The step-by-step methodology for counting every Salesforce licence layer, identifying shelfware, and building the evidence base that transforms your next renewal negotiation.
This guide is part of our Salesforce Licensing Guide 2026. See also: License Optimization Playbook | Platform License Deep Dive | Compliance and Audit Readiness.
Most enterprise IT leaders assume Salesforce licence management is straightforward: buy seats, assign them, and the platform enforces the cap. That assumption is dangerously incomplete. Salesforce licensing operates across four distinct layers, each tracked separately, each with different cost implications, and each susceptible to different forms of waste.
Organisations routinely discover they are paying for 20-30% more licences than they actually need. At Enterprise Edition list pricing of $175 per user per month, a company with 1,000 seats and a 25% waste rate is burning through $525,000 per year on licences that generate zero business value. That figure climbs further once you factor in Feature Licences, Permission Set Licences, and usage-based products like Marketing Cloud contacts or Data Cloud and Agentforce consumption credits.
| Layer | What It Controls | Examples | Financial Impact |
|---|---|---|---|
| Layer 1: User Licences (foundation) | Baseline product access for every user. Each user record requires exactly one User Licence | Salesforce (full CRM), Salesforce Platform (custom apps only), Identity Only (SSO), Customer/Partner Community | 70-85% of total contract value. Every seat eliminated or downgraded flows directly to savings |
| Layer 2: Feature Licences (add-on) | Access to specific capabilities not in the base User Licence. Toggled per-user as checkboxes | Marketing User, Service Cloud User, Knowledge User, Flow User, CPQ User | Frequently over-assigned during rollouts and never revisited. 30-50% commonly unused |
| Layer 3: Permission Set Licences (entitlement) | Granular entitlements extending functionality beyond User and Feature Licences. Assigned through Permission Sets | Sales Cloud Einstein, Salesforce CPQ, Pardot, CRM Analytics | High-value add-on products billed per-seat. Single unused CRM Analytics licence = $75-$150/user/month |
| Layer 4: Usage-Based Entitlements (consumption) | Metered resources pooled at org level, not per-seat | Data storage (GB), file storage (GB), API calls (daily cap), Marketing Cloud contacts, Experience Cloud logins, Agentforce conversations | Overage pricing is punitive. Additional data storage costs approximately $125/month per 500 MB |
The Company Information page shows assigned licences, not active ones. A licence assigned to a user who has not logged in for six months still appears as "Used." This is the single most common misunderstanding in Salesforce licence audits and why the Setup baseline is necessary but never sufficient on its own.
Navigate to Setup, then Company Settings, then Company Information. Scroll down to find three critical tables: User Licences, Permission Set Licences, and Feature Licences. Each displays Total Licences (purchased), Used Licences (assigned), and Remaining. Click View All and Download to export as CSV. This creates your Entitlement vs. Assignment matrix, the first of three comparison layers.
SOQL queries give you actionable detail: the ability to cross-reference licence assignments with actual login behaviour, user roles, and last activity dates. Execute in Developer Console, Workbench, or any connected API client.
| Query | Purpose | What It Reveals |
|---|---|---|
| SELECT MasterLabel, Name, Status, TotalLicenses, UsedLicenses FROM UserLicense ORDER BY UsedLicenses DESC | Complete User Licence inventory | Every licence type sorted by consumption. Watch for rows where UsedLicenses equals TotalLicenses (at capacity, next user triggers purchase) |
| SELECT MasterLabel, TotalLicenses, UsedLicenses, ExpirationDate FROM PermissionSetLicense WHERE TotalLicenses > 0 | Permission Set Licence utilisation | Over-provisioned add-on entitlements. Compare UsedLicenses against actual feature utilisation (e.g., 200 CRM Analytics assigned but only 45 users opened a dashboard in 90 days = 155 candidates for removal) |
| SELECT Profile.UserLicense.Name, COUNT(Id) FROM User WHERE IsActive = true AND LastLoginDate < LAST_N_DAYS:90 GROUP BY Profile.UserLicense.Name | Inactive user identification (the "money query") | Every active user who has not logged in within 90 days, grouped by licence type. Typically identifies 15-25% of assigned licences as candidates for deactivation or downgrade |
| SELECT Name, Username, Profile.UserLicense.Name, CreatedDate FROM User WHERE IsActive = true AND LastLoginDate = null | Users who have never logged in | Users provisioned during onboarding waves or migrations who never accessed the system. Purest form of shelfware: licences that never delivered any value |
Across hundreds of Salesforce advisory engagements, the 90-day inactivity query typically identifies 15-25% of assigned User Licences as candidates for deactivation or downgrade. For a 1,000-seat Enterprise deployment, that represents $315,000-$525,000 in annual recoverable cost before any licence-type optimisation.
