SAP Indirect Access and Digital Access
Modern SAP environments often integrate with a web of third-party systems, raising the issue of indirect access, when users or applications use SAPโs data without a direct login.
This article explains SAPโs traditional approach to indirect access licensing versus the newer Digital Access model (document-based licensing).
Enterprise IT leaders will learn the differences between these models, the risks of unmanaged indirect usage, and how to navigate licensing strategies to avoid surprise costs.
The goal is to help CIOs make informed decisions that balance compliance with business integration needs.
Indirect Access in SAP
Indirect access refers to any scenario in which SAP software is accessed not by a person logging in interactively but via an intermediary system or interface.
In practical terms, an external application (such as a customer-facing web portal, a CRM like Salesforce, a supplier system, or even IoT devices) interacts with SAP on a userโs behalf. The external system might query data or create behind-the-scenes transactions in SAP.
For example, imagine an e-commerce website that pulls product availability from SAP and then records orders into SAP โ the customers and sales reps using that website indirectly use SAPโs functionality.
Similarly, a third-party warehouse management system might update inventory in SAP in real time; the warehouse workers never sign into the SAP GUI, but they trigger SAP transactions through the external system.
Traditionally, SAP has stated that all such use must be licensed, even if those users/devices donโt have SAP user IDs, because SAPโs intellectual property (software processes and data) is being utilized.
This became a high-profile concern after cases like the 2017 SAP vs. Diageo lawsuit, where a court ruled that a company owed SAP license fees for salespeople accessing SAP data via a non-SAP front-end (resulting in a multimillion-pound judgment).
The case put indirect usage on every CIOโs radar: if you integrate anything with SAP, you must ensure youโre not unintentionally out of compliance. The challenge was that older SAP contracts often lacked explicit terms for indirect access, creating ambiguity around how to license these scenarios.
SAPโs Digital Access Model Explained
In 2018, SAP introduced Digital Access licensing as a direct response to the confusion and customer pushback around indirect usage fees.
Digital Access offers an alternative approach: instead of requiring a named-user license for each indirect user, it charges for the documents created in SAP by external (digital) systems.
SAP identified nine core document types under this model: Sales Order, Invoice, Purchase Order, Material document, etc. Whenever an external system triggers creating one of these documents in SAP, it incurs a licensing count.
How it works:
Companies purchase a certain quantity of Digital Access documents (often in blocks, e.g., 1,000) for specific document types. Each document created by an external interface consumes one or more of those (some document types might have a higher weight, but SAP simplified it so that each original document is whatโs counted).
Importantly, read-only actionsโwhere an external system just queries or views data from SAP without creating new recordsโdo not count towards Digital Access.
SAP calls this โstatic readโ and explicitly makes it free of charge under the digital model. Additionally, if one external action spawns multiple related documents in SAP (for example, an external order triggers an SAP Sales Order, which generates a Delivery and an Invoice), SAP only counts the primary document (the Sales Order) for licensing.
This prevents doubleโor triple-charging for one business process.
Digital Access shifts the licensing conversation to measurable business outcomes. SAP asks, โHow many business documents is your SAP system processing due to third-party integrations?โ rather than โHow many unnamed users are touching SAP via other systems?โ
This can be appealing for CIOs because documents are a more transparent unit to track. A CEO or CFO can relate license costs to the number of orders taken via digital channels.
It also removes the need to determine exactly how many external users exist (which can be nearly impossible in scenarios like a public website or large B2B interfaces).
Indirect Access (Named Users) vs. Digital Access: Key Differences
Today, SAP customers have two parallel ways to license the usage of SAP via third-party systems.
Understanding their differences is crucial:
- Basis of Licensing: The traditional indirect access approach extends the standard named user model. You are supposed to license every individual (or device) that indirectly interacts with SAP, typically by assigning them an appropriate named user license in your system (even if they never log in directly). In contrast, Digital Access bases the metric on system transactions โ it cares only about document creation counts from external sources, not the number of external users or systems.
