SAP Customer Data Cloud Positions


Skip to end of metadata
Go to start of metadata


This page is a step-by-step guide for the process of opening and setting up an external application in Apple as part of the Site Setup process, to enable the "Sign In with Apple" option on your social login widget.


If your site is defined under one of Customer Data Cloud's non-US data centers, replace domain references to (http:// or https://) " " (or " ") with "socialize.<DC> ". Where <DC> is the region of your Data center (e.g., " "  for European Data center).

Domain references are defined in the Console , externally in social network app definition pages, and when using the SAP Customer Data Cloud SDKs to set the domain (in particular the APIDomain  field in class GSRequest ).


Phase 1 - Create Your App

  1. To enable web login using Apple, follow the instructions located at You can also check out Apple's Getting Started guide. Save your Client ID and Secret for the next step.
  2. While setting up your Apple application, ensure you configure your redirect URIs (Return URLs) correctly pointing to your CNAME.


    Finding your data center.


Phase 2 - Configure Apple Sign in the SAP Customer Data Cloud Console

Provider Configuration

  1. Open the Providers Configuration page of the Console.
  2. Select Apple from the list of providers.

  3.  In the dialog that appears, from the Apple app configuration page still open from Phase 1, copy and paste the relevant information into the corresponding fields of the dialog.
    1. Sevices ID: See Apple documentation. You must manually create the Services ID by going to Certificates, Identifiers & Profiles -> Identifiers and select Services ID from the options and press Continue. Enter a friendly description and an identifier (name); be sure to select the Sign in with Apple option and then open the Configure window. In the Configure window, ensure that the the APP ID is correct and add the Web Domain to be used with the specified app.

    2. Key ID: See Apple documentation
    3. Team ID: This is the identifier of the ‘Apple developer account’. Can be found in the Membership section of Apple' developer portal.
    4. Private key Important: The Sandbox and Live credentials are different, ensure you are copying the keys from the Live version of your app. You must not include the begin and end tags.
    5. Be sure to check the Enable CName box, if you are using a CName in your app's Return URL field from Phase 1 (above).
    6. Select Secure redirects only to allow only HTTPS redirects from Apple.

  4.  Click OK to close the dialog.
  5. Press the Save Settings button in the lower-right of the Providers Configurations page.

  6.  That's it, Apple configuration is complete! Please note that it can take from up to 3 hours for configurations made in Apple to become synchronized.

    If you have issues getting your app to function properly due to entering an incorrect Return URL during the initial app setup, it is often more effective to create a new app, being sure to enter the correct Return URL at setup, then waiting on Apple to synchronize a change.

Button Configuration

Apple have provided guidelines for configuring "Sign in" buttons to use in your apps. The buttons provided when using SAP Customer Data Cloud Screen-Sets enable you to comply with Apple guidelines: 

  1. In the Console, open the UI Builder. 
  2. Open the registration-login screen in which you wish to offer Apple sign-in.
  3. Select the social login widget. 
  4. In the Properties pane, add "apple" (in lower case) to the list of supported providers. 

  5. Under Button Style, select 'Sign in with". 
  6. Under Theme, you can choose between 'Normal' (black background) and 'Light' (white background). The light theme will only be applied to the 'Sign in with Apple' button, and not the other providers.

  7. Save your changes. 


Sending Email to Apple ID Accounts

To be able to send account related emails to Apple ID email addresses, you must set up a local mail server that SAP Customer Data Cloud can use to send these emails. To begin, you need to complete the following steps.

Additional information regarding private emails:


The following options are available to send account emails: 

  1. Using Customer Data Cloud servers (Standard behavior and enabled by default)
  2. Using your own SMTP server
  3. Using Customer Data Cloud servers via an email relay (only available if the first two options are not possible)

Using Customer Data Cloud servers (default)

Using this option is the default configuration for all Customer Data Cloud customers and requires no additional setup. System (account) emails will be sent to users using Customer Data Cloud's email servers.

Using your own SMTP server

This option allows Customer Data Cloud to send system (account) emails via your organization's email server.

