overview of Configuration Steps
1. SAP Sourcing Configuration

○ Create an Integrated System Configuration for Fiori. The properties in this ISC include the Fiori URL and
other query ID’s for displaying document metadata.
○ Define the system property system.security.csrf.trusted_referrer_domains to make the domain for Fiori a
trusted domain. This stops SAP Sourcing from blocking the redirect (to the Fiori MyInbox app) based on
the referrer.
○ Decide whether to use java-based REST web services or script-based services. Then, register the list of
query definitions to execute through REST Query Service.
2. Install and configure the Fiori My Inbox application and the necessary integration component.
3. Define trust between ABAP and the SAP Sourcing system. For authentication, we are using SAP Assertion
Tickets, for which UME configuration is required on the SAP Sourcing system and ABAP Gateway systems.
4. Custom task provider back-end configurations - The Task Consumption Model in Gateway is a harmonized task
representation defined by SAP and exposed by SAP NetWeaver Gateway as a restful OData service. To enable
third-party task engines to provision their tasks within this harmonized inbox (MyInbox), SAP NetWeaver
Gateway provides an extensibility mechanism for adding additional custom task providers.
5. Fiori My Inbox App front-end configurations
19.1 SAP Sourcing Configuration
Prerequisites
● There must exist an SAP Sourcing user with the “Web Service User” security profile or another security profile
conferring the ability to use web services. See the Web Services Guide for SAP Sourcing 11.0, Section 7, Web
Services Already Configured for Use.
● The Sourcing user account with web services security must also exist in the ABAP system where Fiori My Inbox
is installed.

Fiori My Inbox Integration PUBLIC 65
19.1.1 Create Integrated System Configuration for Fiori
Context
The Integrated System Configuration defines properties allowing communication between SAP Sourcing and Fiori
My Inbox.
Procedure
1. Log in to your SAP Sourcing system as the Enterprise user.
2. Navigate to Setup System Setup Integration Integrated System Configuration .

3. Choose New.
4. Select System Type “Fiori” and choose Continue.
5. Set up the configuration as described in the following table. This determines which attributes for each
document type are visible on the Fiori My Inbox app. The standard queries listed here provide metadata for
each document. To make additional SAP Sourcing fields available to Fiori My Inbox, you can duplicate the
standard query and create custom queries for use in this Fiori Integrated System Configuration. For example,
you might do this in order to show an extension field.
Field or Property Value
External ID According to your naming conventions
Display Name "Fiori Integrated System Configuration" or other name.
Description Enter descriptive information.
Fiori URL URL for the Fiori My Inbox app. This will be used when send
ing email notifications from SAP Sourcing/CLM to Fiori My
Inbox.
Contract Doc Query ID ODPESOContractWorkflowApprovalsMetadata
Projects Query ID ODPESOProjectWorkflowApprovalsMetadata
Supplier Modification Query ID ODPESOSupplierWorkflowApprovalsMetadata
Supplier Registration Query ID ODPESOSupplierWorkflowApprovalsMetadata
User Defined 1 Query ID ODPESOUDO1WorkflowApprovalsMetadata
6. Choose Save or Done.

19.1.2 Define System Property for Trusted Domain
Context
The Trusted Domain property allows a Sourcing Document link to open directly from the Fiori application.
Procedure
1. Log in to your SAP Sourcing system as the System user.
2. Navigate to Setup System Setup Configuration System Properties .

3. Open or create the system property: system.security.csrf.trusted_referrer_domains. Add to it the
Fiori system domain.
4. Choose Done.
19.1.3 Set Up Web Service Definitions
Integration with the Fiori My Inbox application requires configuration of web services to facilitate execution of
workflow actions initiated from My Inbox. You can use java-based REST web services, or script-based services.
A standard web service definition is created automatically when you install or upgrade to SAP Sourcing 11.0. If your
implementation does not require any customization and therefore you would like to use the standard (Java) setup,
you can create an integrated system configuration and set the system property for the trusted domain as
described earlier, then skip this section and move on to Fiori My Inbox Installation and Setup. If you do require
customization, for example if you have extension field data that you want visible to approvers using mobile devices,
you can implement a script-based solution by following the steps in this section.
On the Reference Guide page, find the Sample Fiori Workflow Web Service link and use it to download the file
named FioriWorkflowService.zip. That zip file includes:
1. FioriWorkflowServiceWorkbook.xlsx. This workbook has the following worksheets:

