configuration guide for connector for sap multi-bank

Configuration Guide | PUBLICDocument Version: 2.0 SP03 (Revised Edition) – 2021-12-17

Configuration Guide for Connector for SAP Multi-Bank Connectivity

© 2

022

SAP

SE o

r an

SAP affi

liate

com

pany

. All r

ight

s re

serv

ed.

THE BEST RUN

Content

1 Document History. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

2 About This Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62.1 Glossary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62.2 Prerequisites for Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

3 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

4 Configuring SAP Multi-Bank Connectivity Firewall Trusted Certificate Authorities. . . . . . . . . . .94.1 Configuring STRUST for Transport Level Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .94.2 Sending SSL Client Public Certificate to SAP Multi-Bank Connectivity Team. . . . . . . . . . . . . . . . . . . .9

Exporting Certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10Emailing Certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

4.3 Configuring SSL Client Standard PSE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

5 Configuring XI Engine. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125.1 Activating XI Engine Using Transaction SICF. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125.2 Defining Logical System in Table LCRT_CLNTCACHE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135.3 Integrating Engine Configuration in SXMB_ADM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135.4 Activating Queues for XI Message Processing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .145.5 Configuring Interface-Specific XI Engine. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Creating Sender/Receiver. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Creating RFC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Specifying Interface-Specific Integration Server URL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Specifying the Associated Integration Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

5.6 XI Queue Retry. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Configuring XI Queue Retry. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

6 Configuring STRUST for Message Level Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246.1 Setting Up MLS Key Store. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Emailing Certificates to SAP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256.2 Installing MLS Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .256.3 Configuring SSFA Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266.4 Maintaining Application-Dependent Parameters for Secure Store and Forward (SSF). . . . . . . . . . . . 276.5 Maintaining Secure Store and Forward (SSF) Profile Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

7 Configuring Connector for SAP Multi-Bank Connectivity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297.1 Defining Number Ranges for Message IDs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297.2 Maintaining Sender ID for Payment Medium Workbench. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29

2 PUBLICConfiguration Guide for Connector for SAP Multi-Bank Connectivity

Content

7.3 Configuring SWIFT Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307.4 Creating Bank Statement Import Format Variant. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317.5 Maintaining Selection Variants for Bank Statements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327.6 Lockbox Bank Statements Option. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Creating Lockbox Import Variant. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33Maintaining Selection Variants for Lockbox. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

7.7 Maintaining Custom Sender IDs (Optional). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

8 Preparing Outbound Payment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368.1 Payment Medium Workbench (PMW) and Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Configuring PMW. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36Configuring File Pick-Up Report (Optional). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

9 Pulling Messages by Scheduled Background Jobs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

10 Troubleshooting Issues During Onboarding to SAP Multi-Bank Connectivity. . . . . . . . . . . . . . 4010.1 How do I obtain a signed SSL Client Certificate?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4010.2 I cannot verify the connectivity on RFC destination in SM59. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4010.3 I receive a “No Concatenated Concept Exists” error when I send (payment run) or receive (Pull

MBC Message) data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4110.4 I receive data, but the system cannot decrypt the data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Configuration Guide for Connector for SAP Multi-Bank ConnectivityContent PUBLIC 3

1 Document History

See what changes have been made to this document since it was first released.

NoteThe latest version of this document is available on SAP Help Portal at https://help.sap.com/mbc_conn.

Version Status Date More Information

1.6 Final 17-Dec-2021 Reviewed with minor updates, such as wording, formatting and so on.

1.5 Final 31-May-2021 Migrated contents from PDF-based Configuration Guide to Web-based Configuration Guide

NoteThe document is also available as PDF.

1.4 Final 24-Feb-2021 Revised for complying with Inclusive Language Guidelines

1.3 Final 20-Aug-2020 Updates:

● Feedback invitation added

● Connector Configura-tion installation instructions link

● Instruction to add S/4HANA client number to XI Configuration

● Associated integration server configuration added to XI Queue Retry Functionality

1.2 Final 17-Jan-2020 New sections for Lockbox option


Document History

https://help.sap.com/mbc_conn

Version Status Date More Information

1.1 Final 8-Jan-2020 Updates:

● Link to certificates added

● Screenshot removed● Instructions for sending

certificates to SAP● Mandatory steps for

Message Level Security (MLS)

1.0 Released to Customer 21-Oct-2019 Initial Release of renamed document

Configuration Guide for Connector for SAP Multi-Bank ConnectivityDocument History PUBLIC 5

2 About This Guide

Purpose and Scope

This document describes necessary configuration tasks performed by SAP Multi-Bank Connectivity customers or their consulting partners to manually set up communication between the customer’s ERP system and the SAP Multi-Bank Connectivity tenant. The configuration of the connector for SAP Multi-Bank Connectivity is a prerequisite to start the technical onboarding.

Target Audience

The teams at the customer's end who can benefit from this guide are as follows:

● Implementation and integration teams● System administrators● Information security officers

2.1 Glossary

Term Abbreviation Definition

SAP Multi-Bank Connectivity MBC Opens the corporate-to-bank relationship with a secure business network

SAP ERP Enterprise Resource Planning ERP integrates all the core processes needed to run a company: finance, HR, manufacturing, supply chain, services, procurement, and others, into a single system.

Transport Level Security TLS The security protocol designed to facilitate privacy and security for communications between ERP and SAP Business Technology Platform (BTP). TLS is mandatory within SAP Multi-Bank Connectivity.

Message Level Security MLS MLS relates to the activity of signing and encrypting data which is transmitted within the TLS secured channel / protocol between ERP and SAP Multi-Bank Connectivity.


About This Guide

Term Abbreviation Definition

Personal Security Environment PSE PSE is analogous to “key store”. It is the container of key / certificate material in SAP ERP.

Payment Medium Workbench PMW The Payment Medium Workbench (PMW) is a tool used to configure and create payment media sent by organizations to their house banks.

Tenant A tenant is the term for the dedicated portion of SAP Multi-Bank Connectivity which is reserved for the customer. Upon the tenant, which runs on SAP Business Technology Platform (BTP), the necessary cloud integration content is deployed to allow the customer to integrate with your financial institutions.

2.2 Prerequisites for Installation

The following prerequisites need to be met for the installation of SAP Multi-Bank Connectivity:

● Connector for SAP Multi-Bank Connectivity Installation:The connector for SAP Multi-Bank Connectivity Add-on installation is a prerequisite for SAP ECC releases and SAP S/4HANA systems up to release 1809. See How to install BSNAGT 200 . It is highly recommended to install the most recent support package available.In SAP S/4HANA releases from version 1909, the connector is part of the S4CORE component and can be upgraded together with SAP S/4HANA support packages.

● Review the SAP Multi-Bank Connectivity Bank Preboarding Guide for relevant information required by the corporates.

● Request the SAP Multi-Bank Connectivity tenant URLs and certificate packs from your SAP onboarding team representative.

Related Information

● SAP Help Portal● SAP Multi-Bank Connectivity Product page● Connector for SAP Multi-Bank Connectivity Help page

Feedback Welcome

The SAP Multi-Bank Connectivity team welcomes feedback to improve this document.

