Salesforce License Audit

Salesforce License Audit for Renewal Readiness

Do you really use the Salesforce licenses you pay for? SpendReady audits purchased vs assigned vs estimated-active seats, names the inactive users, and attaches a dollar estimate — so you walk into renewal with evidence, not gut feel.

Get your first audit freeSee a sample report

Read-only OAuth · Lightweight Connected App · No Apex · No write access

The five questions

What a Salesforce license audit should answer

Most “audits” are a screenshot of a count. A real one answers the questions you'll be asked at renewal.

How many seats are we actually paying for?

Your purchased license count by license type — the contract number, side by side with what's assigned and what looks active.

How many are assigned but never used?

Assigned seats whose owners have no interactive login in 90+ days. Named, not just counted.

Where is Permission Set License (PSL) spend leaking?

PSLs assigned to users who aren't active — surfaced by cross-referencing PSL assignments against login activity.

Which integration users are a cost and a risk?

Service accounts holding interactive licenses or carrying UI-login capability that widens your security surface.

What's the renewal number we can defend?

An estimated-active seat figure, with a dollar estimate attached, you can take into a Salesforce renewal conversation.

Purchased vs assigned vs estimated-active

These are three different numbers, and the gaps between them are where renewal money hides. SpendReady puts all three side by side.

Purchased450

What your contract says you bought. The number on the order form — and the number Salesforce renews against by default.

Assigned438

Seats actually allocated to users in the org. The gap between purchased and assigned is shelf-ware you're already paying for.

Estimated active289

Users with a recent interactive login, derived from LoginHistory. This is login-derived estimated-active usage — a signal for the conversation, not absolute proof of how a license is used.

Illustrative example. “Estimated active” is login-derived from LoginHistory — a signal for the renewal conversation, not absolute proof of how each license is used.

By name, not just count

Named inactive users

A count tells you there's a problem. A named list lets you act on it. SpendReady flags users with no interactive login in 90+ days and lists them by name and license type — so an admin can verify each one before you reclaim or renew it.

New hires, approved leave, and dormant-by-design accounts can be exempted so they don't show up as waste. The result is a cleanup queue you can defend line by line.

How the Salesforce inactive user report works →
Inactive users (90d+)
149 flagged
j.okafor@acme.comSales Cloud
184d
p.nguyen@acme.comSales Cloud
151d
r.delgado@acme.comService Cloud
127d
s.kapoor@acme.comSales Cloud
98d

Illustrative example. Names and dates are sample data.

PSL assignments vs activity
Sample
Sales Engagement62 assigned
21 on inactive users
CRM Analytics40 assigned
17 on inactive users
Field Service28 assigned
9 on inactive users

Illustrative example.

Add-on spend

Permission Set License (PSL) waste

Feature licenses — Sales Engagement, CRM Analytics, Field Service and the like — are bought as Permission Set Licenses on top of base seats. They're easy to over-buy and easy to forget. SpendReady cross-references PSL assignments against login activity to find feature licenses sitting on users who aren't active.

Reads PermissionSetLicense and PermissionSetLicenseAssign, joined to login data — surfaced by name so you can confirm each one.

Where Permission Set License waste comes from →
Cost and security

Integration-user risk

Integration and service accounts are a quiet source of both waste and exposure. SpendReady flags service accounts holding full interactive licenses they don't need, and accounts with UI-login capability that widens your security surface.

Service accounts on interactive licenses

A pure API integration rarely needs a full Sales or Service Cloud seat. Those are reclaimable seats hiding in plain sight — found by reading User and UserLicense.

UI-login capability flags

Integration users that can log in through the UI are a larger attack surface than they need to be. SpendReady surfaces them so your admin can tighten access. We read login activity only — no OAuth-token or session inspection.

The full case on integration-user risk →

CFO-ready renewal evidence

The point of the audit isn't a dashboard an admin logs into — it's an artifact a CFO or procurement lead can read, forward, and take into a renewal conversation. SpendReady attaches an estimated dollar figure to every finding using Salesforce list pricing (or your negotiated rate if you enter it), so the number is defensible.

