CIO Playbook: Managing ISV AppExchange App Licensing in Salesforce

Maintain an up-to-date inventory of all AppExchange apps installed in your Salesforce orgs. Include: app name/vendor, purpose, licenses purchased, current usage levels, contract dates, renewal dates, and commercial terms (cost, payment frequency).

Task the Salesforce admin team or ITAM team with producing a report of all "installed packages" on a regular cadence. Every ISV app in use should be logged in an asset register just like any other enterprise software. This prevents "forgotten" subscriptions.

Best Practice: Align or at least be aware of how ISV renewal dates relate to your Salesforce contract renewal dates. Many organizations co-term major ISV renewals with their Salesforce annual renewal for convenience.

Different apps use different licensing schemes: per user, by usage (documents, data volume, transactions), or by org/edition. Note tier structures and overage policies. Document renewal terms — auto-renewal vs. manual, and advance notice requirements for cancellation or adjustment.

Dependencies: Capture what each app requires — specific Salesforce editions, API access, or other features. If an app is mission-critical, note its dependency on Salesforce data. This helps assess risk if you change Salesforce features or license types.

Require approval from IT (architecture, security, procurement) before any AppExchange managed package installation. This prevents shadow IT patterns — departments initiating free trials that convert to paid subscriptions without oversight. Enterprise architects ensure apps don't duplicate existing functionality or violate data policies.

Policy: Just as new enterprise software goes through architecture review and security assessment, AppExchange apps should require clearance. Admins must obtain written sign-off before proceeding with production installation.

Control who can access each app via Salesforce's license management screen (Installed Packages → Manage Licenses). Implement processes for granting and revoking app licenses — when employees leave or change roles, remove AppExchange access along with Salesforce access to free up licenses.

Regularly compare active users per app with purchased license counts. Never exceed provisioned counts — some apps won't technically prevent over-assignment, leaving you vulnerable to compliance issues. Conduct internal audits to identify discrepancies.

Watch For: Users with app access but no corresponding paid license (compliance risk), and licenses purchased but never assigned (wasted budget). Both should be addressed proactively.

Track usage metrics for apps charging based on consumption (transaction limits, document quotas). Set up alerts before hitting caps to avoid expensive overages. Identify under-utilization — if only 30 of 50 purchased licenses are in use, consider downsizing at renewal.

Ensure all AppExchange procurement goes through a centralized process. Integrate into ITAM and Finance tracking systems so "hidden" spending is visible. CIOs should insist on a single view of Salesforce ecosystem costs including core licenses and all third-party add-ons.

True-Up Planning: If a project suddenly requires 20 more seats, have a procedure in place. Negotiate volume flexibility upfront or know per-unit add-on costs. Avoid unilateral user additions beyond licensed counts.

Leverage Salesforce renewal timing to also negotiate ISV apps. A 3-year Salesforce renewal is an excellent time to negotiate 3-year deals for key add-ons. By bundling discussions, the Salesforce AE can advocate for competitive ISV pricing — it contributes to the overall deal success and their quota.

Customers have secured double-digit percentage discounts on AppExchange products by making purchases contingent on favorable package deals. If planning multiple ISV apps, negotiating them simultaneously creates leverage even across different vendors.

Example: A CIO negotiating a Salesforce renewal informed the AE that an attractive DocuSign offer would influence the overall CRM renewal. The AE coordinated with DocuSign, resulting in an improved enterprise plan discount — a win-win where the customer simplified negotiations and got better pricing.

Research benchmark pricing — understand typical pricing tiers and know about alternative apps for leverage. Commit to longer terms (3-year subscriptions) for locked-in pricing, but ensure flexibility (adjust-down rights, carry-over for unused volume). Negotiate price increase caps (e.g., no more than 5% per year).

Co-term renewals — align ISV app renewals with your Salesforce contract end date for maximum leverage next time. Clarify support — ensure you can work directly with ISV support for technical issues, not routed through Salesforce. Use independent advisors for high-value ISV contracts to get benchmark data and negotiation support.

Key Insight: Even ISV app prices are negotiable — nothing is a fixed rate. Just as Salesforce's prices are highly negotiable based on volume and deal size, ISVs have flexibility for enterprise customers and multi-year commitments.

Integrate AppExchange oversight into your existing ITAM and governance frameworks. Policies for software asset management (CMDB, asset register, reconciliations) should explicitly include cloud marketplace apps. Publish guidelines: "All SaaS applications including third-party apps installed within platforms like Salesforce must be approved and tracked by ITAM."

Signal: This formally recognizes AppExchange apps as part of the IT portfolio. Even if a tool is obtained through a SaaS marketplace, it is not exempt from oversight.

Include AppExchange license counts and costs in regular license audits and true-up exercises. Configure SAM tools (Flexera, ServiceNow SAM) to ingest data from Salesforce APIs about installed packages and license assignments.

Renewal management: Treat each ISV app as a vendor contract to diarize. Trigger reviews 90 days before renewal — check usage vs. entitlement, confirm business value, then decide to renew, cancel, or renegotiate. This enables proactive decisions rather than last-minute renewals.

Governance Board: Include AppExchange apps in periodic IT governance board reviews. Present a dashboard of all third-party apps: what they do, cost, and any upcoming renewals or compliance flags.

Educate Salesforce admins, power users, and procurement on managing ISV licenses. Provide a simple intake form for new AppExchange requests covering licensing requirements, data access, and business justification.

Assign a business owner for each app (e.g., Sales Ops owns Conga; Legal owns e-signature). These owners confirm the app is still needed and usage is right-sized. For critical apps, include them in disaster recovery and continuity planning.

Vendor Management: Apply the same vendor scorecard evaluations (performance, support quality, financial stability) as larger software suppliers. Embed ISV apps into all lifecycle stages — request, procurement, deployment, monitoring, renewal, and retirement.