What SAP Indirect Access Actually Is
Overpaying for SAP? We handle SAP licensing and RISE contract negotiation on a 25% gainshare basis — you keep 75% of every dollar saved. No retainer. No risk.
Get a free SAP savings estimate →SAP's licence model is built around named users — individuals who directly log into SAP systems using SAP-issued credentials. The SAP licence fee you pay is calculated on the number and type of these named users. Indirect access is what happens when a person or system interacts with SAP data or processes without logging in directly — instead going through a third-party application that connects to SAP via APIs, RFCs (Remote Function Calls), IDocs, or other interfaces.
The fundamental issue: SAP's original licence terms specified that users accessing SAP functionality through a third-party system needed to be licensed as SAP named users — even if they never opened the SAP GUI, never saw an SAP screen, and had no idea they were triggering SAP processes. This interpretation created enormous exposure for enterprises whose digital transformation programmes involved connecting SAP to Salesforce, ServiceNow, Workday, custom mobile applications, e-commerce platforms, and hundreds of other systems.
In 2017, UK courts ruled in favour of SAP in a claim against Diageo (the global beverages company) related to indirect access through a third-party system. SAP's original claim was reported at approximately $54M. The case settled before a final judgment on quantum, but it established that SAP's indirect access interpretation had legal foundation — and sent every enterprise SAP customer scrambling to assess their exposure.
SAP Digital Access: The 2018 Reclassification
In 2018, following the Diageo case and widespread customer anxiety, SAP announced a new licensing model called Digital Access. This was presented as a solution to the indirect access problem — a cleaner, more transparent framework for licensing indirect usage. In practice, Digital Access shifted the charging model from named users (unlimited indirect users, with a lump-sum "indirect user" licence) to a document-based approach.
Under Digital Access, certain SAP business documents generated by indirect access trigger licence fees. The primary document types covered include: Sales Orders, Purchase Orders, Service Orders, Production Orders, Goods Movements (stock transfers and goods receipts), Plant Maintenance Notifications/Orders, and Quality Management Results. Each document created in SAP by an indirect process carries a per-document Digital Access fee, or you can purchase a bundle of "Digital Access documents" as an annual entitlement.
If your e-commerce platform creates Sales Orders in SAP, those orders trigger Digital Access fees. If your warehouse management system creates Goods Movements, those trigger fees. If your ServiceNow integration creates Plant Maintenance Orders, those trigger fees. For high-volume operations, Digital Access costs can reach millions of dollars annually — costs that were never in the original SAP business case.
The Documents-in-Scope Problem
One of the most complex aspects of SAP Digital Access is determining which documents are in scope. SAP's published document types list is specific but not exhaustive — and SAP's interpretation of what constitutes a "covered" document has expanded over successive licence agreement revisions. Before any Digital Access assessment, enterprises need to obtain from SAP a current, written confirmation of exactly which document types are covered under their specific contract version. The list varies between contracts signed pre-2018, contracts modified in 2018-2020 when Digital Access was introduced, and contracts signed or renewed post-2020 where Digital Access terms are typically standard.
Unsure about your SAP indirect access or Digital Access exposure? Our SAP negotiation service includes a forensic indirect access assessment — mapping your integration landscape against SAP's current document definitions and identifying contractual protections you can negotiate. We work on 25% gainshare. No savings = no fee.
The Five Integration Scenarios That Create the Highest SAP Indirect Access Risk
Not all third-party-to-SAP integrations carry equal risk. The following scenarios consistently generate the largest indirect access claims and deserve priority attention in any SAP licence compliance review.
⚠ Scenario 1: CRM to ERP Order Creation
When Salesforce, Microsoft Dynamics, or a custom CRM creates Sales Orders in SAP ECC or S/4HANA, every order generated by a customer who has never logged into SAP directly is potentially a Digital Access document. For B2B enterprises with large customer bases placing orders through a CRM-connected portal or sales application, this can generate millions of covered documents annually. The volume is often invisible until SAP runs an USMM (SAP Usage and Measurement Management) script during an audit.
⚠ Scenario 2: E-Commerce and Customer Self-Service Portals
Any customer-facing portal that allows order placement, order status checks, returns processing, or account management — and that connects to SAP on the back end — is a potential indirect access source. The customers using these portals are never SAP named users. Under the original indirect access model, every customer interaction could theoretically require a licence. Under Digital Access, every document generated is a chargeable event. This is particularly acute for B2B manufacturers, distributors, and service companies with large customer self-service deployments.
⚠ Scenario 3: Warehouse and Supply Chain System Integrations
Warehouse Management Systems (WMS) — particularly third-party systems like Manhattan Associates, Blue Yonder, or Körber — create Goods Movements in SAP to record stock receipts, putaways, picks, and shipments. These are among SAP's defined Digital Access document types. For high-volume distribution operations, hundreds of thousands of Goods Movement documents per month are not unusual, creating significant annual Digital Access fees if not covered by an existing entitlement bundle.
⚠ Scenario 4: ITSM and Field Service Integrations
ServiceNow, Remedy, and Maximo integrations that create Plant Maintenance Notifications or Service Orders in SAP PM are a common indirect access source in asset-intensive industries. Oil and gas, utilities, manufacturing, and facilities management companies frequently run maintenance workflows in ServiceNow or a specialist CMMS that connects to SAP PM for asset history, spare parts ordering, and financial posting. Each SAP PM document created by the integration is potentially in scope.