Please send an e-mail to [email protected] .

Configuration Guide for Connector for SAP Multi-Bank ConnectivityAbout This Guide PUBLIC 7

http://help.sap.com/disclaimer?site=https%3A%2F%2Flaunchpad.support.sap.com%2F%23%2Fnotes%2F1781614

https://help.sap.com/viewer/product/SAP_MULTI-BANK_CONNECTIVITY/Latest/en-US

https://help.sap.com/viewer/index


https://help.sap.com/viewer/e200555127f24878bed8d1481c9d5a0b/2020.001/en-US/aeee1a7fdff645e586d42fafdc2268eb.html

http://help.sap.com/disclaimer?site=https%3A%2F%2Fi7p.wdf.sap.corp%2Fsap%28bD1lbiZjPTAwMQ%3D%3D%29%2Fbc%2Fbsp%2Fsno%2Fui_entry%2Fentry.htm%3Fparam%3D69765F6D6F64653D3030312669765F7361706E6F7465735F6E756D6265723D3239313535303726

3 Introduction

About SAP Multi-Bank ConnectivitySAP Multi-Bank Connectivity is an innovative solution that connects corporate customers with their banks and other financial institutions on a secure network managed by SAP. When interacting with SAP Multi-Bank Connectivity, corporate customers send payment instructions via an API. Banks in turn send transaction status information and account reports back to the corporate customer.

SAP Multi-Bank Connectivity combines SAP expertise in applications, automation, analytics, and in-memory computing to provide a standard, on-demand innovative technology for financial institutions and their corporate customers on a platform that accommodates future integration needs.

Related Documentation

● SAP Multi-Bank Connectivity Product Page● SAP Multi-Bank Connectivity Help

Connector for SAP Multi-Bank Connectivity A corporate connects to SAP Multi-Bank Connectivity using the connector for SAP Multi-Bank Connectivity.

The connector for SAP Multi-Bank Connectivity is an add-on available for releases of SAP ERP 6.0 EHP 0 and higher. Within SAP S/4HANA, this add-on is already available, and can be used when a customer subscribes to SAP Multi-Bank Connectivity and undertakes the necessary configuration steps described in this guide.

The connector for SAP Multi-Bank Connectivity is integrated with multiple components within SAP ERP or SAP S/4HANA. This includes AP/AR, TRM, and FI-CA.

Following a payment run or an approval step within SAP Bank Communication Management, corporates can send payment files automatically to financial institutions through SAP Multi-Bank Connectivity. Corporates then receive payment status reports and financial service provider statements through SAP Multi-Bank Connectivity. The SAP ERP or SAP S/4HANA system processes these messages automatically.

A corporate can communicate with multiple financial service providers using a single instance of the connector for SAP Multi-Bank Connectivity, provided that the corporate has performed the required service activation with the respective financial service provider during onboarding to SAP Multi-Bank Connectivity. This can be achieved by a direct (Host-2-Host or EBICS) integration with the bank or via embedded SWIFT connectivity, which requires a contract with SWIFT.

The connector for SAP Multi-Bank Connectivity also provides a programming interface that enables corporates to enhance their ERP system to send and receive other message types from different business processes.


Introduction

http://help.sap.com/disclaimer?site=https%3A%2F%2Fwww.sap.com%2Fuk%2Fproducts%2Fmulti-bank-connectivity.html


4 Configuring SAP Multi-Bank Connectivity Firewall Trusted Certificate Authorities

SAP Multi-Bank Connectivity uses a firewall that limits access to the SAP Multi-Bank Connectivity network to clients who present SSL certificates that are signed by an SAP-trusted certificate authority.

Ensure that your SSL Client Standard Own Certificate is signed by a trusted authority in the SAP Multi-Bank Connectivity firewall. See Secure Connection and SAP Trusted Certificate Authorities .

4.1 Configuring STRUST for Transport Level Security

A Personal Security Environment (PSE) is required to configure the SSL Client Standard key on your ERP system. This PSE/key has the necessary certificates for Transport Level Security (TLS) between the ERP system and SAP Multi-Bank Connectivity stored in the ERP stores.

In the case of SAP S/4HANA public cloud systems, the SAP Multi-Bank Connectivity team performs this configuration.

In other cases, such as ECC on-premise, SAP S/4HANA private cloud, and SAP HANA Enterprise Cloud, this configuration is undertaken by the customer or the integration partner.

4.2 Sending SSL Client Public Certificate to SAP Multi-Bank Connectivity Team

To exchange messages with SAP Multi-Bank Connectivity, during onboarding, each organization must provide a certificate that is signed by an SAP trusted certificate authority (CA) to the SAP onboarding team. If your organization does not have a certificate signed by an SAP trusted CA, see SAP Multi-Bank Connectivity Secure Connection .

The SAP team installs the certificate on your SAP Multi-Bank Connectivity tenant to allow for authorization of the connection. You need to:

● Export certificates● E-mail the certificates to SAP Multi-Bank Connectivity onboarding team

Configuration Guide for Connector for SAP Multi-Bank ConnectivityConfiguring SAP Multi-Bank Connectivity Firewall Trusted Certificate Authorities PUBLIC 9

http://help.sap.com/disclaimer?site=https%3A%2F%2Fwiki.scn.sap.com%2Fwiki%2Fdisplay%2FSAPFS%2FSecure%2BConnection

http://help.sap.com/disclaimer?site=https%3A%2F%2Fwiki.scn.sap.com%2Fwiki%2Fdisplay%2FSAPFS%2FTrusted%2BCertificate%2BAuthorities



4.2.1 Exporting Certificates

To export the certificates installed by the SAP team, perform the following steps:

1. Log on to your SAP ERP system.2. Execute transaction code STRUST.3. Expand SSL Client (Standard) and double-click the relevant PSE.4. To maintain the PSE, switch to the change mode. Alternatively, press Ctrl and F1 .5. To display the details under the Certificate section, in the Own Certificate section, double-click the Subject.

6. Choose (Export Certificate).7. Select the format for downloading the certificate.8. Select a location to save the certificate.9. A popup window appears, asking for permission to create the selected file in the selected directory.

Choose Allow.

4.2.2 Emailing Certificates

To allow the authorization of the connection, once the certificates are exported, perform the following steps:

1. E-mail the public certificates to the SAP Multi-Bank Connectivity onboarding team.2. State whether the certificate is for your test or production SAP Multi-Bank Connectivity tenant.3. To comply with your organization's e-mail security settings, you may need to change the file extension, for

example, to .txt or .zip.

4.3 Configuring SSL Client Standard PSE

Import the root certificate authority (CA) and intermediate certificate of the SAP Multi-Bank Connectivity Load Balancers to your test and production landscapes.

1. Download the root CA and intermediate certificate zip file from the SAP Multi-Bank Connectivity Wiki .2. Extract the certificates from the zip file to your local system.3. Execute transaction code STRUST and navigate to SSL Client Standard. Double-click the relevant PSE.4. To maintain the PSE, switch to the change mode. Alternatively, press Ctrl and F1 .