○ Configuration – contains instructions for how to use the workbook, and settings to enable or disable
each of the other sheets.
○ Callable_scripts – contains sample scripts you can copy as a basis for script-based services.
○ Web_services – for importing a web service definition.
○ Operation_configs – for importing java-based web services into your web service definition.
2. FioriWorkflowService.xsd must be attached to the web service definition before importing the service
definitions in the operation_configs sheet.
3. A number of *.bsh files. These are samples you can use to create explicitly called scripts.
The Configuration tab in FioriWorkflowServiceWorkbook.xlsx includes instructions. Also see the Web
Services Guide for SAP Sourcing:
● Chapter 4, Authoring New Inbound Script-Based Web Services – Tasks for the Web Service Author
● Chapter 7, Appendix: Web Services Already Configured for Use

After this setup, start the web service. Open the Web Service Definition for Fiori and choose Actions Start .
Remember in a multi-tenant implementation, the user for the web service definition must be defined as an SAP
Sourcing Advanced User (as System user, navigate to Setup Tenant Configuration .
19.2 Fiori My Inbox Installation and Setup
Fiori My Inbox is a single go-to Inbox for handling SAP and non-SAP workflows in an enterprise. It follows the Fiori
design language for an improved user experience. With My Inbox you can:
● Make decisions using mobile or desktop devices anywhere and anytime

● Process your standard and custom workflow tasks from multiple sources
● Collaborate using a mini forum for each task
● Share documents through tasks
● Share tasks by email or JAM and by explicit forwarding
● Execute multiple tasks simultaneously
● Manage substitutes to accomplish tasks during your absence
The My Inbox app consists of a front-end component for the user interface plus Task Gateway for OData services.
You can use the app with any SAP or non-SAP back-end component that contains tasks or workflows. SAP delivers
connectivity to SAP Business Workflow and SAP NetWeaver BPM; for others, you will need to build custom task
providers.
Prerequisites
Before you start to implement the app:
● Download and install Fiori My Inbox.

● Download the integration component and deploy as part of your NetWeaver Gateway system. For more
information, see the section Install SAP Sourcing Fiori My Inbox Integration Component (optional) in the
appropriate database version of the Installation Guide for SAP Sourcing 11.0, found on the Help Portal at
http://help.sap.com/sourcing/11.0 Installation and Upgrade .
 Note
Install Fiori My Inbox before downloading and deploying the integration component for SAP Sourcing.
● Ensure that your system landscape has been set up to enable SAP Fiori.
● This also implies that the front-end and back-end components for your app are already available in this system
landscape.
More Information
Use the following help documents to understand system landscape and installation.
For recommendations concerning the version of My Inbox to use with SAP Sourcing 11.0, consult Supported
Platforms and Configurations.

For a description of how to install Fiori My Inbox, go to https://help.sap.com/viewer/product/SAP_FIORI/latest/en-
US SAP Fiori For SAP More SAP Fiori Products for SAP Business Suite SAP Fiori 2.0 for Request
Approvals(English document) Installation Information .
For details about implementation of the Fiori app, see:
https://help.sap.com/viewer/product/SAP_FIORI/latest/en-US SAP Fiori For SAP More SAP Fiori Products

for SAP Business Suite SAP Fiori 2.0 for Request Approvals(English document) My Inbox App Implementation:
My Inbox .
You can find the required SAP Notes for the My Inbox app in 2221151 , the Release Information Note for SAP
Fiori My Inbox 2.0, which provides information about each SP of My Inbox 2.0.
19.3 Authentication: UME Configuration
This section describes steps to configure use of SAP assertion ticket authentication from the ABAP system to the
Java system.
19.3.1 On the ABAP system: enable logon tickets
Procedure
1. Log in to the NetWeaver gateway system as a user with administrative access.

2. Enter transaction SSO2.
3. Under Edit Profile, choose Extended Maintenance.
4. Select Change.
5. Find the parameter name login/create_sso2_ticket.
6. Change the parameter value to 1.
7. Select the Back button (green with arrows pointing to left).
8. In response to “The profile was changed. Save changes?” choose Yes.
9. Select the Save button.
10. Select the green Check button on the dialog window warning that the application server must be restarted for
changes to take effect.
11. Restart the application server.
19.3.2 On the Java system
For each task

1. Logon to the NetWeaver administration console (NWA) as a user an administrator user.
2. 2. Navigate to Configuration Security .
19.3.2.1 Add ABAP system as a trusted system
Procedure
1. On Configuration Security page, select Trusted Systems.
2. Select Add Trusted System By Querying Trusted System .

