License Utilization: The 60-Day Rule for Cutting SaaS Seats

Why simple utilization metrics mislead

Most SaaS management platforms advertise utilization rates that are functionally just SSO authentication rates. A user who logs in once a quarter via SSO to dismiss a notification will appear 'active' on most dashboards. A power user who batches their work in a non-SSO admin console may appear 'inactive.' The result: dashboards systematically overstate utilization for casual users and understate it for power users — usually by a factor of 2x or more on each side. Cutting seats based purely on auth metrics is how teams lose senior people's tools while keeping shelfware for departed employees.

The right metric is a layered one. Start with authentication (SSO logs) as a floor signal, layer in product-level activity (created an artifact, ran a query, sent a message) as the primary signal, and layer in outcome attribution (did the work this user produced get used by anyone else) as a tiebreaker. Each layer cuts the false-positive rate of the previous one.

How to source each layer

• Authentication: IdP logs (Okta System Log, Google Workspace Reports, Entra Sign-Ins). Universally available, near-real-time, but only authentication.
• Activity: vendor admin export or usage API. Salesforce login history + edit history; Notion API page-edit logs; Datadog admin user activity; Jira issue create/edit timestamps. Patchy across vendors, but high-signal where available.
• Outcomes: domain-specific. For a CRM, opportunity-stage transitions attributable to a user. For a docs tool, pages edited that were viewed by ≥5 other people in the last 30 days. For a BI tool, dashboards that have been viewed in the last 90 days. Hardest to instrument; most defensible when you can.

Every SaaS management platform shows you a utilization percentage. Almost none of them measure utilization correctly. The wrong metric leads to the wrong decision — usually cutting seats from a power user who logged in once last quarter, or keeping seats for someone who hasn't done meaningful work in the tool in six months. Here's how we measure it.

The three layers of utilization

Layer 1 — Authentication

'Did the user log in?' Sourced from the IdP. Useful as a baseline, useless as a value signal. A user who logs in via SSO every morning to dismiss a notification has the same authentication signature as one who's actually working in the tool.

Layer 2 — Activity

'Did the user perform an action?' Sourced from the product itself, where available. Created a ticket, ran a query, sent a message, viewed a dashboard. The distinction between 'logged in' and 'created a ticket' is usually the difference between a 90% utilization claim and a real 40%.

Layer 3 — Outcomes

'Did the user produce something the company depends on?' Hardest to measure, most valuable when you can. A Looker user who built two dashboards last quarter is high-value at 1 login/week. A Salesforce user with 200 logins and zero pipeline activity is shelfware.

The 60-day rule

Before recommending a seat cut, the user should fail two of three tests over the prior 60 days:

1. No SSO authentication in the past 60 days, OR
2. No product activity (action, write, query) in the past 60 days, OR
3. No outcome attributable to their work (dashboard, ticket, deal stage moved) in the past 90 days.

Two of three is usually a defensible cut. Three of three is unambiguous. One of three with the others healthy is often a power user with a different working pattern — leave them alone.

Categorical exceptions

• Compliance and security tools (1Password, Vanta, audit logs): every employee needs a seat regardless of activity.
• Read-only seats on knowledge tools (Confluence, Notion): low activity is the design, not a problem.
• Seasonal-use tools (tax, planning, hiring): measure across the relevant cycle, not the prior 60 days.

Anti-patterns we see

• Cutting seats from a list of 'inactive' users without checking the activity layer. You will cut a power user every time you do this.
• Cutting seats mid-term despite a no-reduction floor. The contract takes precedence; identify cuts continuously, execute at renewal.
• Ignoring categorical exceptions. Compliance tools, read-only knowledge access, and seasonal-use tools fail one or two of the three tests by design.
• Treating utilization as an end in itself. The point is contract leverage; if you can't translate the utilization data into a counter-offer, you're measuring for measurement's sake.

A worked example

A 410-person SaaS company audited 2,847 paid seats across 12 high-spend tools in early 2025. The IdP-only utilization view (anyone who logged in within 60 days = active) showed 91% utilization — apparently healthy. Adding the activity layer (action performed in the tool) dropped real utilization to 68%. Adding the outcome layer (created or modified an artifact within 90 days) dropped it again to 51%.

Applying the 60-day rule strictly (fail two of three) and excluding categorical exceptions, the company recommended cutting 212 seats across the 12 audited tools — about 7.4% of the total. Annualized recovery: $187K, executed at the next renewal cycle for each contract. Notably, three users flagged in the cut list turned out to be senior engineers using read-only Confluence access — the categorical exception saved them from being cut.

Sources and further reading

• Productiv 2024 SaaS Utilization Index — multi-layer utilization measurement methodology.
• Forrester TEI for SaaS Management — quantified savings from utilization-based seat reduction.
• Internal RenewalPad data: 47 seat-utilization audits across 2023–2025.

Frequently asked questions