SAP licensing is complex, and CIOs must navigate numerous pitfalls that can lead to increased costs or compliance risks. This advisory highlights the top 10 SAP licensing mistakes, from underestimating indirect access to overpaying for shelfware, and explains how to avoid them.
This advisory is part of our SAP Licensing Knowledge Hub. For the full licensing overview, see our SAP Licensing Overview Guide.
One of the most notorious SAP licensing pitfalls is underestimating indirect access. This occurs when third-party systems or external users interact with SAP data without directly logging into SAP, for example a sales portal or middleware that retrieves or updates SAP records.
High-impact risk. A well-known case involved a global company facing a multi-million-dollar claim because sales representatives and customers accessed SAP through a non-SAP front-end without the necessary licences. SAP's Digital Access model has brought some clarity, but many CIOs still fail to account for all indirect usage.
Another common pitfall is giving expensive licence types to users who do not need that level of access. SAP offers a range of user licence categories, and companies often default many users to Professional when a smaller licence would suffice.
| User Licence Type | Perpetual Cost | Subscription Cost | Use Case |
|---|---|---|---|
| Professional User | $3,000-$4,000 + 20%/yr | $100-$250/user/month | Broad access for power users and administrators |
| Limited/Functional User | ~$1,500-$2,000 + maintenance | $50-$150/user/month | Restricted scope for specific functions |
| Employee Self-Service (ESS) | ~$500 + maintenance | $10-$50/user/month | Casual self-service tasks (HR, time entry) |
Real-world impact. One company discovered 40% of their SAP users were assigned Professional licences by default, even though many only approved purchase orders. By reclassifying those users to a lower-tier role, they freed up hundreds of pricey licences, saving hundreds of thousands of dollars annually.
Many organisations overlook the importance of properly licensing their developers, testers, and technical users. SAP requires that anyone accessing SAP environments, even development or QA systems, have a valid named user licence.
SAP licensing is not just about user counts. Many SAP modules (called engines or packages) are licensed based on specific metrics such as CPU cores (for SAP HANA), revenue or orders, number of employees (for Payroll), or other business metrics.
Compliance risk. You may be compliant with named users but in breach of your engine licence terms. For instance, you licensed SAP Payroll for 5,000 employees, but as the company grew to 6,000, you are now 20% over the licensed metric. Exceeding licensed metrics can result in substantial back-licensing fees during an audit.
Many industry-specific SAP solutions (SAP IS-Oil, IS-Utilities, CRM add-ons, etc.) have their own usage metrics or transaction counts. Not tracking package consumption is a pitfall where companies fail to monitor how much of a particular SAP package they are consuming.
Many enterprises continue to pay annual support (~20% of licence cost) for SAP shelfware: licences and modules that have been purchased but are not actively utilised. Over the years, maintenance on shelfware can cost more than the shelfware itself.
Example. If you purchased a module for $1 million and never deployed it, you might be paying approximately $200,000 every year in support fees. In five years, that is $1M wasted on top of the sunk licence cost.
Sometimes an organisation believes it is fully compliant because, on paper, the number of purchased licences matches the number of users. This false sense of security is the compliance mirage: focusing solely on high-level numbers rather than verifying each user is correctly licensed and each system usage is adequately covered.
The trap. You might have 500 total SAP licences and only 480 active users. Sounds safe. However, if some of those 480 are exceeding their assigned licence limits, you have compliance gaps. An employee with an ESS licence executing Professional-level transactions is non-compliant even if you have spare licences elsewhere. Compliance is about the right fit, not just counts.
Many CIOs negotiate SAP contracts under pressure and later regret that the agreement has no flexibility to adapt. Rigid contracts lock you into specific licence types, quantities, or on-premise terms with no provisions for adjustment.
SAP licensing should not be managed in an IT silo. Failing to engage business stakeholders early means not involving HR, Finance, Procurement, and Sales when they embark on projects or process changes involving SAP.
Why it is a problem. Business teams may assume "We paid for SAP, we can use the data anywhere." However, certain use cases (like feeding SAP data to another system) can trigger indirect usage licences or require additional modules. When the licensing team is brought in late, it becomes a scramble to rectify compliance issues.
The final pitfall is leaving SAP compliance checks to the last minute, typically when you receive an official audit notice from SAP. A last-minute audit scramble is the frantic effort to gather usage data, true up licences, and resolve issues under the pressure of an impending audit.
Why this is dangerous. SAP audits are thorough and operate on tight timelines. If you discover during an audit that you are short on licences, your negotiating leverage is low and you will likely pay higher fees or penalties. The stress and resource drain can disrupt normal operations.
Start by mapping out all systems and applications that interface with SAP. Identify any data flows where a third-party app reads or writes SAP data. Once identified, evaluate SAP's indirect licensing options: you may use Digital Access (document-based licensing) or named user licences for external users. Regularly review new integrations with the SAP team to ensure indirect use is accounted for upfront.
Align each user's licence type with their actual job duties. Perform periodic role reviews. For each user, verify the transactions they execute in SAP and ensure their licence category covers these activities. Use tools or scripts to flag users with high-level licences but low usage (downgrade candidates) or those with basic licences doing high-level tasks (upgrade candidates).
Yes. Every individual accessing any SAP system (production or not) should have a proper licence. SAP provides specific Developer licences for those who work on development and configuration. Each login, even in QA or dev, must map to a licensed user.
If you go beyond a licensed metric (transactions, employees, or system resources), you are technically out of compliance. In an audit, SAP can require you to purchase the excess usage retroactively, often at list price and backdated. Monitor those metrics and contact SAP preemptively if you foresee growth exceeding your licence.
Perform a usage analysis. For user licences, run reports to view last login dates. Users who have not logged in for months may be candidates for removal or reassignment. For modules, list which ones you have licensed versus those actively deployed. Then work with SAP or a licensing advisor to retire them. Give SAP formal notice to terminate certain licences (which stops maintenance fees going forward).
Non-compliance can stem from who is using what, not just how many. If even one user is doing activities beyond what their assigned licence allows, that is non-compliance. Each user and each system must be properly licensed for their usage. Compliance is about the right fit, not just counts.
Negotiate specific clauses: licence exchange rights (swap licence types as needs change), partial termination rights (drop unused licences and reduce maintenance), and cloud conversion options (apply credit from on-premise licences toward SAP cloud services). Clarify definitions so there is no ambiguity later.
It should be a collaborative effort. IT and the CIO's team typically lead licence management, but input from business units is crucial. Involve department heads for HR, Finance, Sales. Procurement and vendor management should be involved for contract negotiations. Treat SAP licensing as an enterprise governance topic.
Ideally on an ongoing basis, but if that is not feasible, set a routine: quarterly small checks and a comprehensive review annually. Whenever there is a major change (new project go-live, acquisition, etc.), do a targeted licence check. Consistency is key: regular audits turn licence compliance from a panic-inducing event into a standard operational practice.