Why 'One License Tier for Everyone' Wastes Money
Vendors sell licenses in tiers because access requirements genuinely vary — but procurement rarely buys that way. It's common for an admin renewing a contract to standardize the whole org on a single tier for simplicity: easier to negotiate, easier to provision, easier to explain. The tradeoff is invisible until someone looks at usage data.
When we run a User Utilization pass for a new engagement, the pattern is consistent: a small share of named users touch most of the platform's functionality, and a much larger share use a narrow, predictable slice of it — often the same 3-5 fields or 1-2 workflows, every time. Those users are frequently sitting on the same license tier as the power users, because no one has gone back and re-segmented the user base since the initial rollout.
This isn't a criticism of any single decision — it's what happens by default when license assignment isn't tied to a live usage model. Fixing it doesn't require negotiating a new contract; it usually starts with re-mapping who already has what, against what they actually do.
The Real Cost per User Formula
The number on your vendor invoice is not the real cost of a user. We calculate a fuller figure:
- Real Cost per User = License + Implementation + Administration + Support + Integration + Change Cost
Each component compounds the license line item:
- License — the recurring per-seat subscription fee itself, the only cost most organizations actually track.
- Implementation cost — the share of build effort (profiles, permission sets, page layouts, automation, custom objects) that exists specifically to serve that user's role, amortized across their tenure.
- Administration cost — the ongoing admin time spent provisioning, reviewing, and deactivating that user's access, plus periodic security and access reviews.
- Support cost — help desk tickets, training sessions, and enablement hours tied to the complexity of that user's role and permission footprint.
- Integration cost — the portion of integration build and maintenance that exists only because this user's workflows touch other systems.
- Change cost — the regression testing and rework required whenever a platform release or configuration change affects that user's specific setup.
A user on the top license tier who only ever touches a handful of fields is usually carrying a Real Cost several multiples higher than a right-sized license would justify — not because of the license line alone, but because the implementation, support, and change cost around them scale with the tier they're on.
The 7 User Segments Hiding Inside Your User List
Our User Utilization Agent classifies every named user into one of seven segments based on observed behavior, not job title. The segment — not the org chart — determines the license recommendation.
- Full power users — build, configure, and run the platform: creating automation, managing complex records across most objects, administering security. Example: a RevOps analyst building approval flows and territory rules. Recommendation: keep these on the full platform license — this is where the top tier is genuinely earned.
- Limited operational users — do real transactional work every day, but inside a bounded set of objects and screens: updating opportunity stage, logging activities, processing orders. Recommendation: map to a role-based or limited-function license rather than the top tier — most vendors offer one, and it's rarely assigned by default.
- Approval-only users — their entire footprint is approving or rejecting a request: a discount threshold, a purchase order, a contract redline, often a few minutes a week. Recommendation: route through delegated or email/portal-based approval where the vendor supports it, instead of a full named seat.
- Reporting-only users — view dashboards and reports but never create or edit a record. Example: a finance lead checking pipeline coverage monthly. Recommendation: move to a read-only or viewer tier, or surface the same data through a shared dashboard or BI tool instead of a full seat.
- Occasional users — log in a handful of times a quarter for a narrow, specific purpose, such as an HR reviewer pulling a record during an audit. Recommendation: question whether a persistent named-user license is needed at all, or whether the task can be handled by an existing user on their behalf.
- External users — partners, contractors, or customers who need narrow, specific visibility: a partner tracking deal registration, a customer checking case status. Recommendation: use approved external experiences (partner or customer community/portal licenses) built for exactly this pattern, rather than full internal seats.
- Automated users / system actions — integration accounts, service users, and bot/RPA accounts executing scheduled syncs or triggered workflows with no human behind the login. Recommendation: match these to the vendor's integration or API-only license type where one exists, and consolidate redundant integration accounts where the vendor agreement allows it.
The Per-User Dimensions We Score
Segmentation isn't a guess — it's built from a per-user analysis across several usage dimensions, pulled directly from platform logs and configuration data:
- Login frequency — how often, and on what cadence (daily, weekly, quarterly, never).
- Features used — which modules, objects, and functions the user actually opens versus what their license entitles them to.
- Records accessed — volume and type of records viewed, created, or edited, and whether that footprint fits inside a narrower object set.
- Workflows completed — which automated processes the user triggers, participates in, or approves.
- Approval actions taken — whether the user's system role is limited to approve/reject decisions.
- Integration touchpoints — whether the user's activity flows through connected systems, and how much of that is really their own action versus an automated pass-through.
- Access recency and permission drift — permissions granted but never exercised, often left over from a prior role.
Each user gets scored across these dimensions and mapped to one of the seven segments above, with a recommended license tier attached.
From Segmentation to a Right-Sized License Mix
The output of a User Cost Optimizer pass is not a spreadsheet of guesses — it's a per-user recommendation: current license, recommended license, and the usage evidence behind the change. Your dedicated Forward Deployed Engineer and the License Optimization Agent then validate every recommendation against your actual vendor agreement, contract minimums, and platform rules before anything is proposed for change — some tiers have bundling requirements, minimum seat counts, or feature dependencies that only your specific contract will show.
Because this comes from AI agents working continuously against live usage data rather than a one-time audit, the recommendation set updates as usage changes — not just at renewal time.
Want to see what this could look like against your own user counts and platform mix? Run the numbers in the Savings Calculator to get an illustrative, estimate-based range before any engagement begins.
PartnerMCP recommendations are designed to comply with applicable vendor terms, product limitations, security requirements, and customer agreements. Final licensing decisions should be validated against the relevant contract and vendor documentation.
Frequently asked questions
Is this just a license audit?
Will right-sizing a user's license change what they can do in the system?
How is this different from the reports my vendor already gives me?
Does this only work for Salesforce?
We already tried to right-size licenses once. Why would this be different?
How quickly can we see our own numbers?
Related reading
Cost & Architecture Review
See what this looks like for your stack
Run the numbers on your own users, licenses, and workflows, or talk to a Forward Deployed Engineer about where the cost is actually coming from.