5. Choose (Import Certificate).6. On the Import Certificate window, enter or select the path to the certificates and press Enter .7. The certificate is imported with all its details under Certificate.8. To add the imported certificate to the Certificate List of the SSL client standard PSE, choose Add to

Certificate List.9. Choose Save.


Configuring SAP Multi-Bank Connectivity Firewall Trusted Certificate Authorities

http://help.sap.com/disclaimer?site=https%3A%2F%2Fwiki.scn.sap.com%2Fwiki%2Fdisplay%2FSAPFS%2FSAP%2BMulti-Bank%2BConnectivity%2BLoad%2BBalancers%2B-%2BRoot%2BCA

NoteIf you have more than one SAP certificate, repeat steps 5–9 to install all your SAP certificates.

It’s necessary to perform these steps on all your systems that integrate with SAP Multi-Bank Connectivity, such as development, test, staging, and production.

Configuration Guide for Connector for SAP Multi-Bank ConnectivityConfiguring SAP Multi-Bank Connectivity Firewall Trusted Certificate Authorities PUBLIC 11

5 Configuring XI Engine

To configure the XI engine to support data transmission and receipt through SAP Multi-Bank Connectivity, you need to:

● Set up relevant XI nodes● Activate XI queues● Configure the SAP Multi-Bank Connectivity interface and corresponding RFC destinations

5.1 Activating XI Engine Using Transaction SICF

To activate nodes in SICF for XI engine operation, ensure that the SICF node path /sap/XI/engine is activated. Some nodes may already be activated.

1. Execute transaction code SICF. Alternatively, from the SAP Easy Access menu, go to ToolsAdministration Administration Network HTTP Service Hierarcy Maintenance .

2. Choose (Execute) or press F8 .3. Check that the following services are activated.

If any of the services are not activated, right-click the service and activate it.○ /sap/bc/bsp/sap/alertinbox○ /sap/bc/bsp/sap/sxms_alertrules○ /sap/bc/webdynpro/sap/appl_bckgnd_moni_jobs

NoteThis is only relevant for SAP Basis releases 7.30 and higher.

○ /sap/bc/webdynpro/sap/appl_log_trc_viewer○ /sap/bc/webdynpro/sap/c_srt_seq_mon○ /sap/public/bc/pictograms○ /sap/public/bc/webicons○ /sap/xi/adapter_plain○ /sap/xi/cache○ /sap/xi/cache_gui○ /sap/xi/cache_gui_ssl○ /sap/xi/cache_ssl○ /sap/xi/engine○ /sap/xi/simulation


Configuring XI Engine

5.2 Defining Logical System in Table LCRT_CLNTCACHE

Context

To define the logical system in table LCRT_CLNTCACHE, use transaction SE16. Cross-client customizing must be authorized.

Procedure

1. Execute transaction code SE16.2. In the Table Name, enter LCRT_CLNTCACHE and choose Create Entries.3. Make the following entries:

Field Name User Actions and Values

SRTFD <SID><client>, for example, ER9500

AEDAT Enter the current date

BS KEY NAME <SID>_<client>, for example, ER9_500

BS ROLE LOC

BS CAPTION <SID>_<client>, for example, ER9_500

5.3 Integrating Engine Configuration in SXMB_ADM

To integrate XI engine, it’s important to set the role of the business system to Application System.

1. Execute transaction code SXMB_ADM.2. Choose Integration Engine Configuration.3. From the top menu, choose Edit and then choose Change Selected Configuration Data.4. Set the Role of Business System to Application System.

Configuration Guide for Connector for SAP Multi-Bank ConnectivityConfiguring XI Engine PUBLIC 13

NoteInstructions to configure the associated integration server field is detailed in Specifying the Associated Integration Server. Unless a dedicated integration server is present in the landscape, consult the administrators of your landscape.

5.4 Activating Queues for XI Message Processing

Activate and register relevant queues for the system to process SAP Multi-Bank Connectivity messages using the XI Engine.

1. Execute transaction code SXMB_ADM.2. Choose Manage Queues.3. Ensure that all queues in the Manage Queues screen are selected.4. Choose Register Queues.

5.5 Configuring Interface-Specific XI Engine

SAP Multi-Bank Connectivity uses three interfaces for the transmission of payment instructions to SAP Multi-Bank Connectivity, and the receipt of status and statement data. The three interfaces are as follows:

● FSN Payment: This interface is responsible for the sending of payment instructions from the connector for SAP Multi-Bank Connectivity to SAP Multi-Bank Connectivity.

● FSN Connector Pull: This interface is responsible for the polling SAP Multi-Bank Connectivity to retrieve status and statement data.

● FSN Connector Acknowledgment: This interface is responsible for clearing data (duplicate removal) from SAP Multi-Bank Connectivity that has already been received successfully by the connector for SAP Multi-Bank Connectivity.



https://help.sap.com/viewer/DRAFT/e27c0ce13c0d4227b54ab9efdbd5eed8/Latest/en-US/8417621e77b24abeb479a8f2eac84d96.html?show_comments=true&comment_id=20775218

https://help.sap.com/viewer/DRAFT/e27c0ce13c0d4227b54ab9efdbd5eed8/Latest/en-US/8417621e77b24abeb479a8f2eac84d96.html?show_comments=true&comment_id=20775218

5.5.1 Creating Sender/Receiver

To create the interfaces for the transmission of your payment instructions to SAP Multi-Bank Connectivity, and the receipt of status and statement data, complete the following steps:

1. Execute transaction code SXMSIF.2. On the Change View "Sender/ Receiver Definition": Overview screen, choose New Entries, and create the

following three interfaces:3. For each interface (FSN_PAYMENT, FSN_PULL, FSN_ACK), enter the following details:

MBC Payment: FSN_PAYMENT

Field User Action and Value to Be Entered

Sender/ReceiverID FSN_PAYMENT

Description FSN Payment

Component *

Interface Name FSNInterface_Out

Interface Namespace http://sapcd.com/fsnagt

MBC Connector Pull: FSN_PULL


Sender/ReceiverID FSN_PULL

Description FSN Connector Pull

Component *

Interface Name FSNInterfaceSync_Out


MBC Connector Acknowledgement: FSN_ACK


Sender/ReceiverID FSN_ACK

Description FSN Connector Acknowledgement

Component *

Interface Name FSNInterface_Pull_Receipt_Out


4. Choose Save.

5.5.2 Creating RFC

During onboarding to SAP Multi-Bank Connectivity, the SAP Multi-Bank Connectivity onboarding team provides three URLs to connect to the service. Add these URLs, each in a separate RFC profile, as follows:


1. Execute transaction code SM59. Alternatively, go to SAP Menu Tools Administration AdministrationNetwork RFC Destinations .

