Frequently asked questions.

No. License Reclaim is a managed package that runs entirely inside your org. The only outbound traffic is the optional Slack/Teams notification webhook and the optional ITSM connector webhooks (which you configure and control). User records, login history, and audit logs never leave your Salesforce tenant.

A minimal permission set that grants read access to User, LoginHistory, and the License Reclaim custom objects, plus write access to the LR objects and the User object (for the freeze/deactivate actions). The package ships with a recommended permission set you can review before install.

Each link is signed with a per-org SHA-256 HMAC, is single-use, and expires after a configurable window (default 72 hours). The signing key never leaves your org — it lives in protected custom metadata.

Yes — a single Setup toggle halts every freeze, deactivation, and outbound email mid-cycle. Reactivate when ready; in-flight Apex jobs check the flag before they touch a User record.

About 5 minutes for the package install plus 15–30 minutes for first-policy configuration. Most orgs run their first dry-run scan within an hour of install.

No. License Reclaim is built to be configured by a Salesforce admin without consultant help. The setup wizard walks through threshold selection, safety check toggles, and the first reclaim policy.

Yes — install the same package, point it at a sandbox, and run dry-run mode to validate the pipeline against production-shaped data without touching any User records.

Yes. Dry-run mode runs the full pipeline — scans, safety checks, case creation, email simulation, ITSM ticket simulation — without any DML on the User object. You see exactly which seats would be touched.

ServiceNow, Jira Service Management, Serval, and Freshservice. All four are covered by a single ITSM Connector Pack add-on — no per-platform licensing.

Yes — configure each reclaim policy independently. High-value teams can use ITSM tickets while seasonal workers use email approval. Or use both for the same policy to maintain a single record of decisions.

Reach out — the connector framework is platform-agnostic, and we add new providers based on customer demand. In the meantime, you can post a webhook URL to your own integration tier and bridge to your tool.

Each provider uses its own signature scheme — HMAC-SHA256 for ServiceNow and Freshservice, signed JWT for Serval, IP allowlist + token for JSM Automation. The webhook resource verifies the signature before applying the decision.

No. License Reclaim is priced per-org. Adding users to your Salesforce instance does not change what you pay.

Yes — 30 days, no credit card. Request a claim code on the contact page and we'll email you the install URL plus a one-time activation token.

Yes. Get in touch and we'll talk through the right tier and discount structure for your organization.

The scanner is batchable and respects SOQL/DML governor limits. Large orgs (50k+ users) are scanned across multiple Apex batches with chained queueables. If a batch fails, the orchestrator retries with exponential backoff and surfaces the failure as a case.

Three layers: a per-policy exemption permission set, a username heuristic (usernames like integration@, api-, svc-), and an active-record-owner check (integration users typically own active records). System Administrator profile is a hard block — sysadmins are never auto-reclaimed.

Each deactivation is logged in LR_DeactivationLog__c with the original user state. From the LR setup screen, a one-click reactivation restores the user and reverses the savings event.

Yes. License Reclaim only acts on users that aren't already deactivated or frozen by other processes. If a manager-driven offboarding flow is already running for a user, License Reclaim respects that and skips them.