by | October 30, 2017

Yesterday I had a conversation with a VP of Finance in a medium-sized company and he said, “It has been quite a few years since we have heard from SAP. They are now coming to us and requesting that we send them our SAP Audit report. Should we send it to them? Do we invite them in? How can we be sure that we are actually in line with our SAP licensing before sending the report?”

My response was the same that I would give anyone in this situation, “Before you send ANYTHING to SAP, let me give you a 5 minute summary about SAP licensing and then let us discuss your specific situation.”

So here it is, my summary of SAP licensing in 5 minutes or less:


As any other software vendor, SAP likes to sell its software and collect yearly maintenance fees. Since SAP licenses are sold based on number of users and specific components (engines, software components), it is imperative that they know that customers are not using more than they are actually licensed and paying for. SAP is doing this by asking customers to send annual reports with the number of users and their license type (using T-Code SLAW). It is different for those who are on the cloud, since SAP is able to monitor the customer’s usage without their intervention.

SAP licensing can be divided into three parts:

User licensing
Engine licensing
Licensing that results from undocumented situations (aka “licensing surprises”)

User licensing

This means counting the license types that are attached to user accounts, assign them to employees and then summarize it all in a table with the license type and number of users who use it.

For example if employee “Sarah Jane” has two user accounts – one SARAH in ERP and one SARAHJ in CRM and she’s using the ERP user account as “Professional” and the CRM user account as “Limited Professional”, the employee Sarah Jane will require a “Professional” license and in the summary table it would say: Professional – 1 user.

Engine licensing

This refers to licenses for SAP’s software engines and is based on the amount of entities related to the engines or to some business-related metrics. For example, a license for an SAP HR/Payroll engine can be based on the number of pay slips that are issued yearly. On the other hand a SAP GRC engine can be based on the company’s revenues. For a full definition with relevant samples download our complete guide to SAP licensing.

SAP Engine licensing is an important part, however in most SAP customers that we have analyzed, engine licensing was only about 10% of the total licensing cost.

Licensing surprises

These are the most frightening – they include everything that you are not aware of or simply are not able to see. Some examples include – multiple logins by the same user account from different IPs, employees in the production system that use the same computer (and user account) to report production quantities. Another surprise which is infamous is indirect access to SAP by third party applications. Unfortunately these are not the only surprises that SAP customers may encounter during their audit.

So how can you avoid these issues?

Every customer should make it a point to classify their own users to the right license types in accordance with their SAP contract. Now the problem here is that the definitions in the contract with SAP are typically quite vague. So you need to develop some sort of method to understand and classify users to license types and stick with the chosen classification method for years to come. Also, the chosen classification method should also be something that SAP recognizes and accepts. If this system is not in place and you have received notice of an upcoming audit it may already be too late.

Helpful hint: Many customers have been led to believe that the SAP T-Code SLAW which sends information to SAP also classifies users to their license types correctly.  This is FALSE.  This transaction does not classify anything automatically.  All it does is to gather the existing licensing classifications that you previously updated and to send it as is to SAP.  If you have not classified or have classified incorrectly it will be sent to SAP incorrectly.  About 90% of the licensing costs (not including unpredictable surprises) are attributed to classifying users.  This is a large cost so it is very important to make sure it is done correctly.

Choosing your preferred classification method is key.

In case I have not stressed it enough, the best way to be confident in your SAP licensing is to have a good method for classifying users to license types and to have good software to execute this method automatically and continuously.  If it is done manually chances are that the knowledge is stored in someone’s brain and not on a system. This can be very dangerous for a company.

Automating the classification is the best way to control all users in the SAP system. This way you can do your own internal audits every quarter or six months and know you are in compliance with your SAP contract.
So you have a classification method and are being audited…what are the next steps?

Having the best software to execute the method that you have put into place is huge.  In parallel we have found that our customers feel comfortable having someone to analyze the reports and explain them. This person should also help you execute the audit and physically go with you to your negotiation with SAP.
So what exactly should you be checking for in your own audit?

Check for terminated accounts that have possibly not been deleted – these accounts can be a waste of a license.
Make sure you check for duplicate usernames – it is important to make sure that each employee only has one username in a single system. Employees who forget that they have a user account and then ask for a new one is a common reason for duplicate accounts.
Test accounts – verify that you do not have any accounts that were created for testing purposes and were not deleted.
See that all your user accounts are classified correctly – not too high (paying too much) and not too low (not paying enough) as both can be risky.
Make sure you are identifying risks in real time. These risks include indirect access, multiple logins on different computers using the same user account and more.
Stay compliant – not only is this necessary in regards to SAP but it is also a legal issue.

So what is the moral of the story?

If you go to your SAP audit prepared with a good classifying system in place that classifies the users long term then SAP will be open to listen and negotiate.


Subscribe To Our Newsletter

Subscribe To Our Newsletter

ITAM Channel brings the best news and views from the ITAM industry. Sign up for the newsletter and get them straight to your inbox

You have Successfully Subscribed!