Calimatic
Back to blog
Engineering
8 min read

SaaS Application Licensing Models: Per-Seat, Per-Org, and Hybrid

A deep dive into application licensing models for multi-tenant SaaS platforms — how to control access at the app, organization, and user level.

When you manage multiple applications across multiple organizations, the question "who can access what?" becomes surprisingly complex. Application licensing is the layer that answers this question at scale.

The Three-Layer Model

Calimatic Identity uses a three-layer licensing model that separates concerns cleanly:

Layer 1: App Registration — Register your applications as "app clients" in the platform. Each app client has its own OAuth credentials, redirect URIs, and configuration. This layer defines what applications exist in your ecosystem.

Layer 2: Organization Enablement — Control which organizations have access to which applications. Acme Corp might have access to your CRM and analytics tools, while Globex only has access to the CRM. This layer defines which orgs can use which apps.

Layer 3: User Assignment — Within an enabled organization, control which specific users can access each application. Not every Acme employee needs access to every Acme-enabled app. This layer defines which users within an org can use which apps.

Why Three Layers?

A single-layer model (just user-to-app mapping) doesn't scale in a multi-tenant world. Consider these scenarios:

New customer onboarding: When Acme Corp signs up for your platform, you enable their organization for specific applications based on their subscription. All future Acme users inherit this enablement.

User invitations: When an Acme admin invites a new user, they select which applications that user needs access to. Licenses are assigned automatically based on the invitation.

Churn management: When Acme downgrades their subscription, you disable specific applications at the organization level. All user licenses for those apps are automatically revoked.

Without organization-level enablement (Layer 2), you'd need to manage licenses individually for every user in every org — a nightmare at scale.

Per-Seat Licensing

The most common model for B2B SaaS. Each user who needs access to an application consumes one "seat" or license. Organizations purchase a specific number of seats, and administrators assign them to users.

In Calimatic Identity, per-seat licensing works like this:

  1. Enable the application for an organization with a seat limit (e.g., 50 seats)
  2. Admins assign licenses to specific users (or auto-assign on invite)
  3. The platform enforces the seat limit — once 50 licenses are assigned, new assignments are rejected
  4. When a user is deactivated, their license is freed for reassignment

Per-Organization Licensing

Some applications are licensed at the organization level — everyone in the org gets access, no seat management needed. This is common for platform-wide tools, communication apps, and basic utilities.

In Calimatic Identity, per-org licensing skips Layer 3 entirely. Enable the app for an org, and all org members automatically have access. No individual license assignment required.

Hybrid Licensing

Many platforms use a combination. Core tools (email, chat, SSO portal) are per-org, while premium tools (advanced analytics, admin features, API access) are per-seat.

Calimatic Identity supports this natively. Each application can be configured with its own licensing model independently. Some apps require per-seat assignment, others are available to all org members, and some are available to all users platform-wide.

Auto-Assignment

Manual license management doesn't scale. Calimatic Identity supports auto-assignment: when a user is invited to an organization, the platform automatically assigns licenses based on configurable rules:

  • Default apps — Every new user gets access to these applications
  • Role-based apps — Users with specific roles automatically get access to corresponding applications
  • All enabled apps — Every new user gets access to every app enabled for their organization

This eliminates the manual step of assigning licenses after every user invitation.

License Analytics

Understanding license utilization is critical for both platform operators and organization admins:

  • Usage reports — How many licenses are assigned vs. available for each app/org
  • Active usage — How many assigned users actually logged into the app in the last 30 days
  • Waste identification — Flag licenses assigned to users who haven't used the app in 90+ days

These analytics help organizations right-size their subscriptions and identify unused licenses for reassignment.

Getting Started

Application licensing is available on all Calimatic Identity plans. Register your applications as app clients, enable them for organizations, and start managing access. Our documentation covers the full API for programmatic license management, including bulk assignment and auto-assignment configuration.

Ready to get started?

Create a free account and start managing identities in minutes.

Get Started FreeRead the Docs