- Cost Predictability: Under the named user model, costs scale with the number of users. If you integrate SAP with an application used by 500 partners or customers, SAP could argue that all 500 need some form of SAP user license, which might be very expensive. With Digital Access, costs scale with transaction volume. This can be more predictable if you know roughly how many documents your interfaces generate (e.g., 10,000 sales orders per year). Thereโs also a volume discount mechanism โ the more documents you license, the lower the unit cost tends to be, which benefits high-volume scenarios.
- Compliance Risk: Indirect use via named users is hard to policeโcompanies might miss some users or interfaces and fall out of compliance until an audit uncovers it. Digital Access simplifies compliance in theory: You measure the documents and license accordingly. However, measuring those documents accurately is a challenge (discussed below). The Digital Access model was intended to eliminate ambiguity and reduce the adversarial โgotchaโ audits by clarifying the rules.
- When Each Makes Sense: If your indirect SAP interactions are minimal โ for example, only a handful of third-party users or a low volume of transactions โ sticking with named user licensing might be more cost-effective. You might only need five extra professional user licenses to cover the usage of a B2B portal, which could cost less than buying a block of 1,000 documents. On the other hand, if you have extensive integrations (hundreds of external users or millions of document transactions), Digital Access could prevent licensing every user and instead pay based on aggregate usage. Many enterprises use a hybrid approach: they maintain named user licenses for internal staff and known partners, but adopt Digital Access for high-volume external channels where user counting is impractical.
In summary, indirect access via named users offers unlimited transactions per user but becomes difficult to scale (and manage compliance) as integrations grow.
Digital Access offers a scalable, volume-based alternative but requires diligent document count tracking. CIOs must weigh which model (or mix) yields the better financial and operational outcome for their situation.
Measuring and Managing Indirect Usage
One of the toughest parts of indirect access management is gaining visibility into how much indirect activity is happening.
Traditional SAP license audits via USMM (Usage Measurement program) and LAW (License Administration Workbench) were focused on direct named users and engines, and didnโt explicitly call out indirect usage.
It largely fell on the customer to declare if they had interfaces and ensure that those external users were counted.
With the introduction of Digital Access, SAP provided new tools and services to measure document-based usage. SAP released notes (updates) that enable tracking of documents created by certain โtechnical usersโ (system accounts used for integrations). They also rolled out a Digital Access Evaluation Service.
In this free offering, SAP helps run scripts on your systems to estimate how many digital access documents you would consume under the model.
This service generates a report of document counts (by type) over a period, which is extremely useful data for decision-making. CIOs should consider using this evaluation in a sandbox modeโit gives a baseline of indirect usage without immediate financial commitment.
Internally, IT teams should maintain an inventory of all third-party systems interfacing with SAP. For each integration, document the type of data exchanged and whether it triggers document creation in SAP.
This list helps in licensing discussions and auditsโyou donโt want SAPโs auditors discovering an interface you were unaware of.
Some organizations implement periodic internal audits or use third-party SAM tools to flag potential indirect usage (for example, by scanning SAP logs for high volumes of transactions executed by a generic interface account or detecting large data downloads).
A key point is to negotiate contractual clarity on indirect usage. Modern SAP contracts often include specific clauses about indirect access or even an option to adopt Digital Access.
If you have opted for Digital Access, ensure your contract absolves you from also having to count those users under named licenses (avoiding double licensing).
If you remain on named user licensing for indirect use, try to get SAP to acknowledge the agreed approach in writing.
For instance, you might license a โSAP Platform Userโ or a special license type for external parties at a certain price, instead of individual Professional licenses for all. Having this in the contract can prevent disputes later.
