Services All Services HubSpot Platinum Partner HubSpot Implementation Revenue Operations GTM Strategy CRM Migration Marketing Operations AI Consulting for GTM AI & Automation AI Finance Ops Programmatic Outbound VC Portfolio Support
Insights About Team Case Studies Berlin Contact Book a call
← All Insights
RevOpsSalesforcemethodologyGTM Strategy

The Salesforce license audit nobody wants to do (and the negotiation it unlocks)

Renewal letters frame the conversation as price. The pre-renewal audit reframes it as scope, and that is where the savings actually live.

Noah CharakBy Noah Charak · Managing Director · 2026-02-09 · 7 min read

Every year, sixty to ninety days before renewal, the same letter shows up. The price has gone up. The product mix has shifted. There is a new agent tier you should consider. The conversation is framed as a price discussion. Most revenue leaders treat the letter as the starting gun. It is not. By the time the letter arrives, the negotiation is mostly over, the leverage was supposed to be built in the ninety days before, and almost no one builds it. This is the audit nobody wants to do, and it is the only one that meaningfully moves the renewal number.

Why this matters now

Salesforce pricing has gotten harder, not easier, to read. SaaStr's Jason Lemkin documented it in plain dollars last year, his team cut human Salesforce users from ten-plus down to two, yet their annual bill went up roughly 83% because their AI agents now use the platform far more than humans ever did (SaaStr, 2026). The seat-count line is no longer the only line that matters. Service licenses, integration platform tiers, sandbox add-ons, community seats, and agent capacity all sit on the same invoice, and most of them never get re-scoped between renewals. The discount you can negotiate on price alone is small. The discount you can negotiate by removing whole product lines is not.

The renewal-letter problem

The renewal letter is a price conversation by design. It quotes a percentage uplift on last year's contract, references a few new SKUs, and asks for a signature inside a fixed window. The conversation it invites is narrow: how much of the uplift can the vendor give back. The wider one, what scope are we paying for, and what scope do we still need, is the one the vendor would prefer you do not have. The pre-renewal audit forces it.

The diagnostic is simple. Look at last year's contract line by line: sales licenses, service licenses, platform licenses, integration platform tiers, sandbox tiers, community tiers, agent capacity, premier support. For each line, answer two questions, who is using this, and what would change if we cut it in half. If you do not know the answer to either, that line is a candidate for the audit pile.

Three categories of seat, active, passive, ghost

The Salesforce seat audit splits user licenses into three buckets. The buckets matter because the negotiation move is different for each one.

Active seats

Logged in within the last thirty days, used a core feature, tied to a named role on a current org chart. These are the seats you keep. The active count is what you anchor the next contract to.

Passive seats

Logged in within the last ninety days but barely. Read-only behavior, occasional dashboard view, no record creation or edit. Often these are exec or finance seats that could be downgraded to a platform license, a read-only license, or removed entirely with no operational impact. Most mid-stage instances carry between fifteen and thirty percent passive.

Ghost seats

No login in ninety days, or assigned to a former employee, or assigned to a sandbox user that was never deprovisioned. These get cut. The ghost number is the easiest line item in the audit and the one where the team most often surprises itself. A serious audit on a brownfield Salesforce instance routinely finds ghost rates north of ten percent of the paid seat count.

The integration platform and the cost-of-staying calculation

The Salesforce-adjacent integration platform tier is the audit's biggest single lever and its most-deferred decision. The pattern is consistent: a team bought the tier two or three years ago to solve a specific integration: an ERP handoff, a billing sync, a data warehouse pipe, and the integration was either built and quietly retired, replaced by a cheaper iPaaS, or never finished. The line stayed on the contract because nobody owned the question of whether it should.

The right diagnostic is a cost-of-staying calculation. List every active integration on the platform. For each one, document what it does, who depends on it, and what migrating it to a leaner alternative would cost, a HubSpot operations bundle, a Zapier flow, a serverless integration. If the migration cost across all active integrations is meaningfully lower than the next year's platform tier, the platform is a sunset candidate.

The 90-day pre-renewal audit playbook

The audit is straightforward in shape and unforgiving in discipline. The team that says "we will look at it before renewal" never does. The team that puts a ninety-day window on the calendar does.

Three workstreams run in parallel. First, the seat audit: pull login logs, classify every user license against the active / passive / ghost frame, name each downgrade or delete decision. Second, the product audit: every non-seat product on the contract gets owner-mapped and use-cased. Third, the integration audit, every pipe, every API consumer, every sandbox add-on. The output is a single spreadsheet that fits on one screen and tells you exactly what scope you want next year, independent of price.

When to use the audit as a switch threat (and when not to)

The audit is leverage on its own. The audit plus a credible alternative is more leverage. The audit plus an empty switch threat is less leverage than the audit alone, the moment the vendor's account team realizes the threat is performative, the position collapses.

