SAP Indirect Access Strategies
SAP Indirect Access โ where third-party systems or users indirectly use SAP โ remains a critical licensing concern in 2025. CIOs and CTOs must proactively manage indirect access exposure to avoid surprise fees.
This article explains SAPโs Digital Access model and offers strategies to minimize indirect license risk, ensuring compliance and cost-efficiency in an increasingly interconnected SAP landscape.
Read SAPโs Digital Access Model: Document-Based Licensing vs. User-Based (What Triggers Indirect Fees).
SAP Indirect Access
Indirect access refers to any scenario in which people or external applications utilize SAPโs data or functions without directly logging into SAP. For example, creating a sales order in SAP on an e-commerce website or updating SAP customer records in Salesforce CRM are considered indirect uses.
Historically, SAP required a named-user license for each indirect user or device โ an approach that was often unclear and hard to enforce.
Many organizations unknowingly accumulated indirect usage without proper licensing, leaving them exposed during audits.
In 2025, as companies integrate SAP with IoT sensors, cloud platforms, and bots, indirect access has become increasingly complex. Understanding how SAP licenses these scenarios is essential for CIOs to prevent compliance surprises.
Traditional vs. Digital Access Licensing
SAP now offers two parallel models to license indirect usage: the traditional named-user model and the newer Digital Access model.
Under the traditional approach, any individual or system accessing SAP (even via a third-party interface) needed an appropriate named user license โ often a โProfessionalโ or โLimitedโ user license. ‘
This could mean thousands of external users or devices that technically require costly SAP logins, which are impractical and difficult to track.
The newer Digital Access model, introduced in recent years, flips the script by licensing the outcomes of indirect use instead of the users. It focuses on specific business documents created in SAP (such as Sales Orders, Invoices, and purchase orders) by external systems.
If a non-SAP system triggers one of these documents in SAP, it counts toward your licensed document volume. Reading data or static reports generally does not count โ the charges apply when new records are created via indirect channels.
The aim is to provide a more transparent, measurable way to handle the explosion of integrations in modern IT environments.
Table: Traditional vs. Digital Access Licensing
| Aspect | Traditional Indirect Access (Named User) | Digital Access (Document-Based) |
|---|---|---|
| License Metric | Higher upfront purchase of document entitlements based on estimated volumes. | Each indirect business document created in SAP is counted. |
| Examples | 5,000 portal customers would each require a user license (often infeasible). | 5,000 sales orders created via the portal count as 5,000 documents. |
| Cost Predictability | Low โ hidden usage may go unnoticed until an audit imposes back-charges. | Higher โ upfront purchase of document entitlements based on estimated volumes. |
| Compliance Risk | High if external usage isnโt fully licensed; audits can uncover large gaps. | Lower surprise risk if volumes are licensed, but overestimating volumes can tie up budget. |
| Best Use Cases | Small number of external users or partners; easily identifiable usage. | High-volume integrations (IoT, e-commerce) where user-based licensing would be cost-prohibitive. |
| Key Challenge | Identifying every indirect โuserโ and ensuring they have licenses. | Accurately forecasting document counts and understanding which actions create chargeable documents. |
The Hidden Costs of Unmanaged Indirect Use
Uncontrolled indirect access can lead to skyrocketing costs in audits or true-ups. Several high-profile cases highlighted this risk.
In 2017, global beverage company Diageo faced a ยฃ54 million bill after a court ruled that thousands of customers and sales reps accessing SAP via a Salesforce interface required SAP licenses.
Similarly, Anheuser-Busch InBev was hit with a claim of nearly $600 million for widespread unlicensed system integrations, leading to a massive settlement.
These examples sent shockwaves through the SAP community โ suddenly, CIOs realized that a customer checking order status or a smart device updating inventory could be considered a use of SAP.
The cost of licensing each of those users or devices under traditional rules would be astronomical, so many businesses had left such usage unlicensed (often unknowingly).
SAPโs audits, however, began identifying these โhiddenโ users through technical logs and interface accounts, resulting in multi-million dollar compliance penalties.
The lesson is clear: without active management, indirect access can become a ticking time bomb in your SAP contract.
To illustrate the stakes, consider a customer e-commerce portal linked to SAP.
If 10,000 customers place orders via that portal, under traditional licensing, each customer might technically need a named user license (which could easily cost a few thousand dollars each).
No company would buy 10,000 licenses for occasional customers, but in an audit, SAP could demand fees for those unlicensed users.