SOQL queries are powerful for point-in-time audits but impractical for ongoing governance. For continuous monitoring, build a Custom Report Type using Users as the primary object with Profile lookup fields including User License Name and Total Licenses. Create a Summary Report grouped by User Licence with Active = True filter.
Extend with a Last Login Date bucketing approach: Active (last 30 days), Low activity (31-90 days), Dormant (91-180 days), and Inactive (180+ days or never). The dormant and inactive bands are your immediate optimisation targets. The Lightning Usage App (Setup, then Lightning Usage) provides complementary adoption metrics including daily active users and most-visited pages.
| Entitlement | Where to Check | What to Watch For |
|---|---|---|
| Data and file storage | Setup, then Data Management, then Storage Usage. Itemises consumption by object | Enterprise Edition: 10 GB base + 20 MB per user. For 500 users = 20 GB total. Configure alerts at 80% and 90% thresholds. Additional storage costs approximately $125/month per 500 MB |
| API call usage | Setup, then Company Information shows "API Requests, Last 24 Hours." REST Limits endpoint (/services/data/v60.0/limits) returns JSON with all metered resources | Exceeding API limits causes Salesforce to reject all API requests until window resets, halting integrations and mobile access. Identify runaway integrations consuming disproportionate calls |
| Experience Cloud logins | Query LoginHistory object filtered by user type, aggregate by calendar month | Exceeding contracted login count triggers true-up charges at next billing period. No native dashboard exists for this. Must be tracked manually via SOQL |
The single most valuable output of a Salesforce licence audit is a three-column matrix comparing what you bought, what you assigned, and what is actually being used. This document becomes your negotiation evidence, optimisation roadmap, and ongoing governance tool.
| Licence Type | Purchased (Contract) | Assigned (Setup) | Active Last 90 Days | Waste Rate |
|---|---|---|---|---|
| Salesforce (Enterprise) | 800 | 782 | 614 | 21.5% |
| Salesforce Platform | 200 | 143 | 98 | 51.0% |
| Service Cloud User (Feature) | 400 | 389 | 271 | 32.3% |
| CRM Analytics (PSL) | 150 | 148 | 47 | 68.7% |
| Total waste identified | $1.2M/yr | |||
The waste rate is calculated against purchased count, not assigned count, because you pay for every purchased licence regardless of assignment. The difference between purchased and assigned represents shelfware never deployed. The difference between assigned and active represents shelfware deployed but not used. Both are recoverable cost.
One of the highest-impact optimisation levers is identifying users who hold full CRM licences (Salesforce Enterprise at $175/user/month) but whose usage patterns indicate they only need a Salesforce Platform licence at a fraction of the cost.
| Downgrade Criterion | Detail |
|---|---|
| Does not create or update core CRM objects | Zero Opportunity, Lead, or Campaign record ownership and zero create/edit actions on those objects in the past 180 days. These are the core objects excluded from Platform licences |
| Usage limited to dashboards and custom objects | Primary activity is viewing dashboards, working with custom objects, or running reports on non-CRM data |
| Does not use advanced CRM features | No use of Forecasting, Territory Management, or Sales Console features |
A professional services firm with 1,200 Salesforce Enterprise licences identified 280 users whose sole Salesforce activity was viewing project dashboards and updating custom time-tracking objects. Migrating these users to Platform Starter saved $588,000 annually with zero impact on productivity, as none of the affected users required access to Opportunities, Leads, or Campaigns.
Feature Licences and Permission Set Licences are where "set it and forget it" provisioning creates the most insidious waste. These are typically assigned during initial setup based on role templates, then never revisited even when users change roles or stop using the associated functionality.
| Licence Type | Audit Method | Typical Waste Rate |
|---|---|---|
| Marketing User (Feature) | Query how many assigned users have created or modified Campaigns in past 90 days | 30-50% of assignments not justified by actual usage |
| Knowledge User (Feature) | Query how many have authored or edited Knowledge Articles | 30-50% typically unused |
| CPQ User (Feature) | Query how many have generated quotes | 30-50% unused |
| CRM Analytics (PSL) | Query PermissionSetLicense utilisation, cross-reference with dashboard access in past 90 days | Utilisation rates below 35% are common |
| Sales Cloud Einstein (PSL) | Check feature-specific usage reports against assigned PSL count | Gap between assignment and active usage is typically widest in this category |
Salesforce contracts, particularly SELAs and larger enterprise agreements, often include True-Up or True-Forward provisions. If usage exceeds contracted quantities at any point, Salesforce adjusts costs upward at the next billing period or renewal. Unlike traditional software audits, Salesforce compliance enforcement is largely automated through platform telemetry.