The honest test: would you actually run the migration this year if the renewal came back unchanged. If yes: a HubSpot, Microsoft Dynamics, or Pipedrive migration is genuinely scoped, costed, and on the roadmap, then naming it in the renewal conversation is fair. If no, name the audit and let the audit do the work. Harvard Business Review's foundational piece on negotiating with powerful suppliers makes the same point in different language, the leverage that survives a sophisticated counterparty is the one you can actually exercise (HBR, 2015). Bluffing into an account team that has run a thousand of these conversations is a losing trade.

Pattern from the field

A DACH wealth-management firm came into a renewal cycle facing a roughly fifty-euro per-seat increase. The instinct was to push back on the per-seat number. We ran the pre-renewal audit instead. The audit surfaced an integration-platform tier that had been carrying a single integration for eighteen months, replaced internally by a leaner pipe and never deprovisioned. It surfaced two service licenses that no human had logged into in ninety-plus days. It surfaced a customer-community tier, priced per registered user, that had quietly inflated as the support portal grew, a basic experience-cloud SKU change would re-price it at a fraction. None of these were headline numbers on their own. Stacked, they were larger than the proposed uplift. The renegotiated contract landed below the prior year's number, not above it. The conversation was about scope, not price. The audit was the leverage.

Resolution, the pre-renewal playbook

For any team headed into a Salesforce renewal in the next two quarters, the playbook is the same:

  1. Open the ninety-day window. Put the audit on the calendar before the renewal letter arrives. After the letter is the wrong moment, the vendor controls the timeline from there.
  2. Pull the login logs and classify every user license. Active, passive, ghost. Put a name on every downgrade or delete decision. The ghost number alone usually pays for the audit.
  3. Owner-map every non-seat product line. Service licenses, platform licenses, sandbox tiers, premier support, community seats, agent capacity. Each line gets an owner and a use case. Lines without either are removal candidates.
  4. Run the integration-platform cost-of-staying calculation. List every active integration, cost each migration alternative, decide whether the platform tier is a sunset.
  5. Decide the switch question honestly. Either commit a credible migration to the roadmap or do not name one. Do not bluff a sophisticated account team.
  6. Send the post-audit ask in writing. A specific, line-itemed counter-proposal that names the scope you want, the seats you are keeping, and the products you are removing. The vendor's discount conversation gets framed against your scope, not theirs.
  7. Re-run the audit annually. Brownfield instances accrete licenses the same way they accrete custom properties: quietly, between renewals.

If you do these seven things, the renewal conversation is short and the discount is real. If you skip them, the discount is whatever the account team decides to give you, which is the discount the renewal letter already priced in.

Where Checkpoint comes in

Salesforce license audits are most of the inherited-stack work we run at Checkpoint. Pre-renewal audits are scoped, line-itemed, and delivered with a written counter-proposal. If your renewal window is inside the next two quarters, the audit is the conversation worth having now.

Sources

Noah Charak
Noah Charak
Managing Director

Founder of Checkpoint GTM. 15 years of Revenue and Business Operations across the Berlin start-up scene, with 65+ transformation projects delivered. CRM architecture and RevOps specialist, certified in Salesforce and HubSpot.

LinkedIn

Share this article

Share on LinkedIn Share on X

Related insights

Discovery, Design, Build, Launch, Optimize: the implementation arc that doesn't skip a phase

RevOpsmethodologyHubSpotGTM Strategy
Noah CharakNoah Charak

The five-phase Checkpoint methodology: Discovery, Design, Build, Launch, Optimize, is the load-bearing skeleton of any HubSpot implementation. The predictable failure mode is compressing Discovery, a week of conversations gets misread as alignment, Design lands on an unstable schema, and Build re-litigates decisions that should have been signed off in week two.

2026-03-30 Read more

Who owns what: the HubSpot implementation rubric that survives the first month

RevOpsHubSpotmethodologyGTM Strategy
Noah CharakNoah Charak

Most stalled HubSpot implementations are not technical failures, they are ownership failures. The rubric Checkpoint runs assigns one controlling owner across the project, named domain owners across marketing, CRM, external data, service, and reporting, and a short approver list with a defined response window. With it in place, the third-week disagreement over a property is a fifteen-minute decision, not a meeting series.

2026-03-23 Read more

RevOps for VC portfolios: the support model that scales beyond one-off interventions

RevOpsVC PortfolioGTM Strategymethodology
Noah CharakNoah Charak

Platform teams at venture funds inherit messy HubSpot instances across a dozen portfolio companies, then try to fix them one at a time. The support model that compounds is a single 90-minute audit template: pipeline definitions, lead source attribution, marketing-contact accounting, renewal hygiene, run identically across the portfolio, with interventions matched to one of four problem categories rather than to the company.

2026-03-09 Read more