SAP Indirect Access for IT Leaders in 2025
SAP Indirect Access refers to the use of SAP software through third-party applications or interfaces rather than via direct SAP logins.
It has become a critical licensing concern for IT leaders because unmonitored indirect use can lead to compliance issues and unexpected fees.
This article explains what indirect access is, why it matters (with real examples of costly audits), and how SAP’s newer Digital Access licensing model addresses the issue.
It provides guidance in plain terms – including pricing insights, risk considerations, and practical steps – so enterprises can manage SAP indirect access proactively.
Multiple systems connecting to an SAP core can introduce indirect access licensing issues. IT leaders must account for interfaces like customer portals, IoT devices, or third-party platforms that create or modify SAP data.
Read Impact of Indirect Access on SAP Licensing Costs.
What is SAP Indirect Access?
In SAP terms, indirect access occurs when users or devices interact with an SAP system via a non-SAP system or intermediary rather than logging in directly to SAP.
In other words, if a third-party application (such as a web portal, mobile app, or external software like Salesforce) connects to SAP in the background, any data exchange or transaction is considered the use of SAP, even though it’s “indirect.” SAP requires that this usage be licensed just like direct use.
Direct access means a person logs into SAP’s interface (GUI) and uses the software. Indirect access means the person or process never logs into SAP directly, but SAP is still being queried or updated behind the scenes.
For example, if an employee updates SAP data through a custom web portal or a customer places an order on an e-commerce site that writes to SAP, these are indirect access scenarios. Even a batch integration or robotic process that transfers data between SAP and another system can be considered indirect usage.
Importantly, SAP has clarified that purely read-only, static data exports (sometimes referred to as indirect static reads) do not require additional licenses.
If you export SAP data to a separate system and view it there without continually querying SAP, that’s generally exempt. However, any dynamic read (real-time queries) or write-back into SAP from outside will likely be considered indirect use.
Read SAP Indirect Access Compliance: Best Practices.
Why It Matters: Compliance Risks and Costly Surprises
Indirect access became a headline issue for CIOs when some companies were hit with massive audit penalties for unlicensed use.
The most famous example was in 2017, when a UK court ruled that global beverage company Diageo owed SAP approximately £54.5 million ($70 million or more) in license fees for allowing Salesforce to access data from SAP without proper user licenses.
Around the same time, SAP pursued Anheuser-Busch InBev, reportedly seeking $600 million for indirect use associated with multiple systems; that dispute was settled out of court. These cases sent shockwaves through the IT world: many long-standing SAP customers discovered they were at risk of similar indirect access charges.
The financial risk is only part of the story. For IT leaders, indirect access audits can be unpredictable and may strain vendor relationships. Often, organizations don’t even realize they have indirect usage that isn’t licensed.
Modern IT environments are highly interconnected – companies integrate SAP with CRM systems, HR cloud apps, supplier portals, IoT sensors, analytics tools, and more. Each of these connections could secretly be triggering SAP’s licensing metrics.
If every one of your third-party system users technically needs an SAP license, the compliance gap can be huge.
This lack of visibility poses a significant risk: you may only become aware of it when SAP’s auditors arrive with a bill. In short, indirect access can become a multimillion-dollar problem if not properly managed, which is why it demands attention at the leadership level.
Traditional SAP Licensing vs. Indirect Usage
SAP has historically sold licenses primarily on a named-user basis. Every individual accessing SAP (even indirectly) was supposed to have a named-user license of an appropriate level (e.g., Professional, Limited).
In theory, a company could attempt to license all external users or devices that interact with SAP.
In practice, this was costly and impractical. Imagine needing to buy an SAP user license for every customer who interacts with your system via an online storefront or for each sensor updating your SAP logistics data – it doesn’t scale.
Before 2018, there was no specific “indirect access license” available for purchase, so compliance was a gray area.
Some businesses purchased external access licenses or interface licenses, but many relied solely on a single technical user account to transfer data from third-party systems into SAP.
That one account had a license, but the hundreds of end-users behind it did not – a technical violation under SAP’s old rules.
This gap led to confusion and high-profile disputes. It was unclear how to quantify usage or what to buy to be compliant.
SAP itself recognized the issue and the ill will it was generating among customers.
IT leaders were left asking: If our e-commerce site creates 10,000 orders in SAP, do we need 10,000 user licenses? The traditional model wasn’t a good fit for the realities of modern, interconnected systems.
SAP’s “Digital Access” Licensing Model
To address these challenges, SAP introduced the Digital Access model in 2018. Digital Access (sometimes referred to as document-based licensing) shifts the metric from users to documents.
Instead of counting every potential user or connection, SAP measures the number of certain business documents created in the SAP system by external (non-SAP) systems.
It focuses on the outcomes of indirect usage, not the people or devices behind it. SAP identified nine core document types that cover common transactions triggered via indirect access.