Strategies for CIOs: Indirect Access Licensing Choices
Choosing how to handle indirect access is now a strategic decision. Here are some considerations and strategies:
- Evaluate the Digital Access Adoption Program (DAAP): SAP has been keen on customers moving to Digital Access and launched the DAAP to incentivize it. This program (extended indefinitely) offers steep discounts โ reportedly up to 90% off list price for the initial purchase of digital access licenses โ and allows customers to trade in some existing shelfware licenses for credit. CIOs should weigh taking advantage of this if their indirect usage is significant. Essentially, SAP offers a carrot to transition to the document model; it can be a cost-effective way to legitimize previously unlicensed indirect use with minimal spending.
- Hybrid Licensing is Acceptable: Thereโs no requirement to choose exclusively one model. Many enterprises maintain the standard named user licenses for internal users and known external users, but use Digital Access for mass external connections. For example, a company might keep supplier portal users under a low-cost named user license category (if each supplier rep has a steady account) but use Digital Access for customer-facing apps where the user count is huge and fluctuating. This hybrid approach can optimize costs and minimize compliance risk by addressing each scenario with the best-fit model.
- Monitor and Revisit Regularly: Indirect usage isnโt static โ new integrations (APIs, cloud services, mobile apps) come online frequently in todayโs digital strategies. Itโs important that whenever IT connects a new system to SAP, the licensing impact is reviewed. Make it part of the architecture governance checklist: โWill this integration trigger SAP transactions? If yes, how are we licensing it?โ Periodically (e.g., annually), review your indirect access strategy. SAPโs rules or offerings might change (for instance, SAP could introduce new document types or adjust pricing, or include digital access in certain bundles). Staying current will ensure you can adapt your approach, whether purchasing additional document packs or adjusting user licenses.
- Plan for Audits: Given the history, indirect access is a favorite topic in SAP audits. Be prepared to demonstrate how you have licensed your integrations. If you have Digital Access, keep records of how you calculated the number of documents and any SAP-confirmed measurements. If you’re stuck with named users, maintain a list of those external users you licensed and the logic (so you can show SAP that, for example, each external system user is mapped to a named user license). This preparation not only heads off potential audit claims but also shows SAP that your organization takes compliance seriously, possibly making them less aggressive.
Recommendations
- Inventory All SAP Integrations: Maintain an up-to-date list of every external system interfacing with SAP. For each, document what data it reads or writes. This is foundational for determining indirect use licensing needs.
- Leverage SAPโs Evaluation Tools: Run SAPโs Digital Access evaluation or similar tools to quantify your document usage. The data will guide whether to adopt the digital model or stick with named users. Do this assessment before negotiations or contract renewals.
- Consider the Digital Access Program: If you have significant indirect activity, evaluate SAPโs Digital Access Adoption Program incentives. The high discounts and license trade-in credits can drastically lower the cost of switching to document-based licensing.
- Negotiate Clear Contract Terms: Ensure your SAP agreements explicitly address indirect use. If you opt for Digital Access, the contract should reflect that document counts (not user counts) govern those scenarios. If you stay with named users, include any special terms (e.g., a fixed number of external user licenses at a set price) to avoid ambiguity.
- Educate Stakeholders: Ensure project teams and system integrators are aware of indirect licensing rules. When planning a new interface or app that touches SAP, they should involve the licensing/ITAM team early to decide how those users or transactions will be licensed.
- Monitor Continuously:ย Establish a process for regularly reviewing logs and integration activity. For example, quarterly checks are performed for any unexpected high-volume interfaces or new connections to SAP. Early detection of growing indirect use allows you to adjust licensing proactively (e.g., purchase more document packs or add user licenses) instead of reacting in an audit.
- Stay Informed on Policy Changes: SAPโs approach to indirect access can evolve (for instance, through changes in pricing, new document types, or future integration with cloud subscription models like RISE). Keep an eye on SAP announcements or user group discussions so you can adapt your strategy and avoid being caught off guard by policy shifts.
Read about our SAP License Management Services.
