Everything ITAM teams, CIOs, and procurement leaders need to know about SAP licensing: perpetual vs subscription models, named user types, S/4HANA migration, RISE with SAP, indirect and digital access, cloud services, audit preparation, and cost optimisation strategies.
| Factor | Perpetual Licensing | Subscription Licensing |
|---|---|---|
| Cost model | Large upfront licence fee (CapEx) plus ~20–22% annual support | Recurring monthly/annual fees (OpEx) — no perpetual ownership |
| Ownership | Customer owns licence entitlements indefinitely. Software usable even if support is dropped | Access ends when subscription ends. No perpetual use rights unless negotiated |
| What’s included | Software licence only. Support, infrastructure, and hosting are separate | Often bundles software, support, hosting, and management (e.g., RISE with SAP) |
| Flexibility | Can accumulate shelfware, but licences can be reallocated internally | Scaling up is straightforward; scaling down may require waiting until renewal |
| Long-term cost | Front-loaded. Support fees continue but the licence itself doesn’t expire | Cumulative cost may exceed perpetual over 5+ years. Must evaluate TCO carefully |
| Examples | Traditional SAP ECC, on-premise S/4HANA | RISE with SAP, SuccessFactors, Ariba, Concur, Fieldglass, S/4HANA Cloud |
Regardless of model, all SAP entitlements are defined in formal ordering documents. Maintain copies of all SAP licence agreements, order forms, and SAP Software Use Rights documentation. Verify that metrics and rights in the contract match your understanding — and track purchase history, including any special amendments, migration credits, or discount arrangements.
Read more about SAP Licensing Models.
SAP’s licensing types divide into Named User licences and Package (Engine) licences, each with specific metrics:
Every individual accessing SAP requires a Named User licence. Licences are assigned by user type based on the level of access:
| User Type | Access Level | Typical User Profile |
|---|---|---|
| Professional | Full operational access across all SAP modules | Finance specialists, supply chain managers, power users |
| Limited Professional / Functional | Access restricted to specific functional areas | Users performing limited functions — e.g., HR only, procurement only |
| Employee / ESS | Basic self-service tasks only | Employees doing time entry, expense submission, viewing HR data |
| Developer | Development tools (ABAP workbench) plus professional access | ABAP developers, configurators — limited to those needing programming access |
| Project | Temporary access for project-based work | External consultants, implementation team members on fixed-term engagements |
In addition to users, SAP sells licences for specific modules or “engines” measured by business metrics. Read the full guide on SAP Package/Engine Licences.
| Metric Type | Example |
|---|---|
| Employee/capacity-based | SAP Payroll licensed per employee processed; SRM per number of vendors |
| Transaction/order-based | Sales order line items per year; service tickets recorded annually |
| Revenue/spend-based | Retail industry engine by revenue; Ariba Network by procurement spend volume |
| Hardware-based | SAP HANA database licensed in increments of 64GB memory |
“The number one SAP licensing mistake we see is user misclassification. Organisations assign everyone as a Professional user ‘just to be safe’ — wasting millions in over-licensing — or they default to the cheapest category and accumulate massive compliance gaps. The right approach is maintaining a clear, documented mapping of job roles to SAP user licence types, reviewing it quarterly, and adjusting proactively. We’ve seen organisations cut SAP licensing costs by 25–30% simply by right-sizing user classifications based on actual transaction patterns.”
— Fredrik Filipsson, Co-Founder, Redress ComplianceSAP S/4HANA introduced updated licensing that ITAM practitioners must navigate carefully. The migration from ECC to S/4HANA is not just a technical upgrade — it’s a licensing transformation.