By contrast, under the Digital Access model, those same orders would simply count as 10,000 documents. If SAP charges, say, a rate for each block of 1,000 documents, the cost might be in the tens of thousands, not millions.
This shows why a document-based approach can sharply reduce exposure for high-volume scenarios (and why SAP introduced it).
However, it also shows that companies must accurately count and forecast their document volumes to budget for Digital Access properly.
SAPโs Digital Access Model (2025 and Beyond)
SAPโs Digital Access model was designed to bring clarity following the controversies surrounding indirect usage. It identifies nine core document types โ e.g., Sales Document, Invoice, Purchase Document, Material Document, etc. โ that commonly result from external interactions.
When an external application creates one of these in SAP, it consumes your digital document licenses. SAP has provided tools, such as the Digital Access Evaluation Service (DAES) and SAP Passport, to help manage these documents within your system.
By 2025, Digital Access will have become the default model for new SAP contracts, especially for S/4HANA or RISE with SAP subscriptions.
Many organizations have adopted a hybrid licensing approach: internal users are still covered by traditional user licenses, while digital document licenses cover APIs, customers, and IoT devices.
This hybrid ensures youโre not double-paying โ a properly licensed internal user can use any interface without extra cost, and only purely external usage draws from the document quota.
How pricing works: Digital Access is typically sold in bundles of documents (often per 1,000 documents). SAP does not publish a fixed price list; instead, pricing is negotiated based on volume estimates.
Generally, volume discounts apply โ the more documents you commit to, the lower the unit cost. For instance, a company might license 1 million documents per year at a much lower per-document rate than a company licensing 100,000 documents.
SAP initially ran a Digital Access Adoption Program that, through 2021, offered steep incentives (up to 90% discounts or credit for shelf licenses) to encourage customers to switch.
Today, although the formal program has ended, enterprises can still negotiate substantial discounts or credits when transitioning to the document model, especially if bundling it with a larger S/4HANA deal.
Itโs worth noting that once you purchase a certain number of document licenses, you typically pay annual maintenance on them and cannot easily reduce that entitlement later, so accurate sizing is critical.
The Digital Access model eliminates the nightmare scenario of surprise audit bills. Still, it replaces it with a need for careful capacity planning (much like planning engine or volume-based licenses).
Pros and Cons: Named Users vs. Document Licensing
Both indirect access approaches have their advantages and disadvantages.
With traditional named-user licensing, if your indirect usage is minimal or you can limit external access to a small number of partners, it may be more cost-effective and simpler to license those users directly. You avoid counting documents and continue with business as usual.
The risk, however, is that any unnoticed interface or increase in usage can escalate into a major compliance issue. Itโs also challenging to enforce โ policing that no unlicensed system touches SAP is tricky in a dynamic IT environment.
The Digital Access model brings more certainty: if you know, for example, that you create ~200,000 external sales orders and invoices per year, you can purchase a document package to cover this volume and be done. Itโs straightforward to explain to auditors and finance teams.
The downside is cost unpredictability if your business grows or new interfaces start creating documents; you might exceed your licensed volume and need to true-up (or ideally, negotiate a buffer in advance).
Additionally, not all โdocumentsโ are equal โ SAP assigns different weightings to document types (a high-value sales order might count as 1, whereas a low-value timesheet entry might count as 0.2, for example).
This adds complexity to counting. Companies sometimes discover that Digital Access costs can exceed what they were paying before, especially if they have high transaction volumes.
In summary, Digital Access reduces compliance ambiguity but requires diligent monitoring of usage. Many enterprises find a middle ground: license the heavy transaction flows via Digital Access, and keep low-volume partner use under named users or special license agreements.
Read SAP Indirect Usage Alternatives and Mitigations for S/4HANA and ECC.
Strategies to Minimize Indirect Access Exposure
Managing indirect access is both a technical and contractual exercise.
Below are key strategies for CIOs and CTOs to minimize risk and optimize costs:
- Discover and Map Integrations: Start with a full inventory of all third-party systems, interfaces, and bots connected to your SAP environment. Document what data they read or write and how often. This โintegration registerโ will spotlight where indirect access is happening. Often, companies discover forgotten interfaces or departmental tools that access SAP in the background. Knowing all access points is foundational to controlling them.