Salesforce account executives commonly use True-Up data as a negotiation lever during renewals. If your usage has at any point exceeded contracted levels, even temporarily during a migration, expect Salesforce to cite this as justification for maintaining or increasing licence counts. Your defence is a comprehensive, current-state audit demonstrating your normalised usage, not peak usage. Run your licence audit quarterly and maintain a rolling 12-month record.
| Quarterly Action | Detail |
|---|---|
| Re-run 90-day inactivity query | Compare results against previous quarter. Track trend direction. Are inactive counts growing or shrinking? |
| Update Entitlement vs Assignment vs Usage matrix | Refresh all three columns with current data. Document changes since last quarter |
| Review new Permission Set and Feature Licences | Identify any new PSLs or Feature Licences provisioned since last audit. Validate business justification |
| Check storage and API trends | Compare consumption against contracted entitlements. Identify approaching thresholds |
| Produce one-page summary for leadership | Document current utilisation rates, waste identified, and recommended actions for procurement and IT leadership |
| Integrate with HR offboarding | Verify Salesforce user deactivation within 24 hours of employee departure. Check Feature and PSL licences are also unassigned from inactive accounts. Configure SSO deprovisioning rules to automate |
Present your Entitlement vs Assignment vs Usage matrix to your Salesforce account executive alongside a specific reduction proposal. If your audit shows 800 purchased Enterprise licences with only 614 active in the past 90 days, propose reducing to 650 (with modest growth buffer). If 280 qualify for Platform downgrades, propose a split: 370 Enterprise plus 280 Platform.
Negotiate downgrade rights (10-15% annual reduction without penalty) and swap rights (exchange one licence type for another of equal or lesser value). Initiate your audit at least 4-6 months before your renewal date. Salesforce's fiscal year ends January 31, and sales teams are most receptive in Q4 (November-January). For detailed strategies, see our Salesforce Renewal War Room Checklist.
Organisations with multiple Salesforce orgs must execute the same methodology in every org separately, then consolidate into an enterprise-wide view. If two orgs each have 500 licences at 60% utilisation, consolidating into a single org of 600 licences eliminates 400 seats. Multi-org audits should also identify cross-org user duplication, AppExchange applications licenced separately in each org, and sandbox storage duplication. See our org consolidation analysis guide.
Setup, then Company Settings, then Company Information. Scroll to User Licences, Permission Set Licences, and Feature Licences tables. Each shows Total, Used, and Remaining. Click View All and Download to export as CSV for offline analysis.
SELECT Profile.UserLicense.Name, COUNT(Id) FROM User WHERE IsActive = true AND LastLoginDate < LAST_N_DAYS:90 GROUP BY Profile.UserLicense.Name. This groups all active users who have not logged in within 90 days by User Licence type, immediately revealing where unused licences are concentrated.
Every 90 days as a minimum. Quarterly audits catch seasonal fluctuations, offboarding gaps, and provisioning drift. Increase to monthly in the 6 months before a contract renewal to build the strongest negotiation evidence base.
Yes, for User Licences. Setting IsActive to false frees the licence and decreases the "Used" count. However, Feature Licences and Permission Set Licences assigned to the deactivated user may or may not be automatically released depending on type. Always verify manually.
"Used" means assigned; "Active" means actually logging in. A user can hold a licence (counted as Used) without ever logging in. Your audit must distinguish between these two states. The gap between them is your primary optimisation opportunity.
Yes. Salesforce retains contractual audit rights in its Master Subscription Agreement. While less audit-aggressive than Oracle or SAP, it uses True-Up and True-Forward provisions to enforce compliance, particularly at renewal. See our Audit Readiness Playbook.
Setup, then Company Information shows "API Requests, Last 24 Hours" with current and maximum. For trend analysis, use the API Usage Last 7 Days report in Classic, or call the REST Limits endpoint programmatically for real-time monitoring.
90 days is the industry standard starting point. Users inactive 90+ days should be flagged for review. Users inactive 180+ days should be deactivated unless there is documented business justification. Users who have never logged in should be deactivated immediately unless they are integration or system accounts.
Redress Compliance conducts comprehensive Salesforce licence audits for enterprise organisations, delivering documented utilisation analysis, shelfware identification, and renewal negotiation strategies. No Salesforce partnership. No referral fees. Fixed-fee engagement.
Salesforce Advisory ServicesIndependent Salesforce licence auditing. Shelfware identification. Renewal negotiation evidence. 100% vendor-independent, fixed-fee engagement.