3. Enter details as follows.
Field Value
System Type ABAP
Host Name Host name of the ABAP system
System Number Instance number
Client 3-Digit client number for ABAP user ID below
User Name ABAP instance user ID
Password Password for ABAP instance user ID
4. Select Next.
5. Select Finish.
6. Verify the ABAP system was added to Trusted System list and the certificate is valid (Certificate Validity
column).
19.3.2.2 Modify the ticket stack to support SAP Assertion

Tickets
Procedure
1. From Configuration Security page, select Authentication and Single Sign-On.

2. On the Authentication tab, choose the ticket logon stack.
3. Select the Edit button.
4. Under Login Modules, select Add and enter:
○ Login Module Name: EvaluateAssertionTicketLoginModule
○ Flag: SUFFICIENT
Under Options of Login module EvaluateAssertionTicketLoginModule, values should be filled in
automatically.
5. On the list of Login Modules, move EvaluateAssertionTicketLoginModule to a position above
BasicPasswordLoginModule.

6. Select Save.
7. Verify the Authentication Stack shows the modules in this order:
○ EvaluateTicketLoginModule
○ EvaluateAssertionTicketLoginModule
○ BasicPasswordLoginModule
○ CreateTicketLoginModule
19.4 Custom Task Provider Configuration
The Task Consumption Model in Gateway is a harmonized task representation defined by SAP and exposed by SAP
NetWeaver Gateway as a restful OData service.
To enable third-party task engines to provision their tasks within this harmonized inbox (MyInbox), SAP NetWeaver
Gateway provides an extensibility mechanism for adding additional custom task providers. Once the My Inbox
installation is complete, several steps are required to set up Custom Task Provider:
1. Activate the TASKPROCESSING OData service (TODO Activate in SICF transaction)

2. Configure NetWeaver gateway system
3. Enable My Inbox app access in the SAP Fiori Launchpad
4. Enable user list for task gateway service
5. Configure branding
19.4.1 Activate TASKPROCESSING OData service
Procedure
1. Log into the SAP Gateway system with the required privileges.
2. Run transaction Activate and maintain services (/IWFND/MAINT_SERVICE).
3. Choose Add Service.
4. Enter the system alias of your back-end system, or LOCAL.
5. In the External Service Name field, enter TASKPROCESSING.
6. In the Version field, enter version 2.
7. Choose Get Services.
8. Choose Add Selected Services.
9. Enter a Technical Service Name for the service in your customer namespace.
10. Under Creation Information, assign a package or choose Local Object.
11. Choose Execute to save the service.

19.4.2 Configure NetWeaver gateway system
The following customizations are required for each system.
1. Create an RFC destination for use with the SAP system alias.
2. Create an SAP system alias with software version using transaction SPRO, to be used by the
TASKPROCESSING service
3. Assign an SAP system alias to the registered TASKPROCESSING service at /IWFND/MAINT_SERVICES
4. Create RFC destinations (HTTP connections to external server) using SM59
5. Insert RFC alias names into table ESOFIO_RFC_NAMES using SM30
6. Enable User List for Task Gateway Service for substitution users search
7. Define a scenario (SPRO)
8. Define a consumer per scenario (SPRO)
9. Configure scenario task definitions (SPRO)
19.4.2.1 Create a Type 3 RFC destination
In this step, create a Type 3 connection from the SAP NetWeaver Gateway host to the same system as the Java
back-end system.
Context
In transaction SPRO open the SAP Reference IMG and navigate to SAP NetWeaver Gateway OData Channel
Configuration Connection Settings SAP NetWeaver Gateway to SAP System Manage RFC Destinations and
click on the Activity icon.
Procedure
1. Choose Create.
2. In the RFC Destination field, enter the RFC destination name in the following format: <system id
>CLNT<Client>.
3. In the Connection Type field, enter 3.
4. In the Description 1 field, enter an explanatory text, for example, RFC Destination to SAP Server.
5. Save your settings.
6. On the Technical Settings and Load Balancing tab, select the relevant option according to your system's
settings.
7. In the Target System field, enter the system id of the same SAP NetWeaver Gateway Host (Front-end).
8. In the Message Server field, enter the SAP NetWeaver Gateway server name.
9. On tab Logon & Security enter the SAP NetWeaver Gateway system's client number.