- Optimize Named User Licensing First: Ensure your existing SAP users are correctly licensed and eliminate any excess. Many organizations are over-licensed with unused accounts or have users on higher license tiers than necessary. By right-sizing your named user licenses (e.g., reclaiming licenses from inactive users and assigning the proper license types based on actual usage), you can free up budget and even spare licenses that might be covering some external parties. This process also flags if any external users already have an internal account (if so, they donโt need an additional license for indirect use).
- Leverage โStatic Readโ Wherever Possible: If a third-party application only needs SAP data for reporting or infrequent use, consider providing it via scheduled data exports or a data warehouse, rather than real-time direct reads. SAP generally does not charge for static read-only access (for example, viewing SAP data that was copied to another database). By architecting integrations to avoid real-time writes or queries against SAP when not truly needed, you can sidestep licensing triggers. Clearly define these scenarios in your contracts (e.g., classify certain interfaces as โread-onlyโ or time-lagged to exempt them from indirect fees).
- Implement Monitoring Tools: Use SAPโs measurement tools and third-party Software Asset Management (SAM) solutions to continuously monitor indirect usage. SAPโs License Audit Workbench (LAW) and Passport logs can capture which documents are created by external systems. Third-party tools (from vendors like Flexera, Snow, or VOQUZ Labs) can automate the detection of indirect use and even visualize the architecture of connected systems. Set up alerts or periodic reports on document counts โ this allows you to track trends (e.g., monthly external document creation) and catch any usage spikes before they become compliance issues.
- Model and Compare Costs: Perform a detailed cost analysis comparing your current licensing scenario to the Digital Access model. Calculate a โbest caseโ under the status quo (e.g., after cleaning up licenses, what would covering all indirect users cost?) versus the โdigitalโ approach (based on measured document volumes). Factor in growth projections โ if you expect your e-commerce orders to double in two years, include that. This modeling will inform your negotiation strategy with SAP. In some cases, companies find the status quo (with some tweaks) is cheaper; in others, switching to Digital Access dramatically lowers risk and cost. The answer is highly specific to your usage pattern.
- Negotiate Protective Contract Terms: Donโt simply accept SAPโs standard terms โ savvy CIOs negotiate clauses to limit indirect access exposure. For example, negotiate a cap on annual document charges (or a volume tier) to ensure cost predictability if volumes increase. Ensure the contract explicitly enumerates what counts as indirect use and what is exempt (e.g., โread-only access via third-party BI tool shall not require a licenseโ). Ask for options to true-up at a discount if you exceed estimates, rather than full list price. If youโre adopting Digital Access, try to incorporate future growth into the initial deal (for instance, lock in pricing for additional document packs). All negotiations should aim to align licensing with business reality โ if certain integrations are mission-critical, you might even negotiate a one-time fee for unlimited use of that interface. RISE with SAP customers (cloud subscription) should clarify how digital access is handled under subscription metrics. Often, RISE includes a level of indirect usage; however, it is best to confirm this in writing.
- Educate and Govern: Make indirect access compliance a part of your IT governance. Establish an internal policy that requires the architecture team to assess the licensing implications of any new system or application that needs to interface with SAP. Simple training for project managers can prevent โrogueโ integrations from slipping in unlicensed. Also, conduct periodic internal audits โ at least annually, if not quarterly โ to review indirect usage against entitlements. This proactive stance keeps you ahead of SAPโs auditors. When everyone from developers to procurement understands the stakes, your organization will naturally design integrations with licensing in mind (avoiding, for example, unnecessary creation of SAP documents).
By combining these strategies, CIOs can minimize indirect access exposure while still enabling the business to integrate SAP with modern platforms.
The goal is to let data flow freely without unwelcome licensing surprises.
Read Measuring SAP Indirect Usage: Tools and Methods to Detect ThirdโParty Access.
Recommendations
- Inventory All Connections: Immediately map out every third-party system, interface, or user that interacts with your SAP data. Visibility is the first step to control.
- Audit Your License Assignments: Clean up and optimize your named user licenses so youโre not overspending or double-counting users. Redeploy any surplus licenses strategically.
- Measure Digital Usage: Use SAPโs tools or third-party solutions to quantify how many documents external systems create in SAP. Establish a baseline of the current indirect document volume.
- Evaluate Cost Models: Perform a side-by-side cost comparison of staying on named-user licensing versus adopting Digital Access. Include best-case, worst-case, and growth scenarios to inform your decision.
- Engage SAP Early: If you suspect a Digital Access model is beneficial, engage SAP (or your SAP account team) proactively. Early conversations can lead to better discounts or inclusion of indirect use in larger agreements (like S/4HANA migration deals).
