Salesforce License Audit: A Complete Guide for Admins and RevOps
Salesforce raised list prices 6% in August 2025. Enterprise seats are now $165/seat/month. Here's how to audit your licenses so you don't walk into your renewal paying for seats you don't need.
Why license audits matter more after the 2025 price hike
Salesforce increased list prices by approximately 6% effective August 1, 2025. Enterprise Edition moved from approximately $150 to $165/seat/month. Unlimited moved from approximately $300 to $330/seat/month. For a 200-seat org on Enterprise, that's an additional $36,000/year — before any growth in headcount.
In that environment, unused licenses aren't just waste — they're a negotiating position. Every confirmed-inactive user you can document before renewal is $1,980/year ($165 × 12) you can argue to remove from your next contract.
The four things a complete license audit covers
1. User license utilization
How many of your total purchased licenses have active users assigned? And of those, how many are genuinely active? The first number is in Setup → Company Information. The second requires LoginHistory analysis (see our inactive user guide for the full SOQL).
A healthy org runs at 80–90% license utilization. Under 70% means you're carrying significant dead weight into your renewal.
2. Permission Set License (PSL) waste
PSLs are the hidden cost center. Sales Cloud Einstein, Revenue Intelligence, Tableau CRM, Enablement — these are sold on top of your base license, per user, and they're expensive. Check which PSLs are assigned vs. actively used.
The PermissionSetLicenseAssign object shows who has what. Cross-referencing against LoginHistory for those users tells you who has a PSL and hasn't logged in. That's direct, recoverable cost.
3. Integration users
Identify every user where the profile or username pattern suggests a non-human account (integration, api, system, service, batch). These users should NOT be logging in via the UI — if they are, that's a security concern AND it can artificially inflate your LoginHistory data, making your inactive-user analysis less accurate.
Integration users should connect via Named Credentials or Connected Apps with OAuth client credentials flow — not user credentials.
4. Stale OAuth tokens
Third-party apps and integrations that connected to your Salesforce org via OAuth leave tokens behind. If those integrations were decommissioned but the tokens weren't revoked, they sit in Setup → Connected Apps → OAuth Usage — consuming authorized app slots and representing a security surface.
Tokens unused for 90+ days should be reviewed and revoked.
Building the business case for Finance
An audit is only useful if it produces a document someone with budget authority will act on. Admins run audits; Finance approves renewals. These are different people with different contexts.
Your renewal brief for Finance needs three things:
- Verified inactive users with dates. Not "we think these users are inactive" — "these users have had zero interactive logins since [date], documented from LoginHistory."
- Dollar figure at current list prices. X users × $165/month × 12 months = $Y. Present the number they're currently paying for nothing.
- Comparison to last renewal. Were these same users inactive last year? Did you pay for them last cycle too? Trend data makes the case stronger.
How often should you run a license audit?
Ideally: continuously, with a formal review quarterly. In practice: most orgs only look at this in the 60 days before renewal. That's better than never, but it means you're often paying for 9–10 months of waste you never caught.
The orgs that negotiate most effectively are the ones that come to renewal with 6–12 months of documented license utilization trends — not a one-time snapshot.
Weekly PDF covering all four areas above — delivered to your admin and your Finance team. Includes trend history so your renewal brief writes itself.
Get your first audit free →