10. Provide User credentials with necessary roles.
11. For Trust Relationship activate No.
12. Save your entries.
19.4.2.2 Create an SAP system alias
1. Log in to ABAP system. Use transaction PRO.

2. Navigate to SAP Reference IMG SAP NetWeaver Gateway OData Channel Configuration
Connection Settings SAP NetWeaver Gateway to SAP System Manage SAP System Aliases .
3. Choose New Entries. Enter the following details for the system alias.
Field Description
SAP System Alias According to your naming conventions
Description Enter descriptive information
Local SAP Gateway Unchecked
For Local App Checked
RFC Destination Enter the RFC destination created as part of Create a Type 3
RFC destination [page 72]
Software Version ESO001
System ID No entry required
Client No entry required
WS Provider System No entry required
19.4.2.3 Assign SAP system alias to TASKPROCESSING OData

service
Procedure
1. Navigate to SAP Reference IMG SAP NetWeaver Gateway OData Channel Administration General
Settings Activate and Maintain Services .
2. Choose Filter and filter for the External Service Name: TASKPROCESSING.
3. Double-click on Task Gateway Service Version 2.0. You can see the system aliases added to this service.
4. Add the new system alias created earlier.
5. Save.

19.4.2.4 Create RFC destinations
1. Log in to the ABAP gateway system. Use transaction SM59.

2. Create RFC destinations (HTTP connections to an external server, the SAP Sourcing system), defined as
follows.
Comment (optional,
RFC Destination set by user) Technical Settings
Target Host Path Prefix (applica Service Number

tion context for your (Sourcing system port
SAP Sourcing system) number)
ESO_CLM_FIO_APP HTTP connection to <Sourcing /eso11/ 50001

LY_DEC_ON_TASK SAP Sourcing system System domain> ngservices/
for approving or reject rest/workitems/
ing the work item action
ESO_CLM_FIO_COM HTTP Connection to /eso11/ 50001

MENTS get the Approval his ngservices/
tory comments from rest/workitems/
the SAP Sourcing sys comments/
tem
ESO_CLM_FIO_CUS HTTP connection to /eso11/ 50001

TOM_ATTRIBUTES Sourcing system to get ngservices/
custom attributes rest/workitems/
custattributes/
ESO_CLM_FIO_CUS HTTP connection to /eso11/ 50001

T_ATTR_DEFINITI SAP Sourcing system ngservices/
ON to get custom attribute rest/workitems/
definitions custattributede
finitions/
ESO_CLM_FIO_DEC HTTP External connec /eso11/ 50001

ISION_OPTIONS tion to SAP Sourcing ngservices/
system to get decision rest/workitems/
options decisionoptions
/
ESO_CLM_FIO_DEL HTTP External connec /eso11/ 50001

ETE_SUBSTITUTE tion to SAP Sourcing to ngservices/
delete substitutions rest/workitems/
deletesubstitut
e/
ESO_CLM_FIO_PRO HTTP External Con /eso11/ 50001

CESS_LOGS nection to SAP Sourc ngservices/
ing system to get the rest/workitems/
approval history processlogs/

Comment (optional,
ESO_CLM_FIO_REA HTTP External Con /sourcing/ 50001

D_TASK_WI nection to SAP Sourc ngservices/
ing system to Get the rest/workitems/
work item information workitems/' &&
OBJREF_ID
ESO_CLM_FIO_SUB HTTP External Con /eso11/ 50001

STITUTES nection to SAP Sourc ngservices/
ing system to get sub rest/workitems/
stitutes list substitutes
ESO_CLM_FIO_SUB HTTP External Con /eso11/ 50001

_PROFILES nection to SAP Sourc ngservices/
ing system to fetch rest/workitems/
substitution profiles substitutionpro
files
ESO_CLM_FIO_TAS HTTP External Con /eso11/ 50001

K_ATTACHMENTS nection to SAP Sourc ngservices/
ing system to get the rest/workitems/
attachments attachments/

K_ATTACH_STREAM nection to SAP sourc ngservices/
ing system to Get the rest/workitems/
attachment stream attachmentstrea
info in bytes m/

K_DEFINITIONS nection to SAP sourc ngservices/
ing system to get task rest/workitems/
definitions list taskdefinitions
/