2. Configure the following three RFC connections:

RFC Connection for FSN_Payment


RFC Destination FSN_CORP_PAYMENTS-<CLIENT>

Type G

Target Host <Corporate MBC Tenant host>

Path Prefix </cxf/fsn/corp/payments_SIDCLNT>

Service No 443

Proxy None, use existing global configuration

Select Logon & Security/Security Options tab

Status of Secure Protocol SSL Active

SSL Certificate DFAULT (SSL Client Standard)

RFC Connection for FSN_Pull


RFC Destination FSN_CORP_PULL-<CLIENT>

Type G


Path Prefix </cxf/fsn/corp/statements/pull_SIDCLNT>

Service No 443





RFC Connection for FSN_ACK


RFC Destination FSN_CORP_ACK-<CLIENT>

Type G


Path Prefix </cxf/fsn/corp/statements/ack_SIDCLNT>

Service No 443








NotePerform a connection test. If you get a CONNECTION REFUSED error, check and adjust your network settings, for example, allowlist IP addresses or ranges. HTTP 500 is the expected result.

3. Choose Save.

5.5.3 Specifying Interface-Specific Integration Server URL

To synchronize the RFC destinations created in SM59 (see Creating RFC [page 15]) to XI Engine configuration, set up an Interface-Specific Integration Server URL for each sender and receiver.

1. Execute transaction code SXMB_ADM.2. On the Integration Engine: Administration screen, under Configuration, choose Integration Engine

Configuration.3. On the Integration Engine Configuration Data screen, choose Configuration, and choose Edit to make

changes.4. Choose New Entries and enter the following details for each interface:

FSN_PAYMENT


Category RUNTIME

Parameters IS_URL

Subparameter FSN_PAYMENT

Current Value dest://FSN_CORP_PAYMENTS-<CLIENT>

FSN_PULL


Category RUNTIME

Parameters IS_URL

Subparameter FSN_PULL

Current Value dest://FSN_CORP_PULL-<CLIENT>

Insert SAP S/4HANA client number

FSN_ACK


Category RUNTIME



Parameters IS_URL

Subparameter FSN_ACK

Current Value dest://FSN_CORP_ACK-<CLIENT>

5. Choose Save.

5.5.4 Specifying the Associated Integration Server

An Associated Integration Server is required as part of SAP Multi-Bank Connectivity configuration in XI.

NoteUnless a dedicated Integration Server is available in the landscape, the recommendation is to set the Associated Integration Server as SAP Multi-Bank Connectivity – specifically, the endpoint URL used to process payments. This section assumes that no alternative or dedicated integration server is available in your system landscape. Consult the administrators of your landscape.

1. Execute transaction code SXMB_ADM.2. Choose Integration Engine Configuration.3. On the Integration Engine Configuration Data screen, choose Check (F7), and then choose Associated

Integration Server.

4. Go to More Edit Change Selected Configuration Data . The Associated Integration Server field becomes editable.

5. Paste in the value configured in the previous step for FSN Payment in the following format:dest://FSN_CORP_PAYMENTS-<CLIENT>

6. Choose Save.



https://help.sap.com/viewer/DRAFT/e27c0ce13c0d4227b54ab9efdbd5eed8/Latest/en-US/2c1afa0498d14616ad256de56efab14d.html

5.6 XI Queue Retry

XI queues in an ERP system are shared between all applications.

If an XML message or an XI queue fails in delivery (usually caused by an HTTP error), it blocks further messages in the queue.

SAP Multi-Bank Connectivity needs separate queues for its XML messages. XI needs to retry messages that fail in these separate queues in an orderly manner, while the error is fixed.

5.6.1 Configuring XI Queue Retry

To prevent queue blocking, configure XI queues for handling retry and fail messages as follows:

1. Execute transaction code SXMB_ADM.2. Choose Integration Engine Configuration.3. On the Integration Engine Configuration Data screen, choose Configuration.4. Choose Edit, configure MBC specific XI queues to prevent non-MBC messages from blocking MBC

messages.5. Enable automatic retry of a queue (SYSFAIL), stop blocking next payments in the queues.

6. Choose Save.

NoteThe messages are in RETRY state every two minutes. If you set IS_RETRY_LIMIT to 10, messages will be in RETRY for 20 minutes before the message goes to FAIL state, and drops from the XI queue.

Failed MessagesThe failed messages produced in the previous steps can be processed by creating a schedule. Perform the following steps to create a schedule to reprocess the failed messages:

1. Execute transaction code SE38.


2. In the Program field, enter RSXMB_RESTART_MESSAGES.

3. Choose Variants and choose Create.4. Enter the Variant name, for example, RESTART_FSN_1.5. Choose Create.6. Set the variant settings.

7. Save the variant (RESTART_FSN_1).



Schedule MessagesSchedule RSXMB_RESTART_MESSAGES as variant RESTART_FSN_1 to reprocess all failed messages that have dropped from XI queues as defined previously. Perform the following steps to create a schedule to reprocess the failed messages:

1. Execute transaction code SM36.

2. Define the Start condition:1. Choose Date/Time and Period Values.2. Choose Other Period.

3.4. Choose Set Minutes.

NoteSet the frequency to a value less than the value you entered for the variant settings. Restart messages with errors from last nnn mins. For example, if the variant setting is set to 30, then set minutes to 25.

5. Check the settings and choose Save.


6. Specify a Start Time for the scheduled task, for example, today and now.3. Define the steps to be executed (RSXMB_RESTART_MESSAGES (variant RESTART_FSN_1).

1. Choose Step.2. If not already set, set Name to RSXMB_RESTART_MESSAGES.3. Set Variant to RESTART_FSN_1 through lookup.

4. Choose Save. The Job Status changes to Scheduled.

5. To check that scheduled job is running successfully, choose Own obs.



6. View the Status of previously executed scheduled tasks to ensure that your task is running.


6 Configuring STRUST for Message Level Security

In conjunction with Transport Level Security (TLS), SAP Multi-Bank Connectivity also uses Message Level Security (MLS) for:

● Sending Data: Data is signed and encrypted by the connector for SAP Multi-Bank Connectivity● Receiving Data: Data is decrypted and verified by the connector for SAP Multi-Bank Connectivity

Configure the key store for MLS keys, including keys owned by the customer system where the customer is the owner and custodian of the corresponding private key, and keys shared by SAP Multi-Bank Connectivity.

Set up the algorithms and parameters in conjunction with the key material for integration to SAP Multi-Bank Connectivity.

6.1 Setting Up MLS Key Store

Configure SSF BSNAGT PSE, which is the key store in STRUST that hosts the customer private key for MLS, and the shared SAP Multi-Bank Connectivity public key.

1. Execute transaction code STRUST.

2. Under System PSE, choose to open the context menu of SSF BSNAGT, select SSF BSNAGT, and choose Create.

3. Change the Signature Algorithm to RSA with SHA-256.4. Set the Key Length to 2048.5. Choose Save.6. Navigate to the PSE for SSF BSNAGT and open by double-clicking the PSE.7. To edit, press Ctrl + F1 on your keyboard.8. To display the certificate, double-click the subject of the Own Certificate.

9. Choose Export certificate.10. Send the BSNAGT certificate to the SAP Multi-Bank Connectivity onboarding team.

NoteThis step is necessary on any system that integrates to SAP Multi-Bank Connectivity.

Each SAP Multi-Bank Connectivity customer receives two tenants, a TEST tenant and a PROD tenant.

Your DEV and QA ERP integrate to the TEST tenant.

Your Production ERP connects to the PROD tenant.


