Configure SAP Signavio Process Manager

This section describes the classic connector for SAP Solution Manager 7.2.

When you have configured SAP Solution Manager as described in section Configure SAP Solution Manager, you can configure SAP Signavio Process Manager.

To set up SAP Signavio Process Manager for the integration, you first set up the connection as described in this section. You then define attribute mappings as described in section Configure attribute mappings.

Connection user

You need to enter credentials for a user in the connection setup. The rights this user needs can be system-specific.

How to create the user in SAP Solution Manager is described in the configuration of SAP Solution Manager, in section Necessary user rights

Set up the connection to SAP Solution Manager

  1. In the SAP Signavio Process Manager explorer, select Setup - Manage SAP Solution Manager 7.2.
    The settings open in a new tab.

  2. Point to your Solution Manager endpoint, which typically is <solutionManagerURL>:<port>sap/opu/odata/sap/PROCESSMANAGEMENT/ . <solutionManagerURL> stands for the base URL of your SAP Solution Manager server and <port> for its port number.

    • Your SAP Solution Manager server needs to accept incoming requests on the port you specified in the URL from SAP Signavio Process Manager's Solution Manager integration service. The IP addresses of this service are 3.68.26.78, 3.67.68.183, and 18.192.165.143 for editor.signavio.com . You need to use all 3 of them.

      For https://app-us.signavio.com (region: US), the IP addresses are 18.235.204.147, 50.16.9.226, and 54.205.22.53. You need to use all 3 of them.

      For https://app-au.signavio.com (region: Australia), the IP addresses are 13.236.49.140, 52.64.193.78, and 54.66.30.251. You need to use all 3 of them.

      For https://app-jp.signavio.com (region: Japan), the IP addresses are 52.192.122.249, 18.179.115.110, and 54.199.38.209. You need to use all 3 of them.

      For https://app-ca.signavio.com (region: Canada), the IP addresses are 3.97.198.20, 3.98.70.54, and 35.183.74.254. You need to use all 3 of them.

      For https://app-kr.signavio.com/ (region: Korea), the IP addresses are 3.38.89.68, 43.200.231.93 , and 13.125.122.170. You need to use all 3 of them.

      For https://app-sgp.signavio.com/ (region: Singapore), the IP addresses are 3.97.198.20, 3.98.70.54, and 35.183.74.254. You need to use all 3 of them.

      For bug bounty, the IP addresses are 3.121.4.82, 3.126.184.35, 3.122.131.84. You need to use all 3 of them.

  3. Enter your credentials.

  4. Enter your solution name.

  5. Enter a branch name of your solution.

    • We recommend using the design branch for the SAP Signavio Process Manager import. You find more information about branches in SAP Solution Manager in this article from SAP.

  6. You can limit the imported content by selecting a Scope ID.

    • Scopes are defined in SAP Solution Manager, for details see this section of the SAP Solution Manager WIKI.

    • If you don't select a Scope, the full branch content is used as the basis for all imports.

  7. Set up the authentication, for details see below.

  8. Click Save.

Using self-signed certificates for server-side authentication

SAP Signavio accepts certificate chains signed by any common certificate authority by default. Uploading a certificate is only necessary when your Solution Manager server tries to authenticate itself against SAP Signavio using a certificate, which is self-signed instead of signed by a trusted certificate authority.

You can use self-signed certificates with your connection configuration. Once uploaded, this certificate is trusted on every request sent to Solution Manager.

Self-signed certificates must be in the SSL X509 format encoded with Base64 (this happens by default when exporting certificates from a web browser). If your certificate is in the PKCS7 format, you need to convert it. Make sure your certificate is in the following format:

-----BEGIN CERTIFICATE-----

followed by the content of the certificate on a new line.

Then, on another new line, finish the certificate with

-----END CERTIFICATE-----

To upload your certificate, in the Configure tab, click Select a certificate next to SSL Certificate.

Keystore for client-side authentication

You can additionally upload a keystore containing a private key so that your Solution Manager server can validate that requests are indeed coming from the SAP Signavio Solution Manager connector (client-side authentication).

To set up client-side authentication, follow these steps:

  1. In the SAP Signavio Process Manager Explorer, select Setup - Manage SAP Solution Manager 7.2.

    The settings open in a new tab.

  2. In the tab Connection settings, upload the keystore for client-side authentication.

  3. Enter the keystore password.

  4. Click Save.

    Two-way authentication is set up.

The PKCS12 format is accepted for keystores. Uploaded files are validated.

Technical information

SAP Signavio uses the API of the Process Management component of Solution Manager 7.2 to read and update the branch content. We use GET and PUT requests via https.

For session handling, the SAP Signavio connector authenticates with GET request, sending a username and password and requesting a CSRF token. The response from Solution Manager is an unauthenticated session and a CSRF token. The token from the first request is used for all further communication. It's a unidirectional connection.

Next steps