K_DESCRIPTION nection to SAP sourc ngservices/
ing system to get task rest/workitems/
description taskdescription
/

K_OBJECTS nection to SAP sourc ngservices/
ing system to get ob rest/workitems/
ject link to open SAP taskobjects/
sourcing document di
rectly

K_UI_EXECUTION nection to SAP sourc ngservices/
ing system to get work rest/workitems/
item document direct uiexecution/
URL

Comment (optional,
ESO_CLM_FIO_WOR HTTP External Con /eso11/ 50001

KITEMS nection to SAP sourc ngservices/
ing system to get all rest/workitems/
the work items associ workitems/
ated with Approver
3. On the Logon & Security tab:

○ For Logon with User, choose Do Not Use a User.
○ For Logon with Ticket, choose Send Logon Ticket Without Ref. to Target System.
19.4.2.5 Insert RFC alias names into table ESOFIO_RFC_NAMES
1. Log in to the ABAP system. Use transaction SM30.

2. Add to the table ESOFIO_RFC_NAMES the list of RFC destinations created in Create RFC destinations [page 74].
It is important to map each RFC destination name with the proper RFC Code as shown below. The RFC codes
are used in ABAP to call the relevant service, so that we get the desired output. If the mappings are not correct,
we get unexpected results or errors.
ESO RFC Code RFC Destination
1 ESO_CLM_FIO_WORKITEMS
2 ESO_CLM_FIO_TASK_ATTACHMENTS
3 ESO_CLM_FIO_TASK_DEFINITIONS
4 ESO_CLM_FIO_SUB_PROFILES
5 ESO_CLM_FIO_SUBSTITUTES
6 ESO_CLM_FIO_PROCESS_LOGS
7 ESO_CLM_FIO_DECISION_OPTIONS
8 ESO_CLM_FIO_COMMENTS
9 ESO_CLM_FIO_CUST_ATTR_DEFINITION
10 ESO_CLM_FIO_APPLY_DEC_ON_TASK
11 ESO_CLM_FIO_DELETE_SUBSTITUTE
12 ESO_CLM_FIO_CUSTOM_ATTRIBUTES
13 ESO_CLM_FIO_TASK_OBJECTS
14 ESO_CLM_FIO_TASK_ATTACH_STREAM
15 ESO_CLM_FIO_READ_TASK_WI
16 ESO_CLM_FIO_TASK_DESCRIPTION
17 ESO_CLM_FIO_TASK_UI_EXECUTION

19.4.2.6 Enable user list for Task Gateway Service
Context
These steps enable the user list so that when working with SAP Sourcing documents via the Fiori Inbox, a user
assigned to approve documents can search for and assign a substitute user to accomplish that task.
Procedure
1. Login into the ABAP system and use transaction SPRO.
2. Navigate to SAP Reference IMG SAP NetWeaver SAP Gateway Service Enablement Content Task
Gateway Task Gateway Service Task Gateway Service Settings . From here, open the Task Gateway Service
Settings and set Is User List Enabled to TRUE.
19.4.2.7 Define a scenario
A scenario is an aggregation of different task activities that are visualized by the same business application.
To add a new scenario:
1. Log in to Gateway system as a user with appropriate privileges.

2. In transaction SPRO, open the SAP Reference IMG and navigate to SAP NetWeaver Gateway Service
Enablement Content Task Gateway Task Gateway Service Scenario Definition .
3. Click the activity icon.
4. Choose New Entries. Enter the following details for the scenario definition.
Field Description
Scenario Identifier Unique ID for the scenario (SOURCING_CLM_APPROVAL)
Scenario Display Name Description for the scenario (Approving Sourcing and CLM
Business Documents)
Technical Service Name Press F4 and select the scenario service identifier and ver
sion.
(Select /IWPGW/TASKPROCESSING version 2)
EntitySet External Name Task
Property External Name TaskDefinitionID
Default Sort by Property (optional) TaskDefinitionID
Mass Action (optional) Select the checkbox to enable mass action (Selected)
5. Skip other entries.