Configuring STRUST for Message Level Security

Therefore, you must perform this step for each ERP you wish to integrate to SAP Multi-Bank Connectivity.

6.1.1 Emailing Certificates to SAP

E-mail the public certificates to the SAP Multi-Bank Connectivity onboarding team. In the e-mail, please state the tenant (test or production) for your certificates.

NoteTo comply with your organization's e-mail security settings, you may need to change the file extension, for example, .txt or .zip.

6.2 Installing MLS Certificate

Install the MLS certificates provided by the SAP Multi-Bank Connectivity onboarding team in SSF BSNAGT PSE.

1. Execute transaction code STRUST.2. To add the certificate to the Certificate List of the SSF BSNAGT PSE, choose Import Certificate, select the

certificate file, and choose Upload.3. Choose Add to Certificate List.4. Choose Save.5. Select the imported certificate and copy the Subject to a temporary text file. This information is required to

configure SSFA Parameters for Message Level Security. See Maintaining Secure Store and Forward (SSF) Profile Data [page 27].

6. To restart ICM, execute transaction code SMICM. Alternatively, go to Sap Menu Tools AdministrationAdministration Monitor System Monitoring ICM Monitor .

Configuration Guide for Connector for SAP Multi-Bank ConnectivityConfiguring STRUST for Message Level Security PUBLIC 25

NoteThis step is necessary on any system that integrates to SAP Multi-Bank Connectivity.

Each customer receives two SAP Multi-Bank Connectivity tenants, a TEST tenant and a PROD tenant.

Your DEV and QA ERP integrate to the TEST tenant.

Your Production ERP connects to the PROD tenant.

Therefore, you must perform this step for each ERP you wish to integrate to SAP Multi-Bank Connectivity.

NoteSubsequent BSNAGT certificate renewals must also be updated in the Maintaining Secure Store and Forward (SSF) Profile Data section.

6.3 Configuring SSFA Parameters

Set the steps to integrate Secure Store and Forward parameters with SAP Multi-Bank Connectivity using the SHA256 hashing algorithm, and the AES128-CBC encryption algorithm.

1. Execute transaction code SSFA.2. In the Change View Application section, under Specific SSF Parameters, choose the Overview screen, and

choose New Entries.3. In the New Entries Details field, enter BSNAGT and choose Enter.4. In the New Entries field, enter:


CN <SID> SSF BSNAGT

OU <Installation Number>, SAP Web AS

O SAP Trust Community

C DE

5. For HASH Algorithm, enter SHA256.6. For Encryption Algorithm, enter AES128-CBC.7. Select the Include Certificates checkbox.8. Check Digital Signature with data.9. Choose Save.



6.4 Maintaining Application-Dependent Parameters for Secure Store and Forward (SSF)

Applications that use the Secure Store and Forward (SSF) functions (digital signatures and digital envelopes) do not all need to use the same security environment for applying SSF functions. For example, different applications can use different security products.

1. Execute transaction code SSFA.2. In the Change View Application Specific SSF Parameters section, under Overview, choose New Entries.

Select User Actions and Values and under SSF Application, enter BSNAGT.3. Choose Save.4. In the Application Specific SSF Parameters section, maintain the parameters if necessary, or keep the

default settings.5. Choose Save.

6.5 Maintaining Secure Store and Forward (SSF) Profile Data

You need to enter Secure Store and Forward profile data (SSF).

1. Execute transaction code SPRO. Alternatively, go to SAP Reference Menu Multi_Bank Connectivity Connector Maintain Secure Store and Forward (SSF) Profile Data .

2. In the Change View Maintain Secure Store and Forward (SSF) Profile Data screen, choose New Entries:

Field Name DescriptionUser Action and Value to Be Entered Comment

Message Type Input the message type used for SAP Multi-Bank Connectivity (Optional)

If you leave this field blank, all message types are transferred to SAP Multi-Bank Connectivity. Most customers leave the Message Type field blank.

SenderID/ ReceiverID The previously defined Sender ID (Optional)

Most customers leave the SenderID/ReceiverID field blank.

Appl. SSF Application BSNAGT

Configuration Guide for Connector for SAP Multi-Bank ConnectivityConfiguring STRUST for Message Level Security PUBLIC 27

Field Name DescriptionUser Action and Value to Be Entered Comment

Signatory/

Recipient Name

SSF Name for Signatory/Recipient

Mandatory – Copy this string exactly (copy from STRUST) from the Subject field of the public certificate provided by SAP Multi-Bank Connectivity team, which is stored in SSF BSNAGT PSE.

For more information, see Installing MLS Certificate [page 25].

For example: "CN=System12345, OU=Consulting, O=SAP, C=DE" are typical X.509 names.

Sign Sign Flag for Secure Store and Forward (SSF)

Mandatory – Field must be selected.

If not selected, the system does not digitally sign messages. The Signatory/ Recipient Name field must be filled as a prerequisite.

Encrypt Encrypt Flag for Secure Store and Forward (SSF)


If not selected, the system does not encrypt message content. The Signatory/ Recipient Name field must be filled as prerequisite.

Decrypt Decrypt Flag for Secure Store and Forward (SSF)


If not selected, the system does not decrypt message content. The Signatory/ Recipient Name field has to be filled as prerequisite.

Verify Verify Flag for Secure Store and Forward (SSF)


If not selected, the system does not verify message content. The Signatory/ Recipient Name field has to be filled as prerequisite.

3. Choose Save.4. Confirm the dialog box and save your entries.

Result: The Secure Store and Forward (SSF) profile data is defined.

NoteMessage Type and Sender ID/ Receiver ID are optional. If you do not specify a Message Type, the settings you enter apply to all message types.

Therefore, you can configure default settings for all messages, and override those settings for a specific message type.

Similarly, if you do not enter a Sender ID/ Receiver ID, the settings you enter apply to all senders and receivers. For message types, you can configure default settings for all senders and receivers, and override those settings for a specific sender or receiver.

If you choose one or more of the security options, you must also enter the Signatory/ Recipient Name. If you select none of the security options, it is not necessary to enter the Signatory/ Recipient Name.



7 Configuring Connector for SAP Multi-Bank Connectivity

If your organization connects to SAP Multi-Bank Connectivity through SWIFT, then you must configure SWIFT parameters. All the steps mentioned are mandatory except the steps required to set up the Lockbox option.

7.1 Defining Number Ranges for Message IDs

You define the number range for message IDs. The system uses a number range to generate a unique message ID when a message ID is not provided to the system during message creation.

An example is data transmitted through SAP Multi-Bank Connectivity that is not generated in Payment Medium Workbench (PMW), but generated using the Create Message for SAP Multi-Bank Connectivity report.

1. Execute transaction code SPRO. Alternatively, go to SAP Reference IMG Multi-bank Connectivity Connector Maintain Number Range for Message ID .