| S/4HANA Category | Access Level | ECC Equivalent |
|---|---|---|
| Professional Use | Broad usage across S/4HANA Enterprise Management suite | Professional User |
| Functional Use | Full access to specific functional areas but not all areas | Limited Professional (approximate) |
| Productivity Use | Basic tasks, self-service, approvals, data inquiry | Employee Self-Service (approximate) |
| Developer Use | Development tools in S/4HANA | Developer User |
Many S/4HANA contracts use FUEs — a points-based system where each user type is a fraction of a “full” user. For example: 1 Professional = 1.0 FUE, 1 Functional = 0.5 FUE, 1 Productivity = 0.1 FUE. SAP sells S/4HANA licensing in blocks of FUEs rather than fixed counts, giving flexibility in how you mix user types within the pool.
| Approach | Licensing Implication |
|---|---|
| Greenfield (new implementation) | Negotiate a fresh S/4HANA contract. No automatic credit for past ECC investment — but competitive bidding and trade-in discussions can yield discounts |
| Brownfield (in-place conversion) | Engage in SAP’s licence conversion programme. ECC entitlements mapped to S/4HANA equivalents — often with an uplift fee |
Running ECC and S/4HANA simultaneously during migration can temporarily double usage. Ensure your licences cover both environments, or negotiate temporary licences for the transition period. S/4HANA also requires the HANA database — verify whether your contract includes HANA runtime licences or whether that’s an additional engine to purchase.
Covers the licensing, commercial, and operational factors that determine whether the move makes financial sense.
RISE with SAP bundles SAP’s software and infrastructure into a single subscription contract. It is typically a 3–5 year commitment covering S/4HANA Cloud, infrastructure and technical management, SAP BTP credits, and support.
| RISE Component | What’s Included | ITAM Implication |
|---|---|---|
| S/4HANA Cloud | Public Cloud (multi-tenant SaaS) or Private Cloud Edition (single-tenant). Software licences embedded via FUE count | Must monitor FUE consumption closely. Exceeding contracted FUEs triggers expansion or true-up |
| Infrastructure | Hyperscaler hosting (Azure, AWS, GCP) or SAP data centre. Technical services included | No separate hosting contract needed — but you lose control over the environment |
| SAP BTP | Starter package of Business Technology Platform credits for extensions, integrations, and custom development | Monitor BTP credit consumption — overages incur additional charges |
| Support | Enterprise Support included in subscription. No separate maintenance fees | Simplifies cost structure — but verify SLA terms for uptime and cloud-specific service levels |
“RISE with SAP fundamentally changes the licensing game. You stop counting individual users and engines on-premises and commit to a subscription scope instead. This simplifies day-to-day compliance — but it shifts the risk to contract negotiation. If you over-provision, you’re locked into paying for unused capacity for the entire 3–5 year term. If you under-provision, expansion costs are rarely favourable. The critical moment is before you sign — model your FUE requirements accurately, negotiate price protections for growth, and most importantly, negotiate an exit strategy.”
— Fredrik Filipsson, Co-Founder, Redress ComplianceIndirect access — when external systems or users interact with SAP without logging in directly — is one of the trickiest SAP licensing areas. In 2018, SAP introduced the Digital Access model to address it.
Instead of licensing indirect interactions by user, SAP’s Digital Access model licences by documents created. SAP identified nine key document types representing business outcomes. When an external system creates one of these document types in SAP, it consumes a licence count. Customers purchase blocks of documents (often in packs of 1,000).
| Aspect | Detail |
|---|---|
| What’s counted | Creation of nine key business document types by external/unlicensed sources |
| What’s not counted | Reading/querying data, updates/deletes to existing documents, documents created by licensed named users |
| Purchasing model | Blocks of documents (e.g., 100,000 documents/year). Exceeding the count triggers true-up |
| Hybrid approach | Digital Access covers indirect scenarios only — you still maintain named user licensing for direct users |
Connecting new systems to SAP is never “free.” An IT department builds a mobile app that creates service requests in SAP, or integrates a CRM that writes sales orders — without licensing those interactions. During an audit, SAP identifies thousands of documents created by unlicensed sources. Always involve ITAM in the design phase of any new SAP integration. Read the full guide: Top 10 Pitfalls in SAP Digital Access.
