@Tan, Eripan Thanks for reaching out. Please find my inline comment.
Is there any expiration for this? or maybe connector will refresh the token after expired?
Connectors take care of the renewal of tokens. Once you have entered the credential you don't have to update it again until you change your account credential.
What is the recommendation of account for this login? Is it just normal user account or there is something like "Service Principal" concept?
It depends on your business requirements. If you want to use the same account for authentication of different applications in azure, then you can create it as a service principle. Otherwise, a normal account can be created, and you can assign permission to that account in the SAP and salesforce end.
Feel free to get back to me if you have any queries or concerns.