If a third-party application generates one of these documents in SAP, it counts towards your licensed allotment.
The nine document types and examples include:
| Document Type | Examples (created via external system) | Weight |
|---|---|---|
| Sales Document | Sales orders, order line items | 1.0x |
| Invoice Document | Billing documents, invoice line items | 1.0x |
| Purchase Document | Purchase orders (POs), PO line items | 1.0x |
| Service & Maintenance Doc | Service orders, maintenance notifications | 1.0x |
| Manufacturing Document | Production orders, shop floor confirmations | 1.0x |
| Quality Management Document | Quality inspection lots, quality results | 1.0x |
| Time Management Document | Time entries, time confirmation records | 1.0x |
| Material Document | Inventory movements, goods receipts/issues | 0.2x |
| Financial Document | Accounting journal entries (line items) | 0.2x |
In this model, only the initial creation of a document by an external system counts. Reading, updating, or even deleting data doesn’t consume a document license.
Also, if one document (say, a sales order) later triggers other documents within SAP (like a delivery or invoice), those follow-on documents don’t count again.
You essentially pay for the first touch from outside. SAP applied a reduced weight (0.2x) for Material and Financial documents, acknowledging these often occur in high volume; it takes 5 of those to equal one full document credit.
All other types count at a 1:1 rate.
How licensing works: Companies purchase Digital Access licenses in blocks of documents per year.
For example, an organization might purchase a package of 100,000 documents annually. (SAP sells specific quantities – often in blocks of 1,000 – and typically gives volume discounts at higher tiers.)
Every year, you are entitled to create up to that number of external-origin documents in SAP. If you exceed it, you’d need to true up by buying more blocks. If you use less, the excess capacity goes unused (no refunds for unused quota unless a renewal negotiation occurs).
The pricing for these document packs can vary by region and negotiation. SAP hasn’t published a flat price, but for illustration, some SAP partners have estimated a ballpark figure, such as approximately $1–2 per document as the list price (before discounts).
The key point is that this approach provides a tangible metric to track rather than an open-ended user count. It can turn a nebulous risk into a calculable license cost.
Impact: Is Digital Access Saving Money or Not?
For some organizations, Digital Access has been a relief – it provides transparency and often lowers costs for indirect usage compared to purchasing a large number of named users.
Especially in scenarios where hundreds or thousands of external users or devices interact with SAP, document licensing is far more economical.
For example, if 1,000 customers place orders via a portal integrated into SAP, under the old rules, you might have needed 1,000 named-user licenses (which would be virtually impossible to justify). With Digital Access, you just count how many orders are created.
If that portal creates 10,000 sales order line items a year, you license those 10k documents.
Companies with lots of machine-to-machine interactions (IoT sensors, EDI transactions, bots) also benefit greatly – they pay based on transactions, not an arbitrary user count.
However, Digital Access is not automatically cheaper for everyone.
If an enterprise has very few third-party integrations or generates a low volume of external documents, its existing named-user licenses may already cover usage without requiring additional spending.
For instance, consider a company that only interfaces a cloud HR system with SAP for basic data updates.
If it creates just a handful of documents in SAP (such as posting a few payroll entries), the cost under document licensing might be minimal, but the company might also find it simpler to stick with traditional licensing because the risk of large indirect usage is low.
On the other hand, a company heavily reliant on a non-SAP warehouse system that generates thousands of material movements in SAP daily may find the Digital Access model essential to avoid astronomical user licensing costs.
SAP initially offered incentive programs (the Digital Access Adoption Program) to encourage customers to switch.
These included deep discounts (up to 90% off license cost) or allowing a growth buffer (e.g., license 115% of current usage and get 15% headroom free) if adopted within certain time frames.
Many organizations took advantage, while others are still evaluating their true needs.
The decision comes down to understanding your integration landscape and document volumes.
The break-even point varies: SAP and its partners can help estimate how many documents you’d be charged for, and you can compare that cost to the status quo.
Indirect Access in the Cloud (RISE with SAP)
As SAP pushes customers toward cloud subscriptions, such as RISE with SAP (the program for S/4HANA cloud ERP), it has also adjusted how indirect access is handled in these models.
In many RISE contracts, digital access is bundled into the subscription, meaning the subscription fee (often measured by metrics such as Full User Equivalents) includes typical indirect usage rights.
This is a strategic move by SAP to reduce customer anxiety about integrations.
Under RISE, if you integrate your SAP S/4HANA Cloud with, say, an e-commerce site or a third-party CRM, you generally won’t face a separate indirect usage bill as long as it’s within your overall subscription scope.
This simplifies compliance: IT leaders can more freely connect systems without having to count every document.