  • Purchased vs assigned vs estimated-active seat counts, by license type
  • Named inactive users with last-login age
  • PSL waste identified by feature and by user
  • Integration-user cost and risk flags
  • An estimated savings figure tied to Salesforce list pricing — $175/user/mo Enterprise, $350 Unlimited
  • Readable without a Salesforce login — forward it to finance and procurement

Peak-usage, lowest-usage, and the 26-week trend chart are part of Monitoring and build over time — the free audit is a point-in-time snapshot, not a trend.

How to use audit evidence in a renewal negotiation →Salesforce cost per user in 2026 →
Illustrative example

Sample audit output

A simplified view of what a SpendReady audit summary looks like. All figures below are sample data, not a real org.

License Audit Summary
Illustrative · Acme Corp Salesforce Org
Sample
450
Purchased
438
Assigned
289
Est. active
Inactive users (90d+)named, with last-login age
149
PSL waste (feature licenses on inactive users)across 3 feature licenses
47
Integration users on interactive licensesreclaim candidates
11
Estimated annual savings opportunity$312,900

Illustrative example. Based on 149 inactive seats × $175/mo (Salesforce Enterprise list price). Actual savings depend on your negotiated rate.

Objects read (read-only)
UserUserLicensePermissionSetLicensePermissionSetLicenseAssignLoginHistory
See the full sample report →

Related reading

Salesforce Optimizer alternative
Why an out-of-org audit beats the in-org analyzer for renewal.
Salesforce inactive user report
How named inactive-user detection works, login type and all.
Permission Set License waste
Where feature-license over-buying hides and how to find it.
Salesforce cost per user (2026)
List pricing context that turns recovered seats into real dollars.

See it from your role: for CFOs & finance · for admins & RevOps

License audit questions, answered

What is a Salesforce license audit?
A structured review of your Salesforce seats that answers a simple question for renewal: are you paying for licenses you actually use? SpendReady reads your purchased license counts, what's assigned, and login activity, then surfaces named inactive users, Permission Set License (PSL) waste, and integration-user risk — packaged as renewal evidence rather than another in-org dashboard.
What Salesforce objects does the audit read?
Read-only access to five objects: User, UserLicense, PermissionSetLicense, PermissionSetLicenseAssign, and LoginHistory. We never read Opportunities, Accounts, Contacts, or any CRM business data.
Does "estimated active" mean a user definitely isn't using the license?
No. "Estimated active" is login-derived — it's based on interactive login activity in LoginHistory, not a guarantee of how each license is or isn't used. It's the strongest signal available without writing to your org, and it's what makes the renewal conversation evidence-based rather than guesswork. New hires, leave cases, and approved dormant accounts can be exempted so they're not mistaken for waste.
How does SpendReady access our Salesforce data?
Through a lightweight, read-only Connected App installed via an AppExchange install URL, authorized with standard OAuth. The package contains only the Connected App bridge — no Apex, no business-data objects, no write access. A Salesforce admin installs and authorizes in about 60 seconds each.
Is the first audit really free?
Yes. The first audit is free and gives you a point-in-time read of purchased vs assigned vs estimated-active seats, named inactive users, PSL waste, and integration-user risk. Peak-usage, lowest-usage, and trend views are part of Monitoring (they begin building once monitoring is active and unlock from month 3) — the free audit is a snapshot, not a trend.
How much does ongoing monitoring cost?
The one-time audit is $499. Monitoring is $399/month and adds weekly automated audits plus the historical trend views that build into renewal evidence over time. Enterprise is $1,199/month. Salesforce's own list pricing — $175/user/mo for Enterprise, $350 for Unlimited — is what makes even a handful of recovered seats add up.
How is this different from Salesforce Optimizer or Org Check?
Those run inside the org, on demand, and output to a screen for an admin. A SpendReady audit is built to leave the org: named findings with dollar estimates that a CFO or procurement team can read without a Salesforce login. See our Salesforce Optimizer alternative breakdown for the full comparison.

Run your free Salesforce license audit.

The first audit is free. No credit card. A Salesforce admin connects in about 60 seconds, read-only.

Get your first audit free →See a sample report

Read-only OAuth · Lightweight Connected App · No Apex · No write access

Related