| Service | Licensing Model | Compliance Considerations |
|---|---|---|
| SuccessFactors | Per employee/user per year. Modules can be purchased individually or bundled | SAP tracks active users automatically. Growth beyond purchased count = non-compliance at renewal |
| Ariba | Ariba Network: transactional metrics. Applications: per named user or enterprise spend | Usage spikes if procurement spend increases. Verify Ariba-to-ERP integration doesn’t trigger indirect access issues |
| Concur | Per active employee user per year for Expense and Travel | Ensure ex-employees are removed promptly. Monitor if new divisions start using Concur |
| Fieldglass | Per active external worker managed in the system | Unexpected contractor increases can exceed licensed count. Reconcile worker numbers periodically |
Practical, field-tested strategies covering right-sizing, shelfware elimination, digital access optimisation, RISE evaluation, and negotiation tactics.
| Environment | Licensing Rule | ITAM Guidance |
|---|---|---|
| Development / Test / QA | No separate “dev licence” needed. A named user’s licence covers all SAP systems | Every individual using SAP — even in test only — must be a licensed named user |
| Disaster Recovery (cold standby) | If DR system is completely idle, separate licences are not required | When DR is activated, your existing user licences cover usage. Don’t run prod and DR active-active without additional licensing |
| DR test (10-day rule) | Annual DR tests running prod and DR simultaneously for limited periods are generally accepted | Document test dates and duration. Demonstrate temporary parallel use was for DR testing only |
| High Availability | Failover node in hot standby — no extra licence if only one node serves users at a time | HANA active/active read-enabled replicas may require licensing both nodes. Clarify with SAP |
| Training / Sandbox | Allowed — but users accessing them must be licensed named users | Avoid generic shared accounts for training. Assign proper temporary named users |
| Pitfall | Why It Happens | Consequence |
|---|---|---|
| Named user misclassification | Users assigned to cheaper licence types than actual transactions warrant | Audit finding requiring upgrade to higher licence type with back-support fees — often the single largest SAP audit exposure |
| Generic or shared accounts | Single login used by multiple users (e.g., warehouse shift account) | Violation of SAP’s named user requirement. Each person needs their own licence |
| Inactive users not retired | Employees leave but SAP accounts remain active. No HR-to-IT deprovisioning process | SAP audit counts all active named users. Maintaining unused accounts wastes licence allocation |
| Engine overuse / untracked metrics | SAP doesn’t enforce caps in software — engines work on the honour system | Audit discovers usage exceeding purchased quantities. Remediation at SAP’s pricing |
| Indirect access not addressed | IT connects new systems to SAP without assessing licensing impact | Thousands of unlicensed documents created. Audit finding with potentially millions in back-compliance fees |
| Cloud module headcount drift | SuccessFactors/Concur user count grows as company hires | Out of compliance at renewal — SAP invoices for excess at less favourable rates |
Comprehensive guide to preparing for SAP’s licence audit — from self-assessment through negotiation to resolution.
