Beware of SAP Indirect Access

Lawsuits between large software vendors and their customers often make the news. In 2015, Adobe took legal action against fashion apparel giant Forever 21 over alleged use of pirated software. And in 2016, a company called Bitmanagement filed a complaint that the United States Navy used $600 million worth of unlicensed software.

I chose these examples as they represent legal action against an organization that allegedly used unlicensed copies of software. Enterprise software licensing agreements are complex documents. Companies license software products based on many different license metrics, including a specific quantity of named users or devices, a fixed count of processors in a server, or even the number of simultaneous users, to name a few. In most cases, the use of unlicensed copies of the software by enterprise customers is unintentional, and is due to the complexity of the contracts, product use rights, and license models.

In many software licensing models, once you go above the number of licensed users/devices/processors, etc., you are out of compliance with your software license agreement.

But what if there is uncertainty over what qualifies as a “named user?”

SAP Indirect Access

This is a primary issue in a recent court decision. In SAP UK v Diageo Great Britain, the High Court of England and Wales ruled in favor of SAP who sought a claim of over £55 million against the beverage giant Diageo for “indirect users.” And the implications are huge for large companies that have integrated their customer facing systems with their SAP database.

In this particular case, Diageo had, since 2004, licensed the mySAP Business Suite based on a number of named users. A few years ago, Diageo created two new customer facing applications on the platform. These systems access Diageo’s mySAP implementation through an SAP Process Integration (SAP PI) interface that they also license.

The dispute was whether the license fee for SAP PI allows Diageo’s sales staff and customers – about 5,800 in total – to access SAP data through their Salesforce applications, or do all these people need to be “named users.”

The High Court ruled that named user license fees also apply to Diageo’s 5,800 indirect users, exposing them to an additional license fee almost equal to the total amount they paid SAP for all services.

The judge on the case rejected the defense argument that SAP PI is a “gatekeeper” license for gaining access to the SAP suite of applications. And while she confirmed that license fees are due for “indirect access,” she did not determine the specific category of named user licenses for Diageo’s customers, despite SAP’s claim that these 5,800 indirect users should pay the full £9,400 professional user license fee, essentially one of the most expensive SAP named user license types.

So Diageo must pay to license 5,800 indirect users; however, their financial liability has yet to be determined.

According to the document “Licensing SAP® Software. A Guide for Buyers,” the terms of indirect access are defined:

“The SAP software license is based on the utilization of software functionality, which is independent of the technical interface used to access software functions and data. A customer’s software license is based on usage of the SAP software under a named user plus package license model. Under this named user plus package license model, any access which may occur due to the customers’ software architecture must be licensed.”

This case essentially affirmed the SAP indirect license model. If you are an SAP shop, you could be liable for all indirect users with a potential enormous financial impact. There are, however, several things about SAP indirect licensing you should know. As noted in a Flexera Blog entitled SAP Indirect Access and User Identity Management, if a company’s direct access named users also have access to SAP data via an indirect application, then only one license is required. Also, if your company has users with accounts for multiple indirect applications, they will only need a single SAP named user license to cover access to all the systems.

So, how can you mitigate the financial risk of SAP indirect access? You can leverage the SAP Software License Optimization solution from Flexera.

FlexNet Manager for SAP Applications will help you optimize your SAP named user licenses by detecting idle users, identifying duplicate users, and assigning the optimal license type for each user based on an analysis of real usage data. This will enable you to avoid buying too many high cost license types when lower cost licenses will meet user needs. And more importantly FlexNet Manager for SAP Applications will helps you to discover instances of indirect access and to manage and optimize the license requirements for users of non-SAP systems: SAP Users

  • Identify accounts on non-SAP (indirect access) systems that have not logged in for an extended period and may be able to be retired (Idle Users)
  • Identify users who have accounts on both SAP systems and non-SAP systems, to avoid licensing these users multiple times (Duplicate Users across systems and across direct and indirect use)
  • Determine the optimal SAP license type for each non-SAP user based on all available information including their system authorizations and usage history

If you want to learn more about managing your SAP licenses, be sure to view our on-demand webinar “Pull Out All the Stops and Make the Right Decisions for SAP License Management.” Presented in conjunction with KPMG, you will learn about getting transparency on SAP indirect access licenses, optimizing named user licenses and Business Packages, and many more topics that will help you manage your SAP licenses.