However, “all-inclusive” doesn’t mean “unlimited.” Extremely heavy use cases might still require additional capacity. For example, a public-facing app that generates millions of transactions could exceed the normal bounds of a standard subscription.
Cloud contracts often specify fair use policies or include usage thresholds, so it’s essential to discuss your integration plans during negotiations.
The good news is that SAP’s stance has softened; the emphasis is on making the cloud offering attractive and avoiding the impression of surprise charges.
Nonetheless, due diligence is needed to ensure any unique or high-volume scenario is explicitly covered in your RISE contract.
In summary, moving to SAP’s cloud can mitigate classic indirect access headaches, but it shifts the focus to overall subscription usage monitoring.
Managing and Mitigating Indirect Access Risks
Whether you stick with on-premise SAP or transition to S/4HANA (cloud or on-prem), managing indirect access comes down to visibility and planning.
IT leaders should view SAP licensing as an ongoing governance issue rather than a one-time purchase.
This means regularly inventorying your interfaces, knowing which systems communicate with SAP and how they do so. Work with your enterprise architecture team to map data flows between SAP and external applications.
This map is crucial for spotting indirect usage. Next, measure the usage if you can.
SAP provides tools (like an Indirect Usage Estimation tool and the more technical “SAP Passport” functionality) to help estimate document counts.
These tools aren’t perfect, but they serve as a starting point. Even manual analysis, for instance, checking how many orders or records are created via certain interface accounts, can give insight.
Armed with this knowledge, you can engage SAP (or third-party licensing experts) to figure out the most cost-effective licensing approach. Sometimes, the answer might be negotiating some custom licensing terms for a particular scenario.
In some cases, companies negotiated a special license for a high-volume external user base, rather than using generic named users, effectively a precursor to the digital access approach.
Don’t be afraid to seek clarity in your contracts: ensure definitions of use, user, and interfaces are well understood. If you’re signing a new SAP contract or Cloud agreement, clarify how indirect access is handled to prevent ambiguity later.
Many organizations also include clauses to protect indirect static read (so SAP can’t later change its mind on charging for that) and to lock in the understanding that only one license model will apply at a time (to avoid double charging).
Finally, educate your teams: those building new integrations or selecting software must be aware of the implications of SAP indirect access.
It’s much easier to design an integration correctly up front (and account for licensing) than to discover a compliance gap after deployment.
By making indirect access a standard checkpoint in IT projects, you can avoid nasty surprises. The goal is not to avoid using third-party systems; it’s to enable digital transformation safely, with budgeted costs and no audit drama.
Recommendations
- Map Your SAP Integrations: Inventory all third-party systems, interfaces, and bots that connect to SAP. This mapping should be updated regularly to catch new connections.
- Assess Indirect Usage Volume: Estimate the number of business documents (such as orders) that these integrations create in SAP. Use SAP’s tools or logs to quantify the indirect access footprint.
- Evaluate Licensing Options: Compare the cost of covering indirect use with named users versus digital access documents. For many, the document model will be more predictable and scalable; however, do the math for your specific scenario.
- Negotiate Contract Clarity: When renewing or signing SAP agreements, include clear terms about indirect access. Ensure the contract reflects any assurances (e.g., static reading is free, digital access is included in cloud subscription, etc.).
- Consider Digital Access Adoption: If you’re on an older licensing model, consider engaging with SAP to convert to Digital Access. There may still be incentive programs or discounts available, especially if they are tied to a broader S/4HANA implementation.
- Monitor Continuously: Make indirect usage monitoring part of your license compliance process. Periodically review interface accounts and system logs to detect any unlicensed usage before SAP does.
- Educate Stakeholders: Inform project teams and business units that connecting new apps to SAP has licensing implications. Build a review step for SAP licensing impact into integration projects.
- Leverage Experts if Needed: Consult SAP licensing specialists or third-party advisors for a second opinion on tricky scenarios. An outside review can identify hidden risks or opportunities for savings.
- Plan for the Future: As you adopt IoT, AI integrations, or new digital platforms, plan your SAP license strategy accordingly. It’s easier to incorporate licensing in the ROI upfront than to pay unbudgeted fees later.
- Stay Informed: SAP licensing policies are subject to change. Keep up with SAP announcements and periodically check if there are updates to indirect access rules (especially as cloud offerings mature).
FAQ
Q1: What exactly counts as SAP indirect access?
A1: Any scenario where SAP is used through a third-party system or middleware instead of a user logging in directly. If an external application triggers a transaction or query in SAP (e.g., creating a sales order from a web storefront or retrieving data via an API), that is indirect access. Essentially, non-SAP front-end usage with an SAP back-end requires an SAP license.
Q2: Is viewing SAP data in another system considered indirect use?
