In the SAP system, go to SAML2 transaction and make sure that the local provider is enabled. It it is not done, configure according to standard SAP documentation.
Please ensure, that provider name in the Local Provider tab in SAML2 transaction set in format https://<hostname>:<port>, elsewhere it might cause issues once non-default client should be accessed.
Open the Trusted Providers tab and select oAuth Identity Providers. Create a new one, using the file and certificate downloaded in Chapter 9 Create Azure AD Enterprise Application for SAP Backend.
Then add the email as NameID format and activate the service provider.
Go to SU01 and create a system user that will be used for oAuth2 configuration. No roles or profiles are required to be assigned to this user.
Go to the transaction of /n/IWFND/MAINT_SERVICE, find service ZBOT_CENTRAL_SERVICE_SRV and enable oAuth for it:
Next, go to the SOAUTH2 transaction and create a new client using the user ID created in the previous step.
Maintain the settings as in the screen below
For IdP, select the Trusted Provider created in the previous steps. For URL redirect, set https://<sap system hostname and port>/sap/bc/sec/oauth2/token
Next, add the scope for oData service ZBOT_CENTRAL_SERVICE_SRV
Paste the following values into the fields in SAP UI5 application
Where
User ID and oAuth 2.0 client ID is the SAP user id created for oAuth;
oAuth2 scope ID is typically ZBOT_CENTRAL_SERVICE_SRV_0001 (configured in this chapter above);
Token endpoint is typically https://<hostname and port of sap system>/sap/bc/sec/oauth2/token