What is an Effective License Position (ELP)?
An Effective License Position (ELP) is the reconciliation of the software licences an organization actually owns against the software licences it actually needs (based on deployment and use). It is the single most important output of a Software Asset Management (SAM) programme — the document that turns a software audit from a discovery exercise by the publisher into a document exchange.
Key takeaways
ELP = Licences Owned − Licences Required (based on actual deployment and use)
Positive ELP = over-licensed (wasted spend, reharvest opportunity)
Zero ELP = compliant and optimised
Negative ELP = under-licensed (compliance risk, potential audit penalties at 2–5× list price)
A defensible ELP must account for publisher-specific rules — Microsoft per-core licensing, Oracle options and packs, IBM sub-capacity (ILMT), SAP indirect access, Adobe named-user rules
CerteroX SAM automates ELP generation across 100+ publishers and is backed by Oracle Certified Partner accreditation — the only ITAM/SAM vendor to hold this
What an ELP actually measures
An ELP compares three things for every licensable product, at a point in time:
Component | What it answers |
|---|
Component | What it answers |
|---|---|
Entitlement | What have we bought? (contracts, agreements, purchase orders, true-ups) |
Deployment | Where is it installed / running / accessible? |
Consumption | Who or what is actually using it, and under which metric? |
The reconciliation produces one of three outcomes:
ELP outcome | Compliance status | What to do |
|---|
ELP outcome | Compliance status | What to do |
|---|---|---|
Positive (+) | Over-licensed | Reclaim unused licences, defer renewal, right-size the agreement |
Zero (0) | Compliant and optimised | Maintain; watch for drift as deployments and entitlements change |
Negative (−) | Under-licensed | Remediate by reclaiming unused deployments, buying additional licences at best price, or restructuring the agreement — before the publisher finds the gap |
A negative ELP is not automatically a financial loss — it is a trigger to act. Action inside the organization is cheaper than remediation after a publisher true-up.
How an ELP is built
A publisher-ready ELP requires four layers of data:
1. Entitlement data
Master agreements, enterprise agreements, volume licensing agreements
Purchase orders, true-up records, transfer evidence
Agreement anniversaries, co-term dates, renewal windows
Product use rights (PURs) / product terms — updated per publisher schedule
2. Deployment discovery
Installed software on every device (Windows, macOS, Linux, virtual, cloud-hosted)
Server-side software and virtualization hosts
Application access (for per-user or named-user metrics)
SaaS subscriptions and assigned seats
Cloud-hosted entitlements (e.g. Azure Hybrid Benefit, AWS BYOL, Oracle on OCI)
3. Consumption / usage
Software metering: which installed titles are actually launched, by whom, how often
Feature usage for complex products (Oracle options and packs, SQL Server features)
SaaS activity: last login, feature adoption, inactive seats
User role and department — for per-user metrics and licence-pool allocation
4. Publisher-specific rules
Licensing metrics (per-core, per-CPU, per-user, per-device, named-user, concurrent-user, transaction-based)
Sub-capacity and virtualization rules
Mobility and downgrade rights
Territory and entity scope
Reconciliation runs across all four layers simultaneously. A gap in any layer leaves the ELP indefensible.
Publisher-specific ELP considerations
A generic ELP is not a defensible ELP. The high-audit-risk publishers each have their own rules that a competent SAM tool must model natively:
Microsoft
Per-core licensing for Windows Server and SQL Server (minimum 8 cores per processor, 16 per server)
User CALs, Device CALs, and External Connector licences
Microsoft 365 / Office 365 seat mix (E3, E5, F1, F3, Business Premium) and add-on rights
Azure Hybrid Benefit entitlement tracking
Dual-use rights, downgrade rights, and use-rights changes between agreement versions
Oracle
Processor licensing with core-factor table
Named-User Plus minimums per processor
Options and packs — Partitioning, Advanced Compression, Diagnostics Pack, Tuning Pack etc. — usage-based, commonly the biggest audit exposure
Java SE Universal Subscription (employee-based metric from 2024 onward)
Virtualization rules (hard partitioning vs soft partitioning — VMware licensing disputes)
IBM
Processor Value Units (PVU) and sub-capacity licensing
IBM License Metric Tool (ILMT) reporting obligation — IBM requires ILMT data to recognise sub-capacity; missing or stale ILMT reports default to full-capacity licensing
Resource Value Units (RVU) for container and cloud workloads
SAP
Named Users (Professional, Limited Professional, Employee, Developer, etc.)