A2: It depends. SAP makes a distinction for indirect static reading. If SAP data is exported out (e.g., a daily batch feed to a data warehouse) and people view it there, SAP does not require licenses for those viewers. However, if the external system is pulling data from SAP on demand or refreshing it dynamically, SAP considers this indirect access. Read-only static reports = okay, live queries = license needed in simple terms.
Q3: How did companies like Diageo get in trouble with indirect access?
A3: In the Diageo case, the company allowed Salesforce to interface with SAP to pull customer and order information. They hadn’t licensed the Salesforce users in SAP’s terms. When audited, SAP argued that those Salesforce interactions were unauthorized use of licensed SAP software. The court agreed, resulting in a substantial penalty. It highlighted that even if users never log into SAP, using SAP data via another system can incur license obligations. Similar scenarios occurred with other firms, often going unnoticed until an audit.
Q4: What is SAP’s Digital Access model in a nutshell?
A4: Digital Access is SAP’s licensing approach for indirect use, introduced in 2018. Instead of requiring a named-user license for every external user or device, it charges based on document events in SAP (like order creation, invoice creation, etc.) initiated by outside systems. You purchase a certain number of documents per year that cover all your indirect usage. It’s essentially a way to pay for outcomes (transactions) rather than people, aiming to simplify and cap the costs.
Q5: Do I still need named user licenses if I switch to Digital Access?
A5: Yes, you still need normal user licenses for your employees and anyone logging directly into SAP. Digital Access is additive for indirect scenarios. It covers those external interactions. You wouldn’t, for example, remove your employee user licenses after adopting Digital Access. It only replaces the need to license external usage via named users. Internally, your licensing of SAP users remains as is.
Q6: How can I tell if we have an indirect access compliance gap?
A6: Start by reviewing all integrations to SAP. Identify technical accounts or interfaces used for data exchange. You can run SAP’s user audit logs and look for activity coming from interface accounts or non-dialog users. If one account is generating a large number of transactions and it’s tied to a middleware or external app, that’s a red flag – it might be aggregating the actions of multiple people or devices. SAP’s Indirect Use Detection tools or an external license assessment can help quantify the extent. If you find significant usage not covered by your current licenses, then you have a gap that needs to be addressed.
Q7: Can we negotiate with SAP to avoid indirect access charges?
A7: You can certainly negotiate preventatively. The best time is when renewing contracts or purchasing additional SAP software. Many customers have negotiated clauses that clarify or cap indirect usage fees. Some have converted certain usage into a more favorable metric. Once an audit finds you non-compliant, however, SAP has the leverage. At that point, it’s usually about settlement (often by purchasing the required licenses or moving to Digital Access with some credit for past usage). It’s better to be proactive and include indirect use in your license discussions from the outset.
Q8: Is SAP indirect access still an issue if we move to SAP S/4HANA or RISE (cloud)?
A8: It’s something to consider, but SAP has made it easier in the cloud era. If you migrate to S/4HANA on-premise, the indirect access rules still apply; however, you may also take the opportunity to adopt Digital Access licensing during that migration. If you go with RISE with SAP (S/4HANA Cloud), your subscription typically includes most indirect usage entitlements. SAP essentially bundles it so that you won’t get separate indirect bills for standard integrations. You still need to ensure any extreme usage is covered (very high transaction volumes or unusual interfaces). Still, the cloud subscription model greatly reduces the indirect access headaches in day-to-day operations.
Q9: What does an SAP indirect access license cost?
A9: There isn’t a one-size-fits-all price tag. Under Digital Access, SAP offers document licenses in quantity tiers – the more you purchase, the lower the cost per document. While SAP’s official price list isn’t public, hypothetically, a pack of 1,000 documents might list for a few thousand dollars (before any discount). A lot depends on your negotiation and the scale. For instance, 100,000 documents per year could be a six-figure list price, but SAP often negotiates based on the value of the overall deal. The key is that the cost becomes predictable relative to your business activity. In contrast, under the old licensing system, if an audit found 500 unlicensed users, the back maintenance fees and penalties were unpredictable (and often significantly higher). Many CIOs prefer the document model for the budget certainty it provides, even if it’s not “cheap” in absolute terms.
Q10: What should we do right now about indirect access?
A10: First, don’t ignore it – even if SAP hasn’t brought it up. Assess your environment for any indirect use. Discuss your options with your SAP account manager to gain clarity on how they’d approach your scenario. If you’re on ECC (older SAP ERP), consider running the Digital Access evaluation tool to assess your current setup. If you’re planning a move to S/4HANA or RISE, factor indirect access into your plan (it may be a good time to transition to new licensing models). Internally, make sure your team is aware of the issue. Be proactive: it’s far better to address indirect access on your own terms (via licensing or architecture changes) than to wait for an audit. With the right approach, you can transform indirect access from a lurking liability into a manageable and forecastable part of your IT strategy.
Read more about our SAP Advisory Services.
