The questions people ask before they run their first audit.

Every seat is scored against deterministic rules, last login, last meaningful action, premium-feature usage, duplicate coverage in another tool. Each verdict (Green / Yellow / Red) shows the exact signal that triggered it, so you can defend the call before you revoke. No probabilistic models, no black-box scoring.

Every reclaim runs through a 24-hour bypass window. The seat owner and their manager get a Slack and email notice with a one-click bypass link that instantly cancels the revoke. You can also mark people as protected, run in dry-run mode, and require manual approval on any rule before it executes.

Yes. Every reclaim is logged with the user, app, rule, and the original seat state. From the audit log you can re-provision the seat with one click and SeatMap will replay the original permissions back onto the connected app.

Connect an identity provider (Slack, Google Workspace, GitHub, more on request), and SeatMap runs the first audit in under two seconds. No data migration, no agents, no IT ticket. You can stay in dry-run for the first week to confirm verdicts before any seat is touched.

Duplicate Tool Detection cross-references members across overlapping categories (Slack + Teams, Zoom + Meet, Notion + Confluence). Premium Seat Waste Detection inspects per-seat feature usage and flags premium licenses firing zero premium events, usually the fastest dollars to recover.

Yes. Every scan, verdict, approval, bypass, and revoke is written to an immutable audit log with timestamp, actor, and reason. Export to CSV for finance, or hand the log straight to a SOC 2 auditor, the format is built for review.

SeatMap connects to your identity provider and SaaS apps, then runs a deterministic audit on a schedule you set (daily, weekly, or on-demand). Inactivity is measured by last login, last meaningful action, and premium-feature usage, not just 'opened the app.' Anything that crosses your reclaim rule (e.g. 30 days inactive on a paid seat) enters the queue, your team reviews, and reclaim runs with a built-in bypass window so nothing breaks.

Yes, when the workflow is built around it. SeatMap defaults to a 24-hour warning window with a one-click bypass link sent to the user and their manager, a protected-accounts list for execs and on-call staff, dry-run mode for the first week, and optional manual approval on any rule. Nothing is destructive: every revoke is logged with the original permissions so it can be re-provisioned in one click.

Shared logins, service accounts, and API/integration users look 'inactive' but are critical. SeatMap auto-detects them via naming patterns, OAuth scopes, and bot/API tokens, then quarantines them as Protected so they never enter the reclaim queue. You can also mark any account, group, or domain as protected manually, and protections survive audits, rule changes, and reconnects.

Every reclaim action is staged in an approval queue with the rule that fired, the evidence (last login, usage signals, projected savings), and the proposed change. You can approve, defer, or protect the seat in one click, run in dry-run mode indefinitely, and require multi-person approval on rules above a spend threshold. Nothing changes in the connected app until an approver clicks execute.

Most teams recover 15–35% of their SaaS spend in the first 30 days, mostly from ghost seats, premium licenses with no premium usage, and duplicate tools (Slack + Teams, Zoom + Meet, Notion + Confluence). Savings are tracked per reclaim as monthly cost × seats reclaimed, rolled up into a savings ledger you can export. Payback on SeatMap is typically under two weeks.