There are cases when you may need to send SAP Customer Data Cloud emails to your users from your own domain name and not the Customer Data Cloud servers

The steps you then need to perform are as follows:

  • Provide SAP Customer Data Cloud with the IP or IP's of your email server or servers.,
  • Provide SAP Customer Data Cloud with the server credentials (i.e., username and password).
  • Provide SAP Customer Data Cloud with at least one email From address.
    • This needs to match the email address(es) that you will configure in the email template headers of the SAP Customer Data Cloud Console. It can be a valid address, e.g., or an invalid address, e.g.,, however, it must match what you configure in the console (so the emails are routed correctly).
  • Let SAP Customer Data Cloud know if your server(s) use a port other than 25 for SMTP.

SAP Customer Data Cloud will then provide you with information to complete the setup process:

  • You will receive a list of IPs of the mail servers that will forward the emails to your SMTP server that you will need to add to your whitelist, if using one.

Changes To Email Templates

Be sure to update the header information in any email templates you have created to reflect the changes (if necessary). If you are using SAP Customer Data Cloud placeholders, these will update automatically.

It is important to note:

  • Server based changes such as these are global for the account (domain/DNS record) and can not be restricted to any single API key.
  • Changing the From address of your email templates without first completing the steps outlined above will have no effect on the server that sends the emails and will only allow users to reply to your specified From address.


If you are using email forwarding (SMTP relay) to send emails from your own servers, make sure to whitelist the relevant IP addresses. For an updated list, see Whitelisting Gigya IP Addresses

Using Customer Data Cloud servers via an email relay (only available if the first two options are not possible)

When using this option, Customer Data Cloud will create a unique instance for your organization inside our email servers which will allow you to send emails as if they were from your organization directly.

This configuration will be available only in special situations when option #2  is not a viable solution.

If you are using this option, after we configure your account:

  • You will receive a list of DNS records related to SPF and/or DKIM.
  • Use this data to configure your DNS service.


Comparison Table

Email ConfigurationEmail AliasDMARC/SPF SupportSPF Record Maintenance/lengthShared ReputationLogsSupport
DescriptionWhen an email is sent from an email address where the FROM address differs from the domain it was sent from.Access to configuration of DMARC and SPF records on the email server and these records can be verified.If you need to add additional SPF records, reducing the risk that they exceed the size limit [RFC 4408 Section 3.1.4]Email server reputation is monitored by several organizations that maintain lists of email servers that send spam, so these messages can be filtered by many prominent email providers (Gmail/Hotmail/Etc.)The ability to search logs of emails, i.e., sent, received, or failed statuses.Whether direct access is available to open support tickets when there are problems with the email service.
Option #1 (default)

Option #2 (SMTP relay)*

If it is an existing provider that has already been configured before.

If your email service provides access to these records.

Option #3 (CDC Relay)*

* This is the URL of your organization's email server (MX record).


Requesting Change of Service

To request a change to your email configuration to either option #2 or option #3, notify SAP Customer Data Cloud via the Support tab in the Console or following the instructions at Opening A Support Incident.


Additional Information

DMARC is only applicable when using your own SMTP mail servers (option #2) or when using a Customer Data Cloud sub-account relay (option #3).


Unable to render {include} The included page could not be found.


Apple Email Server Verification

Once your mail server is set up you then need to authorize your server with Apple. See the following link to complete Apple verification.


Frequently Asked Questions

 Can I use Apple as a login option in my Android app?

Yes. You can implement Apple Sign-in like any other social network, by adding 'apple' to the enabledProviders/provider parameter of the applicable method. See accounts.notifySocialLogin REST for more information.



Additional Information

For more information on configuring your Apple application, see:


Email Scope

Apple only returns an email for the user in the very first (initial) login response to your application for that user. Any additional logins performed by the user will NEVER receive an email address from Apple for the user on logging into your app. This may be an important caveat if you have any flows that require a valid email address to login. For any other flows that require an email, be sure to call getUserInfo after the user logs in so you can access the user's previously stored email address.






  • No labels