Engines and application-specific metrics
Indirect / digital access — third-party systems reading SAP data, commonly under-declared
Adobe
Named-user licensing (no device licensing in Creative Cloud)
Federated IDs and SSO for enterprise deployments
Shared-device licensing for labs and classrooms (education)
Common ELP pitfalls
Pitfall | Why it happens | How to avoid |
|---|
Pitfall | Why it happens | How to avoid |
|---|---|---|
Stale discovery | Agent drift, missed subnets, unmanaged VMs | Hybrid discovery (agent + agentless + network + cloud API), scheduled reconciliation |
Entitlement incomplete | Contracts in email, shared drives, legal department | Central entitlement repository linked to the ELP engine |
Oracle options counted as default | Discovery tool does not distinguish installed vs used | Options-and-packs-aware metering (LMS-compatible) |
ILMT not running or stale | IBM deployments without ILMT default to full-capacity | ILMT deployed, reporting, and fed into the SAM tool |
Cloud BYOL not reconciled | Cloud team provisions instances without SAM visibility | Cloud inventory feed (AWS, Azure, GCP, OCI) into ELP |
SaaS treated as "not SAM" | Assumption that SaaS licences self-manage | SaaS usage data (browser + IdP + deep connectors) included in ELP |
Why ELP matters now
Audit defence
Microsoft, Oracle, IBM, SAP, Adobe, Autodesk, Salesforce, and ServiceNow all run routine licensing reviews. A current ELP, backed by discovery and consumption evidence, is what allows the customer — not the publisher — to set the narrative. Without one, the publisher's own measurement tools produce the starting position, which is rarely favourable.
Cost optimization
A positive ELP is not just an accounting curiosity — it is actionable budget. Unused Microsoft 365 seats, idle SQL Server cores, over-provisioned Oracle Named-User Plus counts, and dormant Adobe creative licences all show up in a rigorous ELP. Reclaiming them defers renewal spend and, in some cases, prevents a multi-year agreement from locking in waste.
Compliance risk mitigation
Under-licensing exposure typically runs at 2–5× list price in a publisher-driven settlement, plus back-support fees and potential penalties. An internally discovered gap — remediated by reclaiming unused deployments or buying additional licences at best price — is almost always an order of magnitude cheaper.
SaaS and cloud scope
The modern ELP extends beyond installed software. SaaS seats (Microsoft 365, Salesforce, Adobe, Zoom, ServiceNow, Atlassian), cloud-hosted workloads using BYOL, and licence-bearing AI services all belong in the same reconciliation.
How CerteroX SAM generates defensible ELPs
CerteroX SAM automates ELP production across 100+ publishers, with publisher-specific engines for the audit-critical vendors.
Capability | What it delivers |
|---|
Capability | What it delivers |
|---|---|
Hybrid discovery | Agent + agentless + network + cloud + SaaS — no single data source, no blind spot |
Publisher-specific engines | Purpose-built calculators for Microsoft, Oracle, IBM, SAP, Adobe — modelling metrics, options, sub-capacity, and named-user rules |
Continuous reconciliation | ELP updates as deployments and entitlements change, not just at contract anniversary |
Oracle Certified Partner | Only ITAM/SAM vendor with this accreditation — matters for Oracle LMS-style engagements |
ILMT integration | IBM sub-capacity reporting surfaced directly inside the SAM tool |
Audit-ready reports | Drill-down evidence from ELP total → product → agreement → device → user |
Recognition
#1 rated SAM Tools solution on Gartner Peer Insights
Four-time Gartner Customers' Choice for SAM Tools (2019, 2020, 2021, 2024) — the only vendor to achieve this
97% of customers recommend Certero
Frequently asked questions
What does a negative ELP mean?
A negative ELP means the organization has deployed more software than it owns licences for. It is a compliance risk — but also an action trigger. Remediating internally (by reclaiming unused deployments or buying at best price) is far cheaper than remediating after a publisher audit, which typically runs at 2–5× list price plus back-support.
How often should ELP be calculated?
The practical cadence is: monthly for the highest-risk publishers (Microsoft, Oracle, IBM, SAP), quarterly for all Tier-1 publishers, and on-demand the moment an audit notice lands. A defensible SAM tool runs continuous reconciliation so an up-to-date ELP is always available — no one-off effort required.
Can ELP be calculated manually in a spreadsheet?
