- Ensure availability of SAP NetWeaver system (e.g. using SAP CAL - Fully activated Appliance) with static IP address
- Access to Azure subscription with rights to deploy resources (consider free sign-up for easy sandboxing, note: sign-up is gated by credit card but no charges will occur)
- Access to Microsoft Teams and Office tenant (consider sign-up with M365 Developer Program for easy sandboxing)
Note - have a look at this document for additional guidance for the M365 Dev Program sign-up process.
Maintain the SAP Watchlist in Azure Sentinel. To do so, we need to create a new Azure Sentinel Workspace.
Use the official documentation.
- Create and activate an enterprise service from the SAP function module BAPI_USER_LOCK and BAPI_USER_UNLOCK. Blogs like this might help with the setup.
- Generate the SOAP service binding via SOAMANAGER in SAP and save the WSDL to a file.
- Import the WSDL into your Azure API Management instance, choose Interface
your maintained SOAP binding name
and maintain import methodSOAP to REST
.
Warning: Some SOAP services and their WSDL's contain incompatible attributes like
wsp:Policy
. You need to drop them from the WSDL before you are able to import.
- Consider simplifying the SOAP body in your API Management Design view. We recommend dropping all entities from the inbound section except
<urn:BAPI_USER_LOCK>
<RETURN>
</RETURN>
<USERNAME>{{body.bAPI_USER_LOCK.uSERNAME}}</USERNAME>
</urn:BAPI_USER_LOCK>