SAP License Audits Contact Us
Service IV · Indirect Access

Every interface, mapped.

Salesforce, ServiceNow, custom portals, RPA, EDI. Every interface into SAP that does not run through a Named User. We defend the position, requalify the document flow, and where useful convert.

Contact Us → Read the Survival Guide
SAP indirect access systems
Featured DefenceA $22M claim, reduced to $4.8M. Eight interfaces re-classified.
Client Savings
$180M+
across active SAP matters since 2018
Engagements Closed
500+
all SAP product lines, three continents
Average Reduction
68%
on the opening audit claim value
Practice Experience
20+
combined years inside SAP licensing
Section I · The Brief

The largest single exposure in most estates.

Indirect access is, in our case-book, the largest single source of audit exposure across the SAP enterprise category. The leading cases — Diageo, Anheuser-Busch — set the legal framework. The day-to-day reality is that almost every SAP estate has interfaces that pre-date the contractual definition, system integrations that nobody mapped, and document flows that nobody classified.

SAP's position is that those interfaces require their own licence. The buyer-side position is that many of them do not, that the document classification is contestable, and that the right remediation is rarely a like-for-like conversion to Digital Access at list price.

The work begins with mapping. Every interface, every middleware component, every RPA bot, every EDI pipe, every custom portal. Each one classified by what it reads, what it writes, how often, and on whose behalf. The classification is what determines the licence position — and it is the classification, far more than the technology, that the negotiation turns on.

Remediation has three usable pathways: architecture changes that move the document flow back through Named-User front ends, contractual re-classification that brings the interface inside an existing licence, and a costed conversion to Digital Access with caps and floors. The right answer is almost always a mix.

Section II · What's Included

Six workstreams, one map.

— I.

Interface Mapping

Every system that reads or writes SAP data, enumerated. Salesforce, ServiceNow, custom portals, RPA, EDI, BPM, middleware, bespoke connectors.

— II.

Document Classification

Each interface's document flow classified by the nine Digital Access types, by the contractual definition, and by the actual user-on-behalf-of model.

— III.

Volume Quantification

Real document volumes, sampled and extrapolated. The exposure modelled at the contractual tier and at the conversion-pricing tier.

— IV.

Defence Positioning

Each interface assigned a defensible position: Named-User-on-behalf-of, contractual carve-out, document re-classification, or a costed conversion.

— V.

Architecture Remediation

Where the right answer is to change the document flow rather than pay for it. Sequenced with the IT roadmap and budgeted.

— VI.

Contractual Close

The indirect-access definition written into the contract schedule. Caps, floors, and re-measurement protection drafted for the term.

Section III · The Method

Four phases. Eight to twelve weeks.

— Phase i.

Map

Every interface enumerated. Read-paths, write-paths, document types, user-on-behalf-of model, and the contractual interpretation tested.

— Phase ii.

Quantify

Volume sampling. Document classification. Exposure modelled at the contractual tier, at the conversion tier, and at the buyer-side defensible tier.

— Phase iii.

Position

Defence drafted interface by interface. Counter-position assembled. Settlement scenarios modelled across architecture remediation, re-classification, and conversion.

— Phase iv.

Close

Contractual definition tightened. Caps and floors written. Re-measurement protection inserted. The next audit cycle starts from a defensible position.

— Matter Profile · Indirect Access Defence

A retailer defeated an indirect-access claim on eight interfaces in fourteen weeks.

A North American specialty retailer received an indirect-access claim quoting $9.6M across eight interfaces, including a Salesforce CRM, two ServiceNow workflows, a custom returns portal, and four EDI partners.

We mapped each interface, classified the document flow, and re-positioned six of the eight as either Named-User-on-behalf-of or as out of scope under the existing schedule. The remaining two were converted to a capped Digital Access tier at a negotiated price.

Read the case file →
Opening
$9.6M
SAP's first written claim
Settlement
$1.2M
final agreed value
Interfaces
8
defended, six re-classified
Duration
14wk
brief to signed close

Questions, frequently.

What is SAP indirect access?

Any read or write of SAP data that does not originate from a person sitting at a Named-User-licensed front end. It includes Salesforce, ServiceNow, custom portals, RPA, EDI, BPM, and bespoke middleware. SAP's position is that those interfaces require their own licence; the buyer-side position is that the answer depends on the document classification and the contractual definition.

Is indirect access the same as Digital Access?

No. Digital Access is SAP's document-pricing model, introduced as a commercial framework for indirect use. Indirect access is the underlying exposure. Most matters touch both: the exposure is identified through an indirect-access review, and a conversion to Digital Access may or may not be the right answer.

How large is a typical indirect-access claim?

In our 500+ engagements, opening claims have ranged from $400,000 to $42M. The median is around $4.5M. Most are settled at a fraction of the opening number once the document classification and the interface counting are independently reviewed.

Can indirect-access exposure be eliminated?

It can be significantly reduced. Through architecture changes, classification arguments, document re-routing, and contractual definition work, the residual exposure can usually be brought to a defensible position. Total elimination is rare; a controlled, defined, contractually-bounded position is the practical target.

When should indirect access be reviewed?

Before an SAP audit cycle. Before any new system is connected to SAP. Before an S/4HANA migration. And as a standalone exercise at least every twenty-four months for any estate with more than five connected systems.

Do you work with our system integrators?

Yes. The architecture-remediation pathway depends on it. We provide the licensing classification and the contractual position; the integration partners deliver the underlying changes to the document flow.

— Related research
White Paper

Indirect Access Survival Guide

41 pages. The full defence framework, document-by-document. Diageo and Anheuser-Busch decoded. PDF, gated.
Service

Digital Access Negotiation

When a conversion is the right answer, the document-pricing model modelled lever by lever.
Case File

Retailer · 87% reduction

$9.6M opening claim settled at $1.2M. Eight interfaces, six re-classified.

Map the exposure first.

Every defensible position begins with a complete interface map. Speak with a specialist before the next audit cycle.

Contact Us →