- Aug 07, 2019
- Janik Schipp
2 Ways to Use an SAP License Audit to Solve SAP Indirect Access Challenges
Most SAP customers must report their license compliance to SAP once a year. The way to do it – which is the only way accepted by SAP – is to load your measured data (USMM reports) into LAW and send the LAW report to them. Then, in case of over-usage, SAP points out that you need to buy more licenses… and negotiations begin. Welcome to the SAP license audit.
When an SAP license audit begins, an IT employee from the SAP Basis Team usually deals with the measurement from the technical point of view: cleaning up users, implementing SAP notes, running SAP measurement tools. After the SAP license audit, Procurement conducts the contract negotiations with SAP for new purchases.
It can’t be stressed enough to not blindly submit system measurement results – your LAW report – without proper review or considering your current license entitlements. Once you buy SAP licenses it’s hard to get rid of them or reduce the maintenance costs. Basically, you’re locked in. There is a potential of millions in savings when all parties have the necessary information such as actual usage and authorization scope, as well as processes in place, like user logon lifecycle and classification criteria.
And if you think SAP license management is complicated now, wait until you see how SAP licensing will change in the next few years: Document licensing for indirect access, a dizzying array of new cloud products, and the move to SAP S/4HANA.
This article gives you two powerful ways to address your SAP indirect access challenges and make the most out of them.
Key takeaways to solve SAP indirect access challenges
- Stay on top of third-party interfaces
- Analyze your usage before an SAP license audit happens
- Select an SAP licensing model: Legacy or Digital Access
- Understand your contractual options to ensure SAP license compliance
- See if document licenses are right for your needs
SAP Indirect access occurs when your non-SAP applications interface with SAP software. There has been a lot of buzz around SAP indirect access over the last few years – perhaps most notably in the Diageo SAP $66 million 2017 court case.
SAP indirect access is a complicated aspect of SAP license management and, with only a few published guidelines, customers are often requested by SAP to discuss their system environments. It’s up to you to analyze your indirect use exposure and ask SAP to send the bill.
Tip #1 – Be Proactive about SAP Indirect Access
Even though USMM and SAP LAW can’t detect SAP indirect access, the latest updates to SAP notes may read out all documents that could cause indirect access for RFC users. So, there are some indicators that indirect access could show up in the reports recognized by SAP’s audit department.
They do their research too. If your company shares a success story about using Salesforce and you’re not licensed, you can expect a call from SAP. It doesn’t stop there – SAP often audits customers when they’ve chosen a competitor solution.
During a software license audit, SAP’s focus is finding these third-party interfaces. If they find them, those software license audits end up in very expensive deals for the customer, or multi-million dollar lawsuits where, depending on the negotiation, the customer gets little to no value for the additional licenses.
Learn how to transition to S/4HANA and safeguard your Digital Access compliance.
What’s the solution for your SAP indirect access risk?
Fully analyze your interfaces and indirect access now, before you get audited. This kind of SAP software asset management analysis will take longer than the time SAP provides to respond to an audit. You will get transparency about your architecture, understand your SAP indirect access risks, and can make an informed decision—before an SAP license audit forces you to think about it.
Although it is possible to pick through your data and manually make these changes, this is not recommended. SAP requires its customers to produce a technical compliance analysis and there are two licensing models that can be used: Legacy or Digital Access. It’s no surprise that SAP is heavily pushing customers toward the digital access model. In fact, Christian Klein (COO of SAP) presented SAP’s new “Digital Access Adaption program” (DAAP) – clearly designed to force customers into the digital access model –this past May at the SAP Sapphire conference.
An SAP license management tool can assist in analyzing the important, expensive challenges, such as reviewing third-party system user lists and cross-checking with the current active SAP named user pool.
Know what usage is already covered.
Sometimes a second license demand is created because it’s occurring through a third-party application. However, generally the direct access policies apply to indirect access as well, so it’s highly advisable to check if the user/machine access—such as employees, business partners, vendors, and customers—can be covered already with the existing licenses.
Tip #2 – Should You Switch to the Digital Access Model?
Step by step, SAP is making the annual system measurement process – or software license audit process – more automated. This includes developing a measurement functionality for SAP indirect access to make it more transparent for customers. This is great! But it’s more complicated than it seems.
According to the new SAP indirect access model, or Digital Access, all third-party interfaces require additional licensing if they create one of nine document types in SAP, like invoices. Each document is counted based on its original creation – there is no extra license for reading, changing, or deleting.
The new document licenses are simpler than the legacy model and will be transparently measurable. SAP will encourage you to join the new licensing model now. “It’s simple and monitorable,” they’ll say. “Everyone’s doing it.”
Document licenses: Simplicity with a potential cost
SAP wants to license your indirect use under the Digital Access model because they can more easily measure it, track it, and sell specific licenses. The new model, despite its supposed simplicity, could be more expensive than the legacy licensing model.
The new model also has its fair share of complications, such as double-licensing. This is when the indirect access of an employee who already has a named user license due to direct access is licensed with a new document license when they create a doc.
Are document licenses right for you?
Stick with the SAP indirect access you already know and take advantage of the risks you know. The old SAP indirect access model is potentially cheaper because it’s self-audited and self-licensed based on “your best knowledge.” SAP doesn’t know the full extent of your indirect access.
How do you do this? Despite the old licensing model’s weaknesses, you can take steps to understand the extent of your indirect access instances. Start with an extensive analysis to find all indirect access instances and all third-party applications linked with SAP systems. Then you know your indirect access risks.
Then get a user list of the third-party applications linked with SAP systems, which is used with an SAP license management solution to automatically allocate the correct license and consolidate it with existing SAP licenses.
Download Aspera’s SAP Audit Playbook now for more helpful tips to turn your SAP audit into an opportunity.