Image source: www.egencia.com
For business purposes Online Booking Service (e.g. Egencia) is used to book accommodation, air tickets and rent cars for employees’ business trips.
To simplify the process of business trips creation using Online Booking Services, integration into SAP is required:
- The Expense Report creation in SAP FI-TV is required to consider actual costs of a business trip;
- The Approval workflow is required to log the booking history and control the decision of the approval agents;
- For all participants of the approval process, making a decision from the notification email is required to simplify the process and avoid additional logging in;
- The redirection to Online Booking Service is required to finish the process of confirmation.
So when Online Booking Service is integrated into SAP, booking of accommodation, air tickets and renting cars using booking services will not require any additional actions in SAP from the business users as the whole process, from the email Online Booking Service notification to the booking confirmation, is completed automatically by SAP.
The process starts with a new email booking service notification which is processed in SAP inbound class, and thus a new Expense Report is created and an approval workflow is started.
The approval agents receive an email notification with all the information about the trip necessary for the decision making:
The decision is recognized when the ‘approve’ or ‘reject’ button is pressed. It should be processed both by SAP to change the workflow object’s status and by booking service to register the decision and confirm the current booking.
When the approval agent receives a notification email, it should contain the redirection links for approval decisions:
- to BSP application for calling OData service for the workflow processing;
- to Online Booking Service for confirmation/cancellation.
And here is the question: How should the approval agent be identified in the system?
To authorize the approval agents in BSP Application, SSO (Azure AD) is used.
SSO has a hard coded Return URL on Azure AD side. In this case it is not possible to request Azure to return the business user back to the previous page where the user logged in.
In addition, it is impossible to use SSO to authorize the business user and route them to the Booking Service portal once the booking request is approved/rejected in SAP.
Similarly, it is not possible to only approve/reject in SAP and call Booking Service in the background, in many cases it does not work because:
- Approval links can expire because booking is expired;
- Approval links can be broken (booking service support team should be in contact);
- Approval links can be modified when a reminding message from the booking service is received; etc.
The sequence of actions to avoid all the described above issues with redirection to external Online Booking Service is the following:
When all actions regarding the incoming email from booking service processing are completed (the Expense Report is created in SAP, the workflow is started, the technical data is recorded for further processing and the notifications for the approval agents are sent), it is time to make a decision.
- The Business user clicks the “approve”/”reject” button from the SAP email;
- The Business user is routed to Fiori system SICF web service with the work item and decision hash tag (GUID):
- SAP (Fiori server) checks the GUID using OData call to SAP ERP and reads the direct link for approval on External Booking Service page (if the links are changed, for instance, Booking Service sends a reminding approval email with new links, actual ones will be read from the table):
- SAP work item is updated and at the same time SICF service (Fiori app) routes the business user to the Booking Service approval page (according to the decision the user made in the SAP email).
OData service is called directly from the BSP application – no login in Fiori Launchpad is required for approval. The User is not authorized in the system to make the approval procedure simple and available via email.
So, for security purposes, to prevent any unexpected actions from the approval agent, the decision-making step in BSP Application is taken by the technical user.
SAP technical user ID is defined in SICF web service with a minimalistic profile that is just able to route GUID to OData service and get URL back.