Salesforce license management: what IAM teams miss about access

TL;DR: Salesforce license management is not just a cost problem, because over-provisioning, weak role alignment, and delayed revocation can leave users with more access than they need, according to Zluri. The operational lesson is that license administration is an identity governance issue, not a procurement afterthought.

NHIMG editorial — based on content published by Zluri: SaaS Management Salesforce License Management: Challenges & Best Practices

By the numbers:

• 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
• 5.7% of organisations have full visibility into their service accounts.
• 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.

Questions worth separating out

Q: How should security teams govern Salesforce licences as part of IAM?

A: Treat Salesforce licences as access entitlements, not just software purchases.

Q: Why do unused SaaS licences create security risk?

A: Unused licences often indicate stale access paths that nobody is actively governing.

Q: What breaks when Salesforce licence reviews are manual?

A: Manual reviews miss role changes, dormant users, and renewal deadlines.

Practitioner guidance

• Align Salesforce licences to role definitions Review every licence class against current job functions, not historic assignments.
• Connect renewal reviews to access recertification Pair contract renewal dates with identity reviews so expiring or redundant licences are assessed before renewal, especially for users who changed roles or left the organisation.
• Use usage telemetry to reclaim dormant access Track last login, feature consumption, and inactive users, then reclaim entitlements when the access is no longer justified by observed use.

What's in the full article

Zluri's full blog post covers the operational detail this post intentionally leaves for the source:

• A breakdown of the specific Salesforce licence categories and the capabilities attached to each one.
• Practical examples of how Zluri discovers users and tracks last access across the Salesforce estate.
• Details on reclaiming or reallocating licences for ex-employees and inactive users.
• Platform-specific usage visibility and optimisation workflows that support renewal decisions.

👉 Read Zluri's analysis of Salesforce license management challenges and best practices →

Salesforce license management: what IAM teams miss about access?

Explore further

View Full Forum →  |  NHI Foundation Course →