Configure Process Manager

When you have configured SAP Solution Manager as described in section Configure SAP Solution Manager, you can configure Process Manager.

To set up Process Manager for the integration, you first set up the connection as described in this section. You then define attribute mappings as described in section Configure attribute mappings.

Necessary user rights

You need to enter credentials for a user in the connection setup. The rights this user needs can be system-specific. We recommend to start on a test branch with a powerful user for establishing the connection. Then you can remove user rights one by one to find out what the minimum rights are to use for the connection to the actual branch.

Set up the connection to SAP Solution Manager

  1. In the Process Manager explorer, select Setup - Manage SAP Solution Manager 7.2.
    The settings open in a new tab.

  2. Point to your Solution Manager endpoint, which typically is <solutionManagerURL>:<port>sap/opu/odata/sap/PROCESSMANAGEMENT/ . <solutionManagerURL> stands for the base URL of your SAP Solution Manager server and <port> for its port number.

  3. Enter your credentials, the solution, and branch name of your solution:

    • Your SAP Solution Manager server needs to accept incoming requests on the port specified in the URL from Process Manager's Solution Manager integration service. The IP address of this service is 130.0.76.232 (after August 1st, 2021: 3.68.26.78, 3.67.68.183, or 18.192.165.143) for editor.signavio.com .
    • For https://app-us.signavio.com (US server) or https://app-au.signavio.com (Australian server) we cannot guarantee a static IP, so we strongly recommend to set up two-way SSL authentication.

      See details below.

    • We recommend using the design branch for the Process Manager import. You find more information about branches in SAP Solution Manager in this article from SAP.
  4. Click Save.

Using self-signed certificates for server-side authentication

Signavio accepts certificate chains signed by any common certificate authority by default. Uploading a certificate is only necessary when your Solution Manager server tries to authenticate itself against Signavio using a certificate, which is self-signed instead of signed by a trusted certificate authority.

You can use self-signed certificates with your connection configuration. Once uploaded, this certificate is trusted on every request sent to Solution Manager.

Self-signed certificates must be in the SSL X509 format encoded with Base64 (this happens by default when exporting certificates from a web browser). If your certificate is in the PKCS7 format, you need to convert it. Make sure your certificate is in the following format:

-----BEGIN CERTIFICATE-----

followed by the content of the certificate on a new line.

Then, on another new line, finish the certificate with

-----END CERTIFICATE-----

To upload your certificate, in the Configure tab, click Select a certificate next to SSL Certificate.

Keystore for client-side authentication

You can additionally upload a keystore containing a private key so that your Solution Manager server can validate that requests are indeed coming from the Signavio Solution Manager connector (client-side authentication).

To set up client-side authentication, follow these steps:

  1. In the Process Manager Explorer, select Setup - Manage SAP Solution Manager 7.2.

    The settings open in a new tab.

  2. In the tab Connection settings, upload the keystore for client-side authentication.

  3. Enter the keystore password.

  4. Click Save.

    Two-way authentication is set up.

The PKCS12 format is accepted for keystores. Uploaded files are validated.

Technical information

Signavio uses the API of the Process Management component of Solution Manager 7.2 to read and update the branch content. We use GET and PUT requests via https.

For session handling, the Signavio connector authenticates with GET request, sending a username and password and requesting a CSRF token. The response from Solution Manager is an unauthenticated session and a CSRF token. The token from the first request is used for all further communication. It's a unidirectional connection.

Next steps