- Negotiate Safeguards: Donโt sign a contract addendum without adding protections โ e.g., define โstatic readโ exemptions, secure volume buffers or caps, and lock in discount percentages for future expansions.
- Implement Monitoring Processes: Set up ongoing monitoring for indirect access. For example, review quarterly reports on document usage and external access logs to catch any surges or new interfaces.
- Train and Communicate: Educate your IT and procurement teams about indirect access licensing. Ensure any new project involving SAP integration considers licensing at the design phase.
- Plan for the Future: As you plan upgrades to S/4HANA or cloud (RISE), incorporate indirect access into the roadmap. Use the transition as leverage to resolve licensing issues, possibly negotiating a clean slate or a new metric that better aligns with your digital strategy.
- Stay Proactive: Treat indirect access management as an ongoing program, not a one-time fix. Regularly revisit your strategy, as SAPโs rules and your system landscape will evolve beyond 2025.
Read Negotiating Indirect Use Terms in SAP Contracts.
FAQ
Q: What is SAP indirect access, and why should I be concerned about it?
A: Indirect access means using SAPโs functionality or data through a third-party system or an external user. CIOs/CTOs should be aware that SAP may require licenses for this usage. Unmanaged indirect access can lead to compliance audits and hefty fees, so itโs crucial to track and license properly.
Q: How does SAPโs Digital Access model differ from traditional licensing?
A: Traditional licensing requires a named user license for each person or device that uses SAP software directly or indirectly. Digital Access instead charges based on the number of business documents (orders, invoices, etc.) created in SAP by those external systems. Itโs user-based versus usage-based licensing.
Q: Do we need to switch to the Digital Access model in 2025?
A: Not necessarily. Existing SAP customers can often remain on their current model if itโs working. However, new SAP contracts (especially S/4HANA or cloud deals) use Digital Access by default. Itโs wise to evaluate the cost and risk of both models and choose the mix thatโs best for your organization.
Q: How can I find out my indirect access exposure?
A: Start by auditing all systems that interface with SAP. Use SAPโs audit tools (like LAW or Digital Access Evaluation Service) to count documents created indirectly. You can also deploy third-party license management tools to detect external usage. This analysis will reveal where you may be under-licensed.
Q: What happens if SAP audits us and finds indirect usage?
A: If SAPโs auditors find unlicensed indirect use, they will likely issue a compliance bill requiring you to purchase appropriate licenses (often at list price, potentially with back maintenance fees). This can be very expensive. Itโs better to identify and address any gaps yourself before an official audit.
Q: Can we negotiate indirect access terms in our SAP contract?
A: Yes, absolutely. You should negotiate clear definitions of indirect use, exemptions for specific scenarios (such as read-only access), and agree on how digital documents are counted. Many companies also negotiate a cap or special pricing for indirect usage. A well-defined contract can prevent disputes later.
Q: Does moving to S/4HANA or RISE with SAP solve indirect access issues?
A: Moving to S/4HANA (on-premises) doesnโt automatically solve it โ you still need to address licensing. However, SAP often promotes the Digital Access model during S/4 upgrades, which can be an opportunity to resolve indirect access issues through a new agreement. In RISE with SAP (subscription model), some indirect usage may be bundled or simplified; however, you must confirm the details in the contract. Always clarify how indirect access is handled in any new SAP offering.
Q: Are read-only integrations (like BI tools or data exports) free from licensing?
A: Generally, SAP does not charge for static read-only scenarios โ for example, if you export SAP data to a data lake and users query it there, thatโs not using SAP resources. But if an external tool is live querying SAP in real-time, it could be considered usage. Itโs best to architect truly read-only solutions (or use SAPโs own reporting licenses) and, importantly, document these in your contract as non-chargeable.
Q: What practical steps reduce indirect access costs?
A: Key steps include optimizing your current user licenses (to avoid buying unnecessary ones), limiting third-party connections to only whatโs needed, using caching or batch data transfers instead of live integration when possible, and considering the Digital Access document model if it lowers costs for heavy system usage. Regularly reviewing usage and adjusting your license counts or document entitlements is also critical.
Q: How often should we review our indirect access and digital document usage?
A: Ideally, continuously, but a thorough review at least once a year is recommended. Many organizations now include license compliance checks as part of quarterly IT governance. Especially if your business is growing or adding new integrations, frequent reviews (quarterly or biannually) will help you stay ahead of any issues and adjust licensing proactively.
Read more about our SAP Advisory Services.