2. On the Range Maintenance screen, choose the NR for file screen, and choose Display intervals to check whether an internal number range is defined. If necessary, choose Change intervals and Insert Line or press F6 to define a new number range, or choose Change Intervals to change existing entries:


No. N2, this is the number you want to enter for the number range

From No. 0000000001

To Number 9999999999

Ext Uncheck, this is the external number range flag

3. Choose Save.4. Confirm the dialog box and save.

7.2 Maintaining Sender ID for Payment Medium Workbench

SAP Multi-Bank Connectivity uses its own message envelope for routing data within SAP Multi-Bank Connectivity. The message envelope includes a Sender ID (identifying the house bank of the sending or customer system) and the Receiver ID of the recipient or bank. For payments using the Payment Medium Workbench (PMW), the corporate customer identification (Sender ID) is taken from the Customer Number field from the house bank settings. For each house bank, you must enter a valid customer number.

Configuration Guide for Connector for SAP Multi-Bank ConnectivityConfiguring Connector for SAP Multi-Bank Connectivity PUBLIC 29

1. Execute transaction code FBZP. Alternatively, go to SAP Reference IMG Financial Accounting (New)Bank Accounting Bank Accounts Define House Banks .

2. Choose House Banks.3. In the Company Code field, enter your company code.

NotePerform the following steps for each company code if you have multiple company codes.

4. Choose Continue.5. Select your house bank for the specified company code.6. Choose Details.7. Expand Data Medium Exchange.8. In the Data Medium Exchange section:


Customer Number Enter your house bank customer identification

CUSTOMERID123 (example)

9. Choose Save.

7.3 Configuring SWIFT Parameters

This section is only relevant for customers who connect to financial institutions on the SWIFT network.

To use SAP Multi-Bank Connectivity for sending a message to a bank using the SWIFT network, the relevant SWIFT parameters need to be defined in the connector for SAP Multi-Bank Connectivity.

Refer to the sample SWIFT message header file provided by the SAP Multi-Bank Connectivity onboarding team Customer Service Management (CSM).

1. Execute transaction code SPRO. Alternatively, go to SAP Reference IMG Multi-bank Connectivity Connector Maintain Swift Parameters .

2. On the View Maintain Swift Parameters Overview screen, choose New Entries:

Field name DescriptionUser Action and Value to Be Entered Comment

Receiver ID Specifies the ID of the recipient of the message

Input the receiver of the message, typically the bank identifier code (BIC)

Message Type Indicates the message type as specified in the message

Input the message type used for communication to SAP Multi-Bank Connectivity

For example:

PAIN.001.001.03


Configuring Connector for SAP Multi-Bank Connectivity

Field name DescriptionUser Action and Value to Be Entered Comment

Parameter Name Parameter for SWIFT communication

Select one of the parameter names of the value help

For example:

Service

Parameter Value Value of a parameter used for SWIFT communication

Enter the value used in SAP Multi-Bank Connectivity to generate the SWIFT envelope

For example: swift.fin

3. Repeat this step for all parameters required.4. Choose Save.5. Confirm the dialog box and save.

Result: When a message is sent to SAP Multi-Bank Connectivity, the SWIFT parameters are created in the extended header section of the SAP Multi-Bank Connectivity message, and in this way form part of the message that is being sent to SAP Multi-Bank Connectivity.

7.4 Creating Bank Statement Import Format Variant

Connector for SAP Multi-Bank Connectivity allows for automated consumption of bank statements using the FF_5 / Bank Statement Upload Utility. This section is relevant for customers who wish to automatically consume MT940 / MT942 / CAMT-based bank statements received.

To create the import variant and configure the import format for bank statements, perform the following steps:

1. Execute transaction code FF_5.2. On the view Elect. bank statement format (SWIFT, MultiCash, BAI...) screen:


Elect. bank statement format SWIFT MT940 - Field 86: Structure Recognized Automatically

NoteOnly perform step 2 for message type MT940.

Only perform step 3 for message type MT942.

Only perform step 4 for message type CAMT.053.

3. If you choose message type for MT942, then on the view Bank Statement: Various Formats (SWIFT, MultiCash, BAI...) screen:


Elect. bank statement format SWIFT MT940 - Field 86: Structure Recognized Automatically



Account Balance Checked

4. If you choose message type for CAMT.053.001.02, then on the view Bank Statement: Various Formats (SWIFT, MultiCash, BAI...) screen:


Elect. bank statement format X XML or Bank-Specific Format

XML or Bank Specific Format CAMT.053.001.02

Import data Checked

5. Remove the selection from the Workstation upload checkbox.6. Choose Save.7. On the View Variant Attributes screen:


Variant Name Name the variant according to the message type you choose. Example: MT940

Description Enter a description for the variant

8. Choose Save.

7.5 Maintaining Selection Variants for Bank Statements

The steps in this section continue from the steps performed in Creating Bank Statement Import Format Variant [page 31].

You need to set up the bank statement variant created for a given message type. You maintain the variant for a Sender ID/ Receiver ID and Message Type. The system processes incoming messages according to the message type specified in the web service interface.

For MT940 (bank statement), MX camt.053 and MT942 (account report), or MX camt.052, the report RFEBKA00 (transaction FF.5) is executed with the relevant variant, as configured in this customizing activity.

Prerequisites

You saved the variant in transaction code FF_5.

To set up the bank statement variant created for a given message type, perform the following steps:

1. Execute transaction code SPRO. Alternatively, go to SAP Reference IMG Multi-bank Connectivity Connector Maintain Selection variants for Bank Statements .

2. On the Change View Maintain Bank Statement Selection Variants Overview screen, choose New Entries:




Sender ID Input the bank identifier code (BIC)

Message Type Input the message type used for SAP Multi-Bank Connectivity

Message Type for Bank Statement

Variant Variant defined in Creating Bank Statement Import Format Variant [page 31]

Name of variant (without program name)


7.6 Lockbox Bank Statements Option

SAP Multi-Bank Connectivity customers have the option to receive and process Lockbox bank statements through SAP Multi-Bank Connectivity.

This section is only relevant for customers who have selected the option to receive and process Lockbox bank statements through SAP Multi-Bank Connectivity.

7.6.1 Creating Lockbox Import Variant

To create the import variant and configure the import format for bank statements, perform the following steps:

1. Execute transaction code FLB2.2. Open variant SAP&FSN_BAI, which is a standard example for the import of Lockbox messages through the

connector for SAP Multi-Bank Connectivity. If necessary, adjust the standard variant settings and save as a new variant.

7.6.2 Maintaining Selection Variants for Lockbox

You need to maintain the variant for a Sender ID/ Receiver ID and Message Type.

The system processes incoming messages according to the message type specified in the web service interface. For Lockbox messages, for example BAI or BAI2, the RFEBLB00 report (transaction FLB2) runs with the relevant variant, based on the following steps.

Prerequisites

You saved the variant in transaction code FLB2.


To maintain the variant for a Sender ID/ Receiver ID and Message Type, perform the following steps:

1. Execute transaction code SPRO. Alternatively, go to SAP Reference IMG Multi-bank Connectivity Connector Maintain Selection Variants for Bank Statements .

2. On the Change View Maintain Bank Statement Selection Variants Overview screen, choose New Entries.


Sender ID Input the bank identifier code (BIC)

Message Type Enter the message type used for SAP Multi-Bank Connectivity

Message Type for Lockbox, for example, BAI_LOCKBOX or BAI2_LOCKBOX

Variant Name of variant without the program name

The variant name defined in Lockbox Bank Statements Option [page 33].

