Menu
Home Features Pricing Resources FAQ Docs Contact Book demo
Features

Everything a team needs to recover Salesforce seats safely.

Built for Sales Ops and Business Ops teams who need to control the harvest strategy without writing Apex. Connects to the ITSM platform you already run.

ITSM Connectivity

Plug license harvesting into the workflow your IT team already runs.

Instead of a standalone email approval process, License Reclaim can open a ticket directly in your ITSM platform and listen for the decision via signed webhook. No middleware, no Zapier, no ETL — just native Salesforce Apex talking to your toolchain.

ServiceNow
  1. 01 LR creates an ITSM Request via REST API
  2. 02 Assignment group routes to IT Ops or HR Ops
  3. 03 Agent resolves ticket — tags lr_keep or lr_downgrade
  4. 04 ServiceNow fires outbound REST to LR webhook
  5. 05 Salesforce applies decision and logs the outcome
REST API v2Assignment groupsOutbound REST webhookResolution tags
Jira Service Management
  1. 01 LR opens a JSM request via REST API
  2. 02 Automation rule fires on issue creation
  3. 03 Agent resolves — adds lr_keep or lr_downgrade label
  4. 04 JSM Automation POSTs to LR webhook on close
  5. 05 Salesforce applies decision and logs the outcome
REST APIJSM AutomationLabel-driven webhookCustom request types
Serval
  1. 01 LR detects inactive user, opens a Serval ticket via API
  2. 02 Serval notifies the end-user and routes to manager for approval
  3. 03 Manager records decision — Keep, Revoke, or Downgrade
  4. 04 Serval fires HMAC-signed webhook to LR_ServalWebhookResource
  5. 05 Salesforce applies decision (including license downgrade) and logs the outcome

Serval is the only provider that supports a three-way decision: keep the seat, revoke it entirely, or downgrade to a lighter license type — all from a single ticket.

Signed webhookKeep / Revoke / DowngradeEnd-user notificationManager approval
Freshservice
  1. 01 LR opens a ticket via POST /api/v2/tickets
  2. 02 Freshservice Automator fires on ticket creation
  3. 03 Agent resolves — adds lr_keep or lr_downgrade tag
  4. 04 Automator sends X-Freshservice-Signature webhook on close
  5. 05 Salesforce applies decision and logs the outcome
REST API v2Freshservice AutomatorSigned webhookTag-driven routing

Also compatible via generic webhook integration: ManageEngine ServiceDesk, Flexera, and Zluri. Contact us to connect your platform →

How decisions flow back. When an ITSM agent resolves the ticket, your platform fires a webhook to a public Apex REST endpoint inside your Salesforce org. License Reclaim verifies the signature, reads the resolution tag (lr_keep or lr_downgrade), and applies the corresponding action — all within the existing approval workflow, with a full audit event logged automatically.

Built for operations teams

Sales Ops and Business Ops own the harvest strategy — not IT.

Most license governance tools require a Salesforce admin to run every reclaim cycle. License Reclaim puts the configuration in the hands of the people who understand the business: per-policy controls that let operations teams set the approach, the thresholds, and the approval channel without writing Apex or opening a support ticket.

Execution path

Send manager emails, open an ITSM ticket, or both — configured per policy so high-value teams use ITSM and seasonal workers use email.

Inactivity threshold

Set the number of days without login per policy. Different license types can carry different thresholds — Sales Cloud seats vs. Service Cloud seats, for example.

License type filters

Target specific license types for each policy run. Exclude Chatter, Platform, or Experience Cloud licenses that carry different savings profiles.

Grace period length

Set how long a frozen user has to appeal before permanent deactivation. Some teams want 7 days; compliance-sensitive orgs want 30.

Auto-freeze on timeout

If a manager doesn't respond within your SLA, the policy can auto-freeze the user or hold for manual review — your call.

Dry-run toggle

Activate dry-run mode per policy. Run the full pipeline — scans, cases, simulated emails, ITSM tickets — without touching a single User record.

Typical rollout for a 500-seat org

Week 1 — Dry-run with your largest license bucket. Review the flagged users and tune the threshold. Week 2 — Go live on email approval. Week 3 — Connect Jira or ServiceNow so IT Ops handles the queue in the tool they already use. By month 2, reclamation runs on autopilot with zero admin intervention.

Start a trial
What's in the box

Everything a team needs to run this at scale.

🔗

ITSM Connectivity

Native connectors for ServiceNow, Jira Service Management, Serval, and Freshservice. LR raises tickets and listens for signed webhook callbacks — no middleware, no Zapier, no ETL.

🎛️

Per-policy harvest controls

Sales Ops and Business Ops teams configure each reclaim policy independently — execution path, thresholds, grace period, auto-freeze behavior — without touching Apex.

🧪

Dry-Run Mode

Run the entire pipeline against real users without touching a single account. Cases are created, emails are simulated, ITSM tickets are opened in a test mode, no DML on the User object.

🔐

HMAC-signed approval links

Each manager-decision URL is signed with a per-org SHA-256 HMAC, single-use, time-bounded. No session required — works from any email client.

📊

CFO savings dashboard

Annualized run-rate, YTD savings, top departments by reclaim volume. Reversed (reactivated) events net out automatically — the number you see is the number you really saved.

🔔

Slack & Teams notifications

Configure a webhook URL per policy. Every freeze, deactivation, or reactivation posts to your channel. Optional — off by default.

📜

Append-only audit trail

Every approval click, freeze, deactivation, and PSL-unassign is recorded in the application. Inline justification field for managers. Compliance-friendly.

🛑

Global kill switch

One toggle in Setup halts all freezes, deactivations, and emails immediately — mid-cycle, mid-batch, doesn't matter. Reactivate with one click when ready.

Defense in depth

Ten checks before any user is flagged.

The integration users, the API users, the queue owners, the sysadmins — none of them get auto-deactivated. License Reclaim runs every candidate through ten orthogonal safety checks, blocks on red flags, warns on amber.

Exemption permission setusers assigned to a per-policy exemption set are skipped.
Recent record activitycatches API-only users who never log in but actively touch records.
LoginHistory cross-checkcatches login methods that don't update LastLoginDate (some SSO patterns).
Open record ownershipwarns if user owns active Opportunities, Cases, or Leads.
Queue membershipwarns if user is in a routing queue.
Public group membershipwarns if removing the user breaks group-based sharing.
System Administrator profilesysadmins are never auto-reclaimed. Hard block.
Scheduled job ownerwarns if user owns active CronTriggers; reassign before deactivate.
Chatter-only licensehandled differently from full Salesforce seats; no $ savings.
Likely-integration heuristicusernames like integration@…, api-…, svc-… are blocked.
Architecture

100% on-platform — with optional ITSM callouts.

The entire pipeline runs in Apex batch + queueable; the UI is Lightning Web Components. When ITSM Connectivity is enabled, outbound callouts create tickets in your provider — all inbound decisions return via signed webhooks to a public Apex REST endpoint inside your org. No middleware sits between Salesforce and your ITSM platform.

Where it runs

Apex batch + queueable inside your Salesforce org. No external compute, no proxy tier.

Where data lives

Standard Salesforce objects + a small set of custom LR objects. No external database.

Outbound traffic

Only what you enable: ITSM ticket creation, Slack/Teams notifications. Each is opt-in per policy.

Need the deeper architecture write-up for your security team? See the security review →

Ready to see License Reclaim in your org?

30-day trial. Managed package install in five minutes. ITSM connector setup in another ten.

Start a trial Book a demo