⚠ Scenario 5: Hyperautomation and RPA Deployments
Robotic Process Automation (RPA) bots from UiPath, Automation Anywhere, or SAP's own Build Process Automation that interact with SAP — entering data, extracting information, triggering transactions — are frequently overlooked in indirect access assessments. SAP's position on RPA is nuanced: bots logging in with named user credentials consume standard named user licences. Bots accessing SAP via APIs or RFC without a named user login can trigger indirect access or Digital Access depending on what documents they generate. As enterprises scale RPA deployments into SAP, this exposure grows.
How SAP Measures and Audits Indirect Access
SAP uses USMM (SAP Usage and Measurement Management) as its primary tool for measuring SAP system usage, including indirect access. USMM scripts, when run against your SAP landscape, identify all system-to-system RFC connections, API calls, and document creation events. The output includes the number and type of documents created indirectly, the RFC interfaces involved, and a summary that SAP's licensing team uses to calculate any licence shortfall.
SAP's audit process for indirect access typically starts with a soft request — an LAW (Licence Audit Workbench) self-assessment, or an account-driven request for USMM output as part of your annual true-up. If SAP's analysis of the USMM output reveals uncovered indirect or digital access, the account team will present a commercial proposal to regularise the position. These proposals are presented as "true-up" requirements but are commercial negotiations — the initial proposal is rarely the final settlement position.
Three critical points about SAP audit requests: First, you are contractually obligated to cooperate with SAP's measurement process under standard ELP (Enterprise Licence Agreement) terms. Refusing to provide USMM output or LAW data does not eliminate your exposure — it delays the process and damages the relationship. Second, SAP's USMM output is a starting point for discussion, not a final verdict. The data quality depends on how your system is configured and how boundaries are drawn around what constitutes an indirect system. Third, you should never share raw USMM output with SAP without first having it independently analysed by someone who understands the measurement methodology and can identify errors or misclassifications in SAP's calculation.
Our SAP negotiation service covers both pre-audit preparation and active audit defence. We analyse your USMM data before you share it with SAP, identify misclassifications, and negotiate the commercial settlement. We have resolved SAP indirect access claims ranging from $500K to $30M. Software audit defence is core to our model — on 25% gainshare. Get a free estimate.
Contractual Protections You Should Negotiate Into Your SAP Agreement
The most effective defence against SAP indirect access and Digital Access exposure is contractual — negotiating specific provisions into your SAP ELP or RISE agreement that define, cap, or protect specific integration scenarios. The following protections are achievable in SAP negotiations and should be standard requirements for any enterprise with significant third-party integration complexity.
Protection 1: Named Integration System Exclusions
Negotiate explicit exclusions for your named third-party systems. If you run Salesforce as your CRM and it creates Sales Orders in SAP, negotiate a contract clause that defines the Salesforce-SAP integration as covered under your existing named user licences, not subject to additional Digital Access fees. SAP will resist this but will accept it for strategic accounts in exchange for commitment to other parts of the deal — volume, RISE migration, additional module purchases, or extended terms.
Protection 2: Document Volume Caps with Ratchet Rights
If SAP insists on Digital Access pricing for specific integration scenarios, negotiate annual document caps — a maximum number of covered documents included in your licence fee — with defined commercial terms for overage and rights to purchase additional document capacity at pre-agreed rates. This converts the variable exposure of per-document charging into a predictable cost with clear expansion rights, and eliminates the audit risk of retrospective claims for years of uncovered documents.
Protection 3: Audit Safe Harbour Periods
Negotiate a contractual commitment from SAP that any indirect access or Digital Access measurement will only look forward from the date of your agreement revision — not backward to historical document creation. This protects you from claims for years of integration activity that predates the Digital Access framework. SAP will typically accept a 12-month lookback limit in exchange for a clean-up of forward-facing compliance.
Protection 4: S/4HANA Migration as Leverage
If your SAP ECC instance faces a Digital Access or indirect access claim, use the S/4HANA migration conversation as leverage. SAP has a strong commercial interest in accelerating S/4HANA adoption — especially with the 2027 mainstream maintenance deadline creating urgency for ECC customers. A commitment to a defined S/4HANA migration timeline is frequently sufficient leverage to resolve indirect access claims at significantly below SAP's initial ask, or to obtain RISE contractual terms that include forward-looking Digital Access coverage for defined integration scenarios.
SAP RISE and Digital Access: What Changes in the Cloud
SAP RISE with S/4HANA Cloud (the managed cloud deployment model) includes Digital Access licensing differently from on-premise ECC or S/4HANA deployments. In RISE contracts, SAP includes a defined volume of Digital Access documents within the base RISE pricing, with documented overage rates. This provides more clarity than legacy ECC arrangements — but the included volume is calibrated conservatively, and high-volume integration scenarios frequently exceed it.
Before signing a RISE contract, conduct a document volume forecast based on your current integration landscape. Map your existing indirect document creation against the Digital Access document types, estimate annual volumes, and validate these against the Digital Access allowance in the RISE proposal. If your forecast exceeds the included allowance, negotiate either a higher included volume or pre-agreed overage rates before signing — the post-signature commercial position is significantly weaker.
SAP Indirect Access and Digital Access are among the most financially consequential licensing issues you will face with SAP. The combination of retrospective claim potential, high document volumes in integrated enterprises, and SAP's established willingness to pursue these claims commercially means that every enterprise SAP customer should understand their exposure and have appropriate contractual protections in place.
Our SAP negotiation service covers indirect access assessment, Digital Access scoping, audit defence, and RISE contract negotiation. We negotiate on 25% gainshare — no savings, no fee. If you are concerned about your SAP indirect access position, contact us for a free assessment. We cover multi-vendor negotiations including coordinating SAP with Microsoft, Salesforce, and ServiceNow where indirect access issues intersect vendor boundaries. Read our SAP RISE Evaluation Framework white paper for more on negotiating SAP's cloud transition.