A 'Wild West' of service providers has emerged over the last 12 months, each staking claim to the new frontier of SAP's FUE license model and spinning up solutions promising to save you money. But just like the real 'Wild West,' you need to look out for cowboys.
Many service providers have responded to the wave of SAP RISE migrations by offering FUE optimization reviews and services, based around software tools that analyze SAP’s STAR report and uncover your license status. But relying on these tools for insights isn’t enough: real-world experience and deep business context are crucial to effectively address licensing challenges, driven by strategic remediation and role redesign with security at the core.
We’ve delivered SAP license reduction rates of between 46% and 83% across a range of organizations. This blog explains how we do it — citing real-world examples of success — and how we can do it for you.
A Turnkey SAP licensing review: More than a surface assessment
Our FUE license review approach brings together over 20 years of SAP security experience, proprietary technology, and business context. Unlike basic assessment tools, we go beyond surface-level analysis. Software tools alone can't capture the nuanced variables critical to effective license optimization, such as the frequency of business need for certain transactions, the validity of alternative approaches, and how multiple role assignments interact to determine the suitable licensing tier.
Our assessment phase encompasses:
-
A STAR report baseline assessment to establish your current FUE license status.
-
Analysis of transaction usage over the previous 12 months.
-
Bespoke scripts that process data at volume and identify patterns.
-
Expert interpretation to determine realistic target states.
But that isn’t the end of the story. We then apply our deep SAP security knowledge to recommend and implement specific remediation actions, if required. This can include identifying which access removals are safe or risky; establishing cases of infrequent access that can be moved to temporary elevated privilege; and balancing license optimization with operational and security priorities. And we do it all through data extraction and external analysis, with no need to install any software in your environment.
How we reduced an electricity distribution company’s FUEs by 83%
This client worked with us to understand the implications of moving from on-premise S/4HANA to cloud. The initial assessment revealed a total FUE figure of 1,995 (based on existing roles and authorizations assignments), and our transaction usage analysis established an initial target of 473 FUEs, a reduction of 76%.
Based on this promising assessment, the client engaged Turnkey for an end-to-end role redesign and remediation. We rebuilt roles from scratch, from the perspective of license optimization, and validated job-based access requirements against transaction execution history and business process needs. Plus, building access risk considerations into this phase meant the client gained additional value from the redesign process. Invictus Partners supported us with database sizing and other FUE components, and business process lead validation ensured there was no operational disruption.
The final outcome, 12 months on from the initial assessment, was an FUE figure of just 334 — 83% lower than before and surpassing the established target. What’s more, the organization stands to benefit long-term from major cost savings and an improved security posture.
How we reduced CSM Ingredients’ FUEs by 46%
CSM Ingredients had been live with SAP S/4HANA on RISE Private Edition for six months, after a rapid deployment across multiple manufacturing sites. However, an SAP audit revealed a costly — and unbudgeted — over-licensing of 30% to 40%.
Our assessment uncovered the root causes behind the over-licensing: 9,000 defined roles for just 1000 users; project users still provisioned with elevated access months after projects were completed; copy-paste provisioning; a ‘just in case’ approach to access that required permanent high-tier licensing; and a lack of access cleanup or reviews.
To remedy the situation, we compared authorization assignments to actual transaction usage patterns to identify high-impact access removals with low operational risk. This balance of immediate relief and long-term optimization helped us reduce the FUE license count by 46% and bring CSM Ingredients back within their licensing budget. As a result, they saved unbudgeted spending, found headroom for future growth without extra licensing, and improved their security posture through access governance cleanup.
FUE overspend warning signs and next steps
How can you tell if you’re in urgent need of an FUE license review, as these organizations were? Telltale signs include:
-
Project users with elevated access months after projects have gone live.
-
More users in the upper FUE tiers than the lower ones.
-
A ratio of role counts to users greater than 5:1.
-
Permanent high-tier license assignments for infrequent users, ‘just in case’.
-
Inability to justify why users' permissions need to be changed or created for specific transactions.
If all or most of these apply to you, then your next step is not to send SAP your STAR report data, even if they request it. They will use this as your baseline for license negotiations, which can make reducing your FUE count harder if you haven’t optimized already.
Instead, start with our RISE License Optimization Calculator, which can translate your STAR report results into an estimate of realistic FUE reductions, based on the proven methodology and real-world results you’ve read about here. We’ll give you projected target FUE figures and cost savings, and a strong foundation for CFO business case development, all without obligation or engagement commitment.
Try the calculator for free today or contact us to discover how we at Turnkey don’t just quantify the problem, but deliver the solution, too.