3. Choose Save.4. Confirm the dialog box to save.

7.7 Maintaining Custom Sender IDs (Optional)

You can define a custom Sender ID for a Message Type and/or Receiver ID. For example, you can define different Sender IDs for communicating with different banks.

These custom Sender IDs are used by the connector for SAP Multi-Bank Connectivity when a message is created. For payment messages created using Payment Medium Workbench, the system uses the Customer Number maintained at house bank level as the Sender ID. Corresponding Custom Sender ID entries are ignored.

However, the system uses the Custom Sender ID you maintain in this customizing step as a fallback. It is used if the Customer Number has not been maintained at house bank level.

You can leave the Message Type and/or Receiver ID blank. The system treats such entries as relevant for all Message Types and/or Receiver IDs. In the event of multiple valid entries, the system uses the Sender ID you specify. This method is based on the SWIFT code, available as part of the house bank address control data. For the connector for SAP Multi-Bank Connectivity, the SWIFT code represents the Receiver ID: House bank Swift Code to connector for SAP Multi-Bank Connectivity Receiver ID.

1. Execute transaction code SPRO. Alternatively, go to SAP Reference IMG Multi-bank Connectivity Connector Maintain Sender/Receiver ID Mapping .

2. On Change View Maintenance of Sender IDs Overview screen, choose New Entries:


Message Type The previously used Message Type.




Receiver ID For outbound messages, this is the bank identifier code (BIC) of the bank. For inbound messages, this is the corporate identifier agreed with the bank.

Sender ID For outbound messages, this is the corporate identifier agreed with the bank. For inbound messages, this is the bank identifier code (BIC).



8 Preparing Outbound Payment

This section details the configuration of outbound payments using Payment Medium Workbench (PMW) as the default payment engine.

The File Pick-up Report in the connector for SAP Multi-Bank Connectivity facilitates the automated and regular transmission of data to SAP Multi-Bank Connectivity that has not been generated from PMW.

8.1 Payment Medium Workbench (PMW) and Files

The following are used for financial integration in the SAP ERP:

1. Payment Medium Workbench (PMW)/ DMEE: An SAP ERP tool that provides transformation and enrichment.

2. Files: SAP ERP Financials provides built in programs to produce and read files.

Corporates are not required to migrate, decommission, or change the way they currently use these tools.

To enable the integration technologies into your SAP ERP system, you need to:

● Configure Payment Workbench Medium Formats (PMW)● Configure File Pick-up Report (optional)

NoteOnly perform the steps that apply to your choice. For example, if you choose PMW, only perform the steps labeled PMW.

8.1.1 Configuring PMW

To maintain payment medium formats and assign payment medium type SAP Multi-Bank Connectivity Connector to the relevant formats, proceed as follows:

1. Execute transaction code OBPM1.2. Locate the format to be redirected to SAP Multi-Bank Connectivity from the Payment Medium Formats list.3. Choose Details.4. On the Change View Payment Medium Formats Details screen, maintain the following fields:


Electronic Payment Medium Mark the checkbox


Preparing Outbound Payment


Type

(for Electronic Payment Medium field above)

Select SAP Multi-Bank Connectivity Connector from the dropdown list

Country Select a relevant country code from the list

External Format Description Enter the external format, for example, PAIN.001.001.03

Documentation Module Enter FPM_DOCU_CGI_XML_CT

Struct. for Format Parameters Enter FPM_CGI

Mapping using DME engine Mark the checkbox

Company Code Mark the checkbox

House Bank Mark the checkbox

5. Choose the Customer settings for Format button.6. In the Dialog Structure, double-click Event Modules.7. On the Display View Event Modules Overview screen, check that the function module /BSNAGT/

FI_PAYMEDIUM_DMEE_20 is defined as the format for event 21.8. Choose Save.

8.1.2 Configuring File Pick-Up Report (Optional)

The File Pick-Up Report allows the connector for SAP Multi-Bank Connectivity to retrieve or pick up files from a predefined folder on the application server or network share, in the event that the customer wishes to transmit files to SAP Multi-Bank Connectivity that have not been generated in Payment Medium Workbench (PMW), for example, files routinely generated by an external system such as external payroll.

Connector for SAP Multi-Bank Connectivity provides a file interface that relies on logical file path configurations. The Pick-up Files report integrates the connector with other processes and third-party applications running on your SAP application server, that is, business processes other than an SAP ERP payment run. The Pick-up Files report reads files from a defined directory on the application server, and uses them to create messages in the appropriate format for SAP Multi-Bank Connectivity.

1. Execute transaction code FILE.2. On the Change View Logical File Path Definition Overview screen, choose New Entries.3. On the New Entries Overview of Added Entries screen, enter:


Logical Path Enter the logical file path for file pick-up

Name Define path name

4. Select the path name you just created.5. Choose Assignment of Physical Paths to Logical Path.6. On the Change View Assignment of Physical Paths to Logical Path Details screen, choose New Entries and

enter:

Configuration Guide for Connector for SAP Multi-Bank ConnectivityPreparing Outbound Payment PUBLIC 37


Syntax group Indicate the syntax for the file and path names

Example: “Windows NT” or “UNIX”

Physical path The physical path + < <FILENAME>

Example: “\\hostname\MBCShare\<FILENAME>”

NoteTo perform this step, contact your system administrator.

7. Choose Save.


Preparing Outbound Payment

9 Pulling Messages by Scheduled Background Jobs

In the context of SAP Multi-Bank Connectivity, an ERP always acts as a client and must be configured to poll SAP Multi-Bank Connectivity for data, such as bank status messages or bank statement messages. This section details steps to create the variant, and background scheduling to allow the system to pull data routinely from SAP Multi-Bank Connectivity.

1. For Pulling Message (/BSNAGT/MSG_PULL), go to SAP Menu Connector for SAP Multi-Bank Connectivity Pull Messages . If you want to limit the messages to be pulled, on the Pull Messages screen, fill in values in the fields for selection criteria. Otherwise, leave the fields blank to pull all messages. For example, PUSHPULL.

2. Choose Save as variant.3. To schedule the background job, execute transaction code SM36. Enter the Job Name and Job Class. For

example, PUSHPULL, Job Class: for example, C.4. Choose Spool List Recipient.5. Enter Recipient data. For example, the user who schedules the background job.6. Select the Copy checkbox and the Apply checkbox.7. Once the recipient is added, on the Define Job screen, choose Check.8. On the Create Step 1 screen, under ABAP Program, enter Name and Variant. For example:

Name: /BSNAGT/MESSAGES_PULLVariant: PUSHPULL

9. Choose Check and Save.10. On the Step List Overview screen, choose Back.11. On the Define Job screen, choose Start Condition.12. On the Start Time screen, set the job start time according to business needs.13. Choose Check and Save. On the Define Job screen, choose Save.

