8 things you didn’t know about the SAP S-User
By Cristina Gil Gallo
December 6, 2020

Let’s start with clarifying what an S-User is.  This is a unique identifier that allows you to login to your SAP products, report an incident, download software, configure connections, and more. An S-User ID contains the letter ‘S’ followed by a string of numbers (e.g. S0021354123). Alternatively, it is referred to as OSS user (Online Service System).

Not everybody can have an S-User

Unfortunately, this is reserved only for SAP customers and SAP partners.

When a customer purchases an SAP product, a welcome email is sent containing their S-user ID. In this case, it is SAP who assigns the first S-user ID. This first S-user of the licence is called the super administrator or alternatively Cloud administrator for a cloud product. Subsequently, additional S-users can be created internally by the super administrator or other administrators a posteriori created. It is important to highlight that SAP does not assign additional S-user IDs on the customer’s behalf.

An S-User is assigned to a single SAP customer and cannot be migrated to another one

According to SAP in note 2423500, an S-User ID is created under a specific customer number and is owned by that particular customer number. An S-user cannot be re-assigned to another customer number. If a person moves to another company, a new S-User ID will be required.

Additionally, if a company is changing the customer number, they will need to migrate all the S-users, thereby creating new ID numbers.

SAP wants to identify us individually with the SAP Universal ID

In order to identify consultants individually , especially people who work with several SAP customers and manage different S-Users, SAP has created SAP Universal ID. It is a single-entry point to view, update, and manage your personal information, account security settings, and associations to companies.

SAP Universal ID allows you to combine all your existing and future S/P-user ID(s) under a single password, eliminating the need to keep track of all your S/P-user numbers.

Eventually, SAP Universal ID will replace your existing S/P-user(s) and will be mandatory.

My personal advice is that you associate your SAP Universal ID with a personal email address to which you will always have access. I do not think it is the most appropriate associating it with a company account with which one day you may stop working but of course it is your choice.

Each person who needs an S-User should have an individualized one

Each S-User is assigned to an e-mail address. The same email cannot be linked to two different SAP Universal IDs. If an email is already verified and linked to an SAP Universal ID, then this email cannot be used again.

In the near future, gone will be the times when a generic S-user is used by several consultants working for the same customer. Soon user administrators will have to grant the access to each person individually.

Not all the S-Users are the same

S-Users have different levels of permissions and authorizations.

The super administrator has the highest level of authorization. As stated previously, the Super administrator is the first S-User assigned to the licence and it is created by SAP when the customer purchases the product. Cloud administrator is the equivalent of the Super Administrator but for a Cloud product.

User administrators are users with access  authorization to grant all authorizations that they have themselves to other users or revoke them. They are responsible for creating and administering S-user IDs.

S-Users can request a change in authorizations in the SAP ONE Support Launchpad.

The S-Users assigned when you buy a subscription to the Learning Hub or the Certification Hub are merely training accounts and are not validated S-user accounts. These training accounts can only be used on certain SAP training websites, they are not valid for SAP launchpad, SAP JAM, community, etc.

You can find more information about the different S-Users and the objects of authorization here.

S-Users have an Expiration date

This is something relatively new. Since the 2nd of June 2020, there is a mandatory expiration date for S-users  both new and existing. SAP states that this was implemented to ensure GDPR compliance (wink).

Some specific S-Users don’t have an expiration date, they are out of this scope: Super, cloud or user administrators, Security Managers and technical communication.

The default period for an S-User is 24 months but can be shorter if needed (for temporary employees). After an S-User is created, the expiration date can be extended until a maximum of 60 months. When close to expiry, it should be extended again.

If you have an S-User, you can see your expiration date here.

Image: Expiration Date of one of my S-Users

90 days after the S-user ID has expired, it will be deleted. Administrators can view deleted S-user IDs for 12 months; however, the S-user ID will be unable to be reactivated. After this period, deleted users will be removed from sap database.

Image: S-User Lifetime Diagram. Source: SAP

Additionally, according to note 2403394, you cannot change the S-user in an incident. The implication of this is that, if an incident is assigned to an expired / deleted S-user, you would need to add additional contact (s-users) to be notified. Therefore, when a company is changing the customer number, they will need to migrate everything: users, incidents…

Certifications can be migrated between S-Users

According to SAP in note 2547250, an SAP certification is assigned to the e-mail address associated to the S-User. Consequently, if your S-User is deleted, and subsequently a new one is created for you inside the same company, you will not lose the certification as long as you keep the same e-mail. However, if you change the e-mail address, or change companies, and you don’t want to lose your certifications, you would need to contact SAP to request the transfer of the certificates to the new S-user ID.

From my point of view, it would make sense that with the implementation of the SAP Universal ID, this will change because SAP has identified you as an individual. However, I have not found any information on this.

There are other types of SAP users besides the S-Users

These are the types of SAP Users:

  • D-User: Germany based SAP Employees
  • I-User: International based SAP Employees
  • C-User: SAP Contractors
  • S-User: Licensed Customers or SAP Partners
  • P-User: Public SAP users, for example self-registered users in the SAP Community

The most popular is the P-User because everybody can have one. It is not linked to any specific customer number. P-Users can be included in the SAP Universal ID and they don’t have an expiration date. It’s important to note that P-Users don’t have accesses to SAP Notes or the ONE Support Launchpad. It is easy to get confused with all the SAP users and the different level of accesses they have.

Before finishing this post, I would like to give you one last piece of advice. If you make contributions to the SAP community, do all of them with your P-user because you can always keep it. If you create posts on the SAP blog or make comments or have raised any question… you will lose access to everything if you stop having the S-user, although everything will continue being published but without a name (it will appear “Former User”). I personally do all my contributions with my user P-User just in case.

Cristina Gil Gallo
Cristina specializes in SAP SD consulting holding a certification in S/4 HANA Sales On Premise. She started her career in SAP in 2005. She is particularly interested in international projects. She holds a BSc in Industrial Engenieering from the Universidad Politécnica de Valencia.


  1. Pablo Castedo

    Excelente. Muy bien explicado Cristina, muy clarito.

    • Cristina Gil Gallo

      Me alegro de que te haya gustado Pablo! Gracias por dejar un comentario 🙂

  2. Marga Ribes

    Thanks Cris, is one of those concepts that without facing problems is dificult to understand the complexities. Great difusión blog.


Submit a Comment

Your email address will not be published.