SAP conducts licence audits (typically via SAP’s Licence Audit and Compliance team) using the LAW (Licence Administration Workbench) measurement tool. ITAM practitioners should:
| Preparation Step | Detail |
|---|---|
| Run USMM/LAW regularly | Run these proactively at least annually to understand your compliance position before SAP asks |
| Reconcile users vs entitlements | Compare LAW output against contractual entitlements. Identify gaps — users in higher categories than purchased, engine metrics exceeding contracted quantities |
| Clean inactive accounts | Lock or delete users who haven’t logged in within 90 days. SAP’s audit tools can exclude locked users — but only if properly marked before the measurement |
| Document all interfaces | Inventory every non-SAP system that reads from or writes to SAP. Determine which interfaces create documents. This is the basis for Digital Access compliance |
| Prepare your position | If gaps exist, develop a remediation plan before the audit. Proactively approaching SAP is always more favourable than being caught |
| Engage expert support | For significant audits, engage independent SAP audit defence advisory. Audit results are often the start of a negotiation |
| Strategy | Detail |
|---|---|
| Right-size user classifications | Analyse actual transaction patterns and downgrade users who don’t need Professional access. Organisations typically cut 25–30% by moving infrequent users to cheaper tiers |
| Eliminate shelfware | Identify unused licences via SAP usage reports. Stop paying ~22% annual support on modules nobody uses — consider formal decommission |
| Implement continuous lifecycle management | When employees leave or change roles, promptly reassign or remove SAP access. Conduct quarterly reviews |
| Optimise Digital Access | Model whether the document-based model is cheaper than adding named users. Use SAP’s estimation tools to forecast document volumes |
| Leverage renewal and migration events | Support renewals, S/4HANA migrations, and RISE evaluations are all negotiation opportunities |
| Negotiate contract protections | Price caps on annual increases, FUE rate locks, exit-to-perpetual clauses in RISE, true-down provisions, and clear data portability terms |
| Monitor cloud service usage | For SuccessFactors, Ariba, Concur — track actual usage against contracted volumes monthly |
“SAP licensing optimisation isn’t a one-time event — it’s a continuous discipline. The organisations that save the most are those that treat SAP licensing as an ongoing programme: quarterly user reviews, monthly interface monitoring, annual self-audits, and strategic preparation 12+ months before any contract renewal or migration event. The difference between a reactive organisation and a proactive one can easily be seven figures per year in SAP licensing costs.”
— Fredrik Filipsson, Co-Founder, Redress Compliance| Recommendation | Detail |
|---|---|
| Maintain a complete licence register | Document every SAP entitlement — perpetual licences, subscriptions, user types, engine metrics, cloud services. Include contract terms, renewal dates, and amendment history |
| Map roles to licence types | Create a governance matrix mapping job roles to required SAP licence types. Distribute to SAP security teams |
| Run quarterly self-audits | Use USMM/LAW tools to measure your compliance position quarterly |
| Inventory all interfaces | Catalogue every third-party system connecting to SAP. Require ITAM sign-off before any new SAP integration goes live |
| Plan S/4HANA migration licensing early | Assess user mapping, FUE sizing, HANA database licensing, and engine conversions at least 12 months before migration |
| Evaluate RISE independently | Model 5–10 year TCO against on-premise and hybrid alternatives. Negotiate exit clauses, price protections, and conversion rights. RISE advisory → |
| Coordinate with HR on user lifecycle | Automate user provisioning and deprovisioning linked to HR systems |
| Engage stakeholders on cost | Communicate SAP licensing costs to finance and business leaders. When executives understand idle modules cost ~22% annually, they’re more willing to decommission |
| Benchmark and negotiate | Use independent negotiation advisory. SAP’s initial pricing is rarely the best available |
Inventory all SAP entitlements and deployments — Compile a complete register of perpetual licences, subscriptions, cloud services, user types, engine metrics, and contract terms. Reconcile against actual SAP system installations and user counts.
Run a compliance self-assessment — Execute USMM/LAW measurement across all SAP systems. Compare output against entitlements. Identify misclassified users, exceeded engine metrics, unlicensed interfaces, and cloud service overages.
Remediate gaps and right-size — Downgrade over-licensed users, remove inactive accounts, address indirect access exposure, and reclaim shelfware. Quantify the savings and the residual compliance risk for executive reporting.
Establish ongoing governance — Implement quarterly self-audits, automated user lifecycle management, ITAM sign-off for new integrations, and role-to-licence-type governance. Make SAP licence management a continuous programme.
Prepare for the next commercial event — Whether it’s a support renewal, S/4HANA migration, RISE evaluation, or audit response — start preparation 12+ months in advance. Model scenarios, develop negotiation positions, and engage independent advisory.
Our independent SAP licensing assessment covers your entire SAP landscape — perpetual licences, subscriptions, cloud services, user classifications, engine metrics, digital access exposure, and RISE readiness. We identify compliance risks, quantify savings opportunities, and develop actionable remediation plans.
From support renewals to RISE contracts to Digital Access negotiations — field-tested tactics that consistently deliver better SAP outcomes.
📂 Explore all SAP licensing guides — SAP Knowledge Hub →