E-mail Guidelines

E-mail Guidelines

SAP helps protect your sensitive company information and ensures compliance with data protection regulations that may apply to our customers and partners (e.g. GDPR). However, it is your responsibility to ensure only the right people have permission to transact on behalf of your company, and only with the authorizations required to complete their tasks.

A valid e-mail address is mandatory for SAP Universal ID and all S-user IDs.

SAP is assisting customers and partners in their responsibility for users administration by introducing compliance checks on e-mail addresses.

Every existing and newly created S-user will be checked for compliance with the following rules:

E-mail Format Check: the syntax of the e-mail address must be correct. For more information, see SAP Knowledge Base Article 3146076 - What is the valid format for an S-user e-mail address?
Shared E-mail Address Check: a shared e-mail account, for example support@company.com, cannot be used
Duplicate E-mail Address Check: an e-mail address cannot be used by another S-user under the same customer number
E-mail Domain Check: Cloud and Super Administrators are required to maintain an official list that represents their company, subsidiaries, and/or COEs in the Maintain E-mail Domain application tool to ensure users match their corporate e-mail addresses

Important Information:

SAP will neither disable, deactivate nor delete any of these highlighted users.

SAP will only highlight users with non-compliant e-mail addresses in the User Management application.

Technical Communication Users are explicitly excluded from these rules.

Maintain Allowed Company Domains

Super and Cloud Administrators are required to maintain an official list of their company's e-mail domains, ensuring that S-users match their corporate e-mail address.

Cloud and Super Administrators can access the application via the direct link Maintain E-mail Domain application, or from the User Management application (Manage Services >> Maintain E-mail Domain application).
Cloud and Super Administrators can add, and regularly maintain, all official e-mail domains that represent a company, subsidiaries, and/or COE.
User creation is not possible if no domain or an incorrect domain is stored in the Maintain E-mail Domain application.
Only e-mail domains used for corporations (e.g. @sap.com) are compliant with the Identity and User Management Policy.
Public or free e-mail sites (e.g. @gmail.com) are still allowed and are highlighted and treated as a non-compliant domain.

A minimum of one domain is required. For your own security, please do not add domains that are not associated with your company.

The information will be used to validate S-users' e-mail addresses - those that do not comply will be highlighted in the User List, User Profile and Contact Detail Page of the User Management application.

In future, if a new S-user ID is requested or an existing S-user changes their e-mail address, only those that successfully match corporate domains will be allowed, while others will be rejected. Super and Cloud Administrators may choose to override if necessary. Nevertheless, Super and Cloud Administrators will still be allowed to use public or free e-mail sites after entering an acceptable reason in the note field either in the user creation form or in the users contact detail page.

One example of improved compliance is that SAP for Me notifications will then only be sent to corporate e-mail domains.

For more information:

see SAP Knowledge Base Article 3025172 - How to add or remove e-mail domains for my customer number - SAP for Me
Watch the video Adding and Removing Email Domain in SAP for Me

Blocking of Shared E-mail Addresses

To enhance security and improve data quality, we have introduced governance for e-mail addresses used by all new SAP Universal IDs and S-users.

SAP Universal IDs are owned by a person with a unique e-mail address (1 person = 1 user). Therefore, we are now blocking e-mail addresses commonly shared by groups.

For example, support@sap.com is not a personal, unique e-mail address and cannot be used to create an SAP Universal ID. This restriction has also been added to the User Management application in SAP for Me.

For more information, see SAP Knowledge Base Article 3025162 - ERROR: Our policy does not allow the use of this e-mail address as it is used as a shared e-mail address. Please use a unique e-mail address - SAP for Me

E-mail Duplicate Check

We have introduced a duplicate check for every newly created S-user, within the same customer number, based on a unique and individual e-mail address.

S-user account creation with duplicate e-mail addresses is no longer supported for data quality, security, and compliance reasons. Additionally, cleansing of e-mail duplicates has already led to significantly faster S-user creation.

For more information, see SAP Knowledge Base Article 3032024 - Error: This e-mail address already exists for your selected customer. Our policy does not allow the use of an existing e-mail address for the same customer - SAP for Me

More Information