6. Save the settings.
19.4.2.8 Configure a consumer per scenario
19.4.2.8.1 Define a consumer type per scenario
Context
To assign a consumer type for a scenario:
Procedure
1. In the Scenario Definition table, select the row containing the desired scenario.
2. From the Dialog Structure section, double-click Assign Consumer Type to Scenario.
3. Choose New Entries.
4. In the Task Gateway Consumer Type field, select the desired consumer type. Each scenario needs to be
assigned to at least one Consumer Type (Mobile, Desktop, or Tablet). It aggregates the Task Definition IDs
and System Alias from which the Task’s source originates.
5. Save the changes.
19.4.2.8.2 Assign a role to a consumer type and scenario

(optional)
Context
You can also specify roles for each consumer type and scenario definition to restrict access to the scenario.
Procedure
1. In the Task Gateway Consumer Type table, select the row containing the desired consumer type.
2. From the Dialog Structure section, double-click Assign Role to Consumer Type and Scenario.

4. In the Role column, press F4 and select the desired Role.
19.4.2.9 Configure scenario task definitions
A scenario is an aggregation of different task activities that are visualized by the same business application.
1. Select the desired scenario row: for example, SOURCING_CLM_APPROVAL.

2. From the Dialog Structure section, double-click Task Definition for Scenario.
4. In the Task Type field enter the relevant Sourcing document class ID for the selected scenario:
Class ID Sourcing Document Type
1100 Contract document
2002 Project
10002203 Supplier modification
10002213 Supplier registration via workflow
9999101-9999105 User defined objects 1-5
5. In the SAP System Alias field, enter the source system alias for the task type. (The Task Gateway service should
be connected to the selected system aliases.)
6. Save your changes.
19.4.3 Enable My Inbox app access in the SAP Fiori Launchpad
The SAP Fiori Launchpad is the entry point to SAP Fiori apps. From a user perspective, it displays the SAP Fiori
apps that have been assigned to the catalog designed for the current user's role.
Prerequisite
An administrator has made the necessary assignments in the Launchpad Designer to enable a user's access to
SAP Fiori apps in the SAP Fiori Launchpad.
For more information, see Setup of Catalogs, Groups, and Roles in the SAP Fiori Launchpad.
19.4.4 Enabling User List for Task Gateway Service
The SAP Sourcing concept of “delegation” is equivalent to the Fiori concept called “substitute.”
Enabling the User List in the SAP Gateway system allows you to select from a list of valid users for substitution,
rather than having to enter the user name directly.

For information on how to complete this step, consult the section Configuring Task Gateway Service Settings in
the SAP Gateway Content Guide.

Important Disclaimers and Legal Information
Hyperlinks
Some links are classified by an icon and/or a mouseover text. These links provide additional information.
About the icons:
● Links with the icon : You are entering a Web site that is not hosted by SAP. By using such links, you agree (unless expressly stated otherwise in your agreements
with SAP) to this:
● The content of the linked-to site is not SAP documentation. You may not infer any product claims against SAP based on this information.
● SAP does not agree or disagree with the content on the linked-to site, nor does SAP warrant the availability and correctness. SAP shall not be liable for any
damages caused by the use of such content unless damages have been caused by SAP's gross negligence or willful misconduct.
● Links with the icon : You are leaving the documentation for that particular SAP product or service and are entering a SAP-hosted Web site. By using such links, you
agree that (unless expressly stated otherwise in your agreements with SAP) you may not infer any product claims against SAP based on this information.
Beta and Other Experimental Features

Experimental features are not part of the officially delivered scope that SAP guarantees for future releases. This means that experimental features may be changed by SAP at
any time for any reason without notice. Experimental features are not for productive use. You may not demonstrate, test, examine, evaluate or otherwise use the
experimental features in a live operating environment or with data that has not been sufficiently backed up.
The purpose of experimental features is to get feedback early on, allowing customers and partners to influence the future product accordingly. By providing your feedback
(e.g. in the SAP Community), you accept that intellectual property rights of the contributions or derivative works shall remain the exclusive property of SAP.
Example Code
Any software coding and/or code snippets are examples. They are not for productive use. The example code is only intended to better explain and visualize the syntax and
phrasing rules. SAP does not warrant the correctness and completeness of the example code. SAP shall not be liable for errors or damages caused by the use of example
code unless damages have been caused by SAP's gross negligence or willful misconduct.
Gender-Related Language
We try not to use genderspecific word forms and formulations. As appropriate for context and readability, SAP may use masculine word forms to refer to all genders.
Videos Hosted on External Platforms

Some videos may point to third-party video hosting platforms. SAP cannot guarantee the future availability of videos stored on these platforms. Furthermore, any
advertisements or other content hosted on these platforms (for example, suggested videos or by navigating to other videos hosted on the same site), are not within the
control or responsibility of SAP.