The system shows the job PUSHPULL saved with the status Released.14. Execute transaction code SM37. On the Simple Job Selection screen, enter the Job Name PUSHPULL, and

select Sched. for the Job Status. Choose Execute to check the status for the scheduled job.15. On the Connector Monitor screen, choose the Incoming tab. Messages pulled from SAP Multi-Bank

Connectivity are displayed.16. Check the Status field to see if the file is processed.

The file is processed.

Configuration Guide for Connector for SAP Multi-Bank ConnectivityPulling Messages by Scheduled Background Jobs PUBLIC 39

10 Troubleshooting Issues During Onboarding to SAP Multi-Bank Connectivity

This section offers guidance for commonly observed issues when onboarding to SAP Multi-Bank Connectivity.

10.1 How do I obtain a signed SSL Client Certificate?

If you are using SAP S/4HANA Public Cloud, the SAP team are responsible for the creation and signing of your SSL Client Certificate, which uniquely identifies your ERP system. Configuration is described in Configuring STRUST for Message Level Security [page 24].

In all other cases, it is the responsibility of the customer to create the keypair and undertake the process for third party CA signing. An SAP trusted certificate authority (CA) is required to sign the certificate used for Transport Level Security.

The most common approach is to create the keypair in STRUST and generate a Certificate Signing Request (CSR) and send it to an SAP trusted CA.

Alternatively, SAPGENPSE can be used to generate the keypair and corresponding CSR. Once the CSR has been processed by the CA, the CA returns the signed response, which is uploaded to the previously created key store – which in turn, converts the self-signed keypair into a CA Signed Keypair.

The CA that a customer uses is the decision of the customer – however, it must be an SAP trusted CA .

10.2 I cannot verify the connectivity on RFC destination in SM59

SAP Multi-Bank Connectivity requires the creation of three RFC destinations on an ERP. As part of the configuration, run a connectivity test on each destination. If the result of the connectivity test is not an HTTP:500 response, see the following:

● HTTP: 401 Response - This indicates that the client certificate of the ERP system is not authorized on SAP Multi-Bank Connectivity. Ensure that the RFC destination references the SSL Client Standard/ DFAULT key store. See Creating RFC [page 15].After verifying, and if the issue persists, contact your appointed SAP Multi-Bank Connectivity onboarding team member to validate that the ERP system SSL certificates are maintained correctly in SAP Multi-Bank Connectivity.

● HTTP: 403 / 404 Response - This indicates that the endpoint provided by SAP Multi-Bank Connectivity has been incorrectly configured in the system. Ensure that you have correctly entered the URL received from


Troubleshooting Issues During Onboarding to SAP Multi-Bank Connectivity

http://help.sap.com/disclaimer?site=https%3A%2F%2Fwiki.scn.sap.com%2Fwiki%2Fdisplay%2FSAPFS%2FTrusted%2BCertificate%2BAuthorities

SAP Multi-Bank Connectivity. Check the configuration steps for creating the RFC. See Creating RFC [page 15].If the issue persists, contact your appointed SAP Multi-Bank Connectivity onboarding team member to validate the address.

10.3 I receive a “No Concatenated Concept Exists” error when I send (payment run) or receive (Pull MBC Message) data

The Associated Integration Server parameter has not been correctly set.

See Specifying the Associated Integration Server [page 18], and ensure that the SAP Multi-Bank Connectivity Payment destination is set correctly in the Associated Integration Server field.

In the event that a dedicated integration server is available and correctly configured, for example as SAP PI / SAP PO system, contact your organization's system administrator for relevant details.

10.4 I receive data, but the system cannot decrypt the data

The necessary SSFA settings have not been entered correctly.

See Maintaining Secure Store and Forward (SSF) Profile Data, and ensure you have accurately copied from STRUST and pasted the subject of the SAP MLS Certificate into the Signatory / Recipient Name field, and that all the boxes are selected for the MLS activities in the SSFA configuration screen (Sign / Encrypt / Decrypt / Verify). Ask your bank to resend the data.

If issues persist, contact your appointed SAP Multi-Bank Connectivity onboarding team representative.

Configuration Guide for Connector for SAP Multi-Bank ConnectivityTroubleshooting Issues During Onboarding to SAP Multi-Bank Connectivity PUBLIC 41

https://help.sap.com/viewer/DRAFT/e27c0ce13c0d4227b54ab9efdbd5eed8/Latest/en-US/f38c2b16b6884f1fa844843518821b76.html

Important Disclaimers and Legal Information

HyperlinksSome links are classified by an icon and/or a mouseover text. These links provide additional information.About the icons:

● Links with the icon : You are entering a Web site that is not hosted by SAP. By using such links, you agree (unless expressly stated otherwise in your agreements with SAP) to this:

● The content of the linked-to site is not SAP documentation. You may not infer any product claims against SAP based on this information.● SAP does not agree or disagree with the content on the linked-to site, nor does SAP warrant the availability and correctness. SAP shall not be liable for any

damages caused by the use of such content unless damages have been caused by SAP's gross negligence or willful misconduct.

● Links with the icon : You are leaving the documentation for that particular SAP product or service and are entering a SAP-hosted Web site. By using such links, you agree that (unless expressly stated otherwise in your agreements with SAP) you may not infer any product claims against SAP based on this information.

Videos Hosted on External PlatformsSome videos may point to third-party video hosting platforms. SAP cannot guarantee the future availability of videos stored on these platforms. Furthermore, any advertisements or other content hosted on these platforms (for example, suggested videos or by navigating to other videos hosted on the same site), are not within the control or responsibility of SAP.

Beta and Other Experimental FeaturesExperimental features are not part of the officially delivered scope that SAP guarantees for future releases. This means that experimental features may be changed by SAP at any time for any reason without notice. Experimental features are not for productive use. You may not demonstrate, test, examine, evaluate or otherwise use the experimental features in a live operating environment or with data that has not been sufficiently backed up.The purpose of experimental features is to get feedback early on, allowing customers and partners to influence the future product accordingly. By providing your feedback (e.g. in the SAP Community), you accept that intellectual property rights of the contributions or derivative works shall remain the exclusive property of SAP.

Example CodeAny software coding and/or code snippets are examples. They are not for productive use. The example code is only intended to better explain and visualize the syntax and phrasing rules. SAP does not warrant the correctness and completeness of the example code. SAP shall not be liable for errors or damages caused by the use of example code unless damages have been caused by SAP's gross negligence or willful misconduct.

Bias-Free LanguageSAP supports a culture of diversity and inclusion. Whenever possible, we use unbiased language in our documentation to refer to people of all cultures, ethnicities, genders, and abilities.


Important Disclaimers and Legal Information

Configuration Guide for Connector for SAP Multi-Bank ConnectivityImportant Disclaimers and Legal Information PUBLIC 43

www.sap.com/contactsap

© 2022 SAP SE or an SAP affiliate company. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company. The information contained herein may be changed without prior notice.

Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors. National product specifications may vary.

These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP or its affiliated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP or SAP affiliate company products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.

SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. All other product and service names mentioned are the trademarks of their respective companies.

Please see https://www.sap.com/about/legal/trademark.html for additional trademark information and notices.

THE BEST RUN

https://www.sap.com/about/legal/trademark.html

configuration guide for connector for sap multi-bank

Documents