JIT License Pool automatically detects inactive users, reclaims their licenses, and reassigns them on demand — from your portal or with a single /sf-get in Slack, Teams, or Google Chat. Every seat stays productive. Every dollar is accounted for.
1 Industry reports put idle Salesforce licenses at 20–35% (Zylo, 2025 SaaS Management Index). * Illustrative — your actual savings depend on your org; see the calculator below for assumptions.
Industry reports put idle Salesforce licenses at 20–35% — roughly 1 in 4 seats paid for but unused. At $165/user, that's a silent drain most companies never notice — until now.
JIT License Pool runs in the background, continuously optimizing your license pool without disrupting active users.
Link JIT License Pool to your Salesforce org via OAuth in minutes. We only read the user and license data needed to manage your pool — never your CRM records — and the only thing we write back is activating or deactivating a user.
We track last-login dates across every user. You set the inactivity threshold — default is 30 days.
Inactive users are automatically deactivated in Salesforce, freeing their license back into the pool.
Request a seat in chat or the portal and it's live in seconds — auto-reclaiming an idle seat if the pool is full. ◷ Roadmap: smart auto-reassignment the moment a seat frees.
Flag any user as an exception — senior staff, executives, power users — and JIT License Pool will never touch their license, regardless of activity.
If a Salesforce admin activates a user directly in Salesforce outside of JIT License Pool, we detect it in minutes, fire an alert, and log the event to your audit trail. Your license governance is enforced — even when someone tries to go around it.
No portal login required. No IT ticket. One slash command in Slack, Teams, or Google Chat — and the license is live in seconds.
/sf-get · /sf-remove · /sf-info — request access, release a license, or check pool status without leaving your chat app.
Unrecognised users trigger an admin approval email — one click to grant or deny. Auto-approve mode available for trusted workspaces.
Every inbound command is verified against a platform-specific HMAC-SHA256 signature with a 5-minute replay window. No spoofed requests.
Chat commands are first-class citizens in your audit log — who ran it, from which platform, what happened, and when.
Set a future date — or a precise time — and the action queues automatically. Salesforce access is created or removed at exactly the right moment, with no one needing to remember to do it.
Adjust the sliders to match your org. We'll calculate your savings in real time using current Salesforce list pricing.
⚠️ Fixed licenses belong to users who will always need access — executives, power users, integration accounts. JIT License Pool will never reclaim these seats. This is a percentage of your total license count.
Savings are estimates based on Salesforce published list prices and a 25% inactivity assumption. Actual savings vary by org. JIT License Pool fee does not include Salesforce licensing costs.
The calculator estimates your savings. Once you're connected, your dashboard tracks the real thing — seats reclaimed this month, estimated savings at your own per-seat price, and pool utilization over time.
Illustrative dashboard. Savings shown = seats reclaimed × (your annual per-seat price ÷ 12).
A flat monthly platform fee plus a variable fee (12–15% of your Salesforce license cost) across pool-managed licenses. No hidden markups. No per-seat guesswork.
Connects via OAuth 2.0 (Authorization Code + PKCE). We never see or store your Salesforce password — only an encrypted refresh token.
All Salesforce credentials are encrypted at rest using AES-256-CBC. Keys are never logged or returned to clients.
Every action is logged with timestamp and actor — plus we ingest Salesforce's own config/permission changes (Setup Audit Trail) and login history (logins, failures, source IPs) into exportable Access & Compliance reports. Includes bypass detection when someone activates a user directly in Salesforce.
Grant or release Salesforce licenses with a single slash command in the chat app your team already uses. No portal login needed.
Your team signs in with single-use magic links — no passwords to phish or reuse. Sessions regenerate on login and lock out after repeated failed attempts.
Export or erase all data tied to a person on request, and fully remove a tenant's data on offboarding — so data-subject and right-to-erasure requests are a button, not a project.
The things Salesforce admins and security teams actually ask.
No. Only users who pass your inactivity threshold (default 30 days — you set it) are reclaimed. Exception users like executives and integration accounts are never touched, and active or recently-active users keep working without interruption.
We read only what's needed to manage licenses: user names, emails, last-login dates, profiles, and license types — never your CRM records (accounts, opportunities, cases). That's stored as a synced snapshot in our database, encrypted at rest. The only thing we ever write back to Salesforce is User.IsActive — on or off.
You authorize a Connected App on your own org via OAuth 2.0 (Authorization Code + PKCE). We store only an encrypted refresh token — never your Salesforce password. Your admin can revoke our access from inside Salesforce at any time, and it's gone immediately.
Connect via OAuth and you're live in under an hour. We'll run a free savings audit first, so you see exactly how many seats are idle before you commit to anything.
Every tenant query is scoped by tenant_id at the data layer, so one customer's users, licenses, and audit logs aren't returned to another — enforced in the data layer, not just hidden in the UI. Salesforce credentials are AES-256 encrypted at rest and never returned to the browser.
Yes. It's built with SOC 2-aligned access controls and produces audit evidence that maps to common criteria — CC6.1–6.3 (least-privilege, timely deprovisioning, documented access changes) and CC7.2. It also pulls Salesforce's own Setup Audit Trail (config & permission changes) and Login History (logins, failures, source IPs) into exportable Access & Compliance reports — and retains them past Salesforce's own ~180-day/6-month windows. It supports your audit with clean, exportable evidence; it isn't a substitute for your own certification.
A flat monthly platform fee plus a variable fee (12–15% of your SF license cost) on pool-managed seats only — always-on fixed seats are never charged the variable fee. Month-to-month, cancel anytime. Reclaim seats and your variable fee goes down, because the managed count drops.
JIT License Pool is a live product in early access. You won't get a logo wall of strangers — you'll get direct access to the people who build it, hands-on onboarding, and real influence over what ships next.
Tell us about your Salesforce setup and we'll put together a custom savings estimate — and get you set up in under a day.