SAP runs annual audit measurement on every customer. Customers who treat it as a procurement exercise hold settlements close to actual usage. Customers who treat it as IT compliance hand SAP eight figure findings.
SAP runs annual audit measurement on every customer carrying an active maintenance agreement. The audit looks like a routine compliance exercise on the surface and behaves like an SAP commercial event in practice. Customers who treat audit measurement as a procurement exercise consistently turn it into a settlement that stays close to actual usage. Customers who treat it as an IT exercise hand SAP an opening to convert technical configuration drift (extra named user roles, indirect access on Salesforce or Workday, Digital Access on bot generated documents, engine consumption above contracted levels) into eight figure settlement bills. This pillar sets out the ten step audit preparation toolkit, the LAW report mechanics, named user mapping discipline, indirect and Digital Access defense, engine usage reconciliation, and the eleven move buyer side response that holds settlements to 15 to 50 percent of the SAP opening position. For surrounding context read the SAP services practice, the SAP knowledge hub, the SAP RISE Negotiation Guide, the SAP Audit Defense Service, and the SAP Indirect Access and Digital Access guide.
The License Administration Workbench (LAW) is the SAP tool customers use to consolidate user and engine measurement across their estate. The output is the customer's official submission to SAP for annual audit measurement. Three principles matter. First, the LAW report is the customer's document, not SAP's; the customer chooses when to run it, what to include, and how to classify users. Second, raw LAW output without cleansing routinely overstates licensable consumption by 15 to 30 percent due to dormant users, misclassified roles, and orphan accounts. Third, SAP receives only the LAW output the customer submits; field measurement only happens if SAP escalates beyond LAW review. Run LAW 90 days before SAP requests it, cleanse the output, and submit the cleansed version.
SAP named user license types follow a hierarchy with material price differential. Professional User (typically $4,500 to $5,500 list per user) sits at the top with full transactional access. Limited Professional User (typically $2,500 to $3,500) covers production line and retail roles. Employee User (typically $250 to $400) covers self service ESS/MSS access. Developer User covers ABAP development access. The buyer side opportunity is to right size every assigned license against actual usage. Three structural patterns drive overcounting: assignment of Professional User where Limited Professional or Employee would suffice; orphan accounts left active after employee departure; users assigned to multiple SAP systems with the highest license type carrying across.
| Named user type | Indicative list per user | Best fit |
|---|---|---|
| Professional User | $4,500 to $5,500 | Full transactional access, finance, supply chain power users |
| Limited Professional User | $2,500 to $3,500 | Production line, retail, restricted transaction set |
| Employee User | $250 to $400 | ESS/MSS self service, expense reports, time entry |
| Developer User | $3,500 to $4,500 | ABAP development, customization access |
Indirect access is the SAP licensing rule that requires a Named User license for any human or system that "uses" SAP, even when accessing through a third party application. The classic example is Salesforce sales reps creating orders that flow to SAP for fulfillment; SAP's position is that every Salesforce user creating those orders requires an SAP Named User license. Indirect access settlements are routinely the largest line in SAP audit findings, sometimes running into eight figures for high transaction volume customers. Two structural defenses matter. First, document every integration architecturally with input volumes and user counts; vague integration scope favors SAP's expansive interpretation. Second, evaluate Digital Access conversion; SAP's Digital Access pricing converts indirect access exposure to per document pricing that is often more favorable than per user.
Digital Access is SAP's 2018 successor licensing model for indirect access. Instead of licensing every external user touching SAP, customers license the documents created by external systems. Nine document types fall under Digital Access: sales documents, invoice documents, purchase documents, service and maintenance documents, manufacturing documents, quality documents, time management documents, financial documents, material documents. Pricing is typically $0.10 to $0.40 per document per year depending on volume tier. The Digital Access model is more favorable than per Named User indirect access for high volume bot driven document creation; less favorable for high user count low volume integrations.
SAP engines (HANA database, BW/4HANA, IS-U for utilities, SAP Hybris, etc.) license separately from named users. Each engine has a distinct measurement metric. HANA licenses by memory (typically $5,000 to $7,000 per 64GB block at list). BW/4HANA licenses by memory similarly. IS-U licenses by meter point. The audit measures engine consumption against contracted entitlement. The buyer side preparation is to measure each engine quarterly, document the actual consumption against contract, and resolve any drift before SAP measurement begins.
For settlement modeling, the indicative anchors below reflect what we see on SAP audit settlements in 2026.
Redress runs a four phase SAP audit preparation engagement. Phase one is the proactive LAW review, which generates and cleanses the LAW report 90 to 180 days before SAP measurement. Phase two is the indirect and Digital Access exposure assessment, mapping every integration and modeling both pricing options. Phase three is the audit response when SAP measurement begins, managing the LMS engagement and resisting scope expansion. Phase four is the settlement negotiation, converting findings to forward consumption commit where possible and bundling with renewal discount. Read the Vendor Shield program, the SAP Audit Defense Service, and the SAP License Optimization Service.
Redress is independent and 100 percent buyer side. Industry recognized, 500 plus enterprise clients, $2B plus under advisory across 11 vendor practices. Read the SAP services practice, the SAP knowledge hub, and the case studies library, or contact us to scope an SAP audit preparation engagement.
A buyer side framework for the SAP renewal cycle, the SAP master agreement, and the broader SAP commercial framework.
Independent. Buyer side. Built for SAP customers running the next renewal cycle.
Open the white paper in your browser. Corporate email only.
Open the Paper →SAP came back with a $14M indirect access finding tied to our Salesforce integration. Redress walked us through the actual document flow architecture, modeled both Digital Access and Named User pricing, cleansed the LAW report, and converted the finding to a forward Digital Access commit bundled with our renewal. Final settlement: $3.2M, with a clean three year SAP contract and the indirect access scope finally documented in writing.
Confidential consultation. No follow up sales call unless you ask for one.
Vendor signals, commercial signals, settlement signals, and the broader competitive leverage signals across all eleven vendor practices.
White Paper · SAP
SAP License Audit Survival Guide
An SAP license audit targets named user misclassification, indirect access, and LAW report gaps. Read it free.
SAP runs an annual System Measurement through the License Administration Workbench, and the results plus any merger, S/4HANA conversion, or new third party integration can trigger a deeper audit. Indirect or digital access is the most common escalation point.
Indirect access is when a non SAP system or external user reads or writes SAP data without a named user license, for example an ecommerce site creating sales orders in SAP. SAP's 2018 digital access model prices this by document type, and unmeasured indirect use is the largest source of surprise findings.
Run your own System Measurement before SAP does, reconcile named users against actual activity, and map every interface that touches SAP to either a license or the digital access document model. Self measurement removes SAP's information advantage at the negotiation table.
SAP classifies users into types such as Professional, Functional, and Productivity, each with a different price, and over classification is common. Reclassifying inactive or light users to a lower type, and removing duplicates, often cuts the measured liability before any commercial discussion.
Yes. An SAP audit finding is an opening position, not a final bill, and it is routinely settled below the initial number when tied to a forward looking purchase such as a RISE or S/4HANA commitment. Contest the underlying measurement before paying any back maintenance claim.
Once a month. Audit patterns, renewal benchmarks, vendor commercial signals across Oracle, Microsoft, SAP, Salesforce, IBM, Broadcom, AWS, Google Cloud, ServiceNow, Workday, Cisco, and the GenAI vendors. No follow up sales pressure.
Free providers (Gmail, Yahoo, Outlook) cannot subscribe. Work email only. Unsubscribe in one click.