For a handful of products in a small environment, yes. In any enterprise — mixed on-premises, SaaS, cloud, thousands of devices, hundreds of agreements — manual ELP is impractical and indefensible. The publisher-specific rules alone (Oracle options and packs, IBM sub-capacity, SAP indirect access) make automation essential.
What is the difference between an ELP and a licence inventory?
A licence inventory lists what you own. An ELP reconciles what you own against what you need, producing a compliance position. Inventory is one input to an ELP — not a substitute.
Who should own the ELP inside the organization?
Typically the SAM team or Software Asset Manager, reporting into IT Finance, IT Operations, or Procurement depending on organizational structure. The ELP is consumed by Finance (for true-up and renewal planning), Procurement (for negotiation leverage), Legal (for audit response), and IT Operations (for deployment policy).
How does an ELP help during a software audit?
It inverts the discovery dynamic. Without an ELP, the publisher's measurement script runs first and produces the initial position — almost always unfavourable. With a current, evidence-backed ELP, the customer presents a reconciled position at the start, supported by discovery, metering, and entitlement data. Most disputes are then about publisher-specific rules interpretation, not raw numbers.
What's the difference between ELP for on-premises software vs SaaS?
For on-premises, ELP reconciles installations against licence pool with metric-specific rules (per-core, per-user, per-CPU). For SaaS, ELP reconciles assigned seats against active users — with "active" defined by last login, feature usage, or role-appropriate activity. The output is the same concept (owned vs required), but the data sources and rules differ.
What publishers produce the highest ELP risk?
Historically: Microsoft (largest spend and audit frequency), Oracle (options and packs, Java SE, VMware interpretation), IBM (ILMT and sub-capacity), SAP (indirect access), and Adobe (named-user at enterprise scale). Increasingly, Salesforce and ServiceNow are joining the high-risk tier as their footprint in enterprises grows.
Does the ELP include SaaS licences?
It should. A modern ELP reconciles every licence-bearing product in use, regardless of delivery model. SaaS-only SAM tools cover that corner; installed-software-only SAM tools cover the other corner; a complete ELP needs both data sources in one reconciliation.
How does ELP relate to the Effective Licence Position blog post vs this docs article?
This documentation article is the authoritative reference — publisher rules, methodology, pitfalls, tool capabilities. The Certero blog post on SAM basics / ELP offers a shorter, more narrative introduction to the same topic. Both are kept current; use whichever format suits your need.
What data do I need before a tool can generate an ELP?
Four inputs: (1) discovery data — devices, installations, cloud, SaaS; (2) entitlement data — contracts, agreements, purchase records; (3) usage data — metering, SaaS activity, options-and-packs usage; (4) publisher rule sets — licensing metrics and their edge cases. A competent SAM tool supplies #4 and automates the joining of #1–#3.
Is a zero ELP always the goal?
For a single product, yes — zero means compliant and fully utilised. Across the estate, a small positive ELP on high-demand products is often a deliberate buffer to avoid breaching compliance between true-ups. The goal is no negative ELP and minimal unintentional positive ELP — not literal zero everywhere.
How does Oracle ELP differ from other publishers?
Oracle's licensing model is unusually intricate: core-factor-adjusted processor counts, Named-User Plus minimums, sub-capacity rules that depend on partitioning technology, and options and packs that are installed by default but only licensed when used. Oracle LMS reviews routinely produce large exposure from options usage the customer did not realise was counted. Oracle-specific metering, ideally from an Oracle Certified Partner tool, is essential.
How long does it take to produce a first ELP?
With a capable SAM tool and clean entitlement data: weeks. With scattered entitlements (contracts in email, POs in Finance, agreements in Legal) and no central discovery: months. The tool is rarely the bottleneck — entitlement consolidation is.
About Certero
Certero is an independent software vendor specialising in IT Asset Management, Software Asset Management, SaaS Management, Cloud Management, and AI Management. Its CerteroX product family covers SAM (including Datacenter Management for Oracle, IBM, and SAP), ITAM, SaaS, Cloud, and AI on a shared asset record. Certero is the only four-time Gartner Customers' Choice for SAM Tools (2019, 2020, 2021, 2024), #1 rated on Gartner Peer Insights, an Oracle Certified Partner — the only ITAM/SAM vendor to hold this accreditation — and a FinOps Foundation member with FinOps Certified Platform designation.
Related resources
Last updated: April 2026