Important Disclaimers and Legal Information PUBLIC 81
www.sap.com/contactsap
© 2020 SAP SE or an SAP affiliate company. All rights reserved.
No part of this publication may be reproduced or transmitted in any form

or for any purpose without the express permission of SAP SE or an SAP
affiliate company. The information contained herein may be changed
without prior notice.
Some software products marketed by SAP SE and its distributors

contain proprietary software components of other software vendors.
National product specifications may vary.
These materials are provided by SAP SE or an SAP affiliate company for

informational purposes only, without representation or warranty of any
kind, and SAP or its affiliated companies shall not be liable for errors or
omissions with respect to the materials. The only warranties for SAP or
SAP affiliate company products and services are those that are set forth
in the express warranty statements accompanying such products and
services, if any. Nothing herein should be construed as constituting an
additional warranty.
SAP and other SAP products and services mentioned herein as well as
their respective logos are trademarks or registered trademarks of SAP
SE (or an SAP affiliate company) in Germany and other countries. All
other product and service names mentioned are the trademarks of their
respective companies.
Please see https://www.sap.com/about/legal/trademark.html for

additional trademark information and notices.
THE BEST RUN

Configuration Guide Version11 Docusign Included

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Configuration Guide Version11 Docusign Included

Uploaded by

Copyright:

Available Formats

CONFIGURATION GUIDE | PUBLIC

SAP Sourcing and SAP Contract Lifecycle Management

Configuration Guide for SAP Sourcing 11.0

THE BEST RUN

2 Define System Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6

3 Set Up SMTP Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

4 Context, Cluster, and Directory Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

5 Create and Verify Purchaser User. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

7 Create and Verify Supplier User. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

8 Install Company Logo. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

9 Specify Internal Address of SAP Sourcing Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

10 Update Master Time Zone. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37

11 Install License Key. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

12 Change Session Timeout and Related System Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

13 Enable Contract Authoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40

14 Configure Change History Tracking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Configuration Guide for SAP Sourcing 11.0

18 Configuring Supplier Workflow Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

19 Fiori My Inbox Integration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Configuration Guide for SAP Sourcing 11.0

1.0 2018-01-12 Initial Release

1.1 2018-07-03 Clarified aspects of e-signature configuration.

1.15 2018-08-21 Added mention of CLM-only workbooks.

1.4 2020-05-29 ● Added description of timeout properties

Configuration Guide for SAP Sourcing 11.0

How to Construct an SAP Sourcing Login URL

SAP Sourcing login URLs can be constructed as follows:

[protocol]://[hostname]:[port]/[context]/[login type]/[login path]

[protocol] http or https. Typically https for customer productive

[port] The [port] element is optional.

[context] This is the context you defined during installation.

● If the instructions call for a purchaser user, use

[login path] For fsbuyer, fsenterprise, and fssystem, this is

For fsvendor, this is vendordesktop/login.

Configuration Guide for SAP Sourcing 11.0

J2EE System Properties

These properties can also be defined automatically using a dbimport script.

Virus Scanner Properties

You have two options for virus scanning:

● Symantec Protection Engine for Cloud Services

system,system.avscanne Set to TRUE.

Configuration Guide for SAP Sourcing 11.0

system, Determines the type of scan mechanism . Set to SYMANTEC_AV.

system, Set to the Symantec engine IP address.

system, Set either to SCAN_ONLY or SCAN_REPAIR.

system, Socket timeout. The default value is 30 seconds.

system, Determines the type of scan mechanism. Set to VSI_AV.

system.avscanner.vsi_p Enter the name of the configured Sourcing­specific AV profile.

Security System Properties

A request is trusted under the following circumstances:

Configuration Guide for SAP Sourcing 11.0

Set the value of the system property system, system.security.csrf.trusted_referrer_domains by

* Any referrer is trusted.

Requests from www.mydomain.com and

Requests from www.mydomain.org would not be trusted.

Only requests from www.mydomain.com would be trusted.

Other Security System Properties

Configuration Guide for SAP Sourcing 11.0

system, system.security.separate_pswd_and_name When True, creation or modification of a user account results

system, system.allow.embed.in.iframe When True, SAP Sourcing can be embedded in an iframe.

Global Search Properties

Configuration Guide for SAP Sourcing 11.0

The following table describes all supported class IDs:

system.avscanner.vsi_p Enter the name of the configured Sourcingspecific AV profile.