1Password’s SaaS governance gap analysis for AI and access

At a glance

What this is: This analysis argues that SaaS governance now has to cover unapproved AI use, unfederated app access, and token spend as one identity and control problem.

Why it matters: It matters because IAM, IGA, and finance teams all need the same visibility into app access, AI usage, and offboarding gaps before those blind spots become security or budget failures.

By the numbers:

• 27% of knowledge workers were using AI-based applications that their employer didn’t approve.
• 52% of employees have created accounts for new AI tools and SaaS apps without IT approval.
• 34% of company apps sit outside SSO, where IT has no way to see, secure, or revoke access.

👉 Read 1Password’s analysis of AI token sprawl and SaaS access governance

Context

SaaS sprawl has become an identity governance problem because access now extends beyond the identity provider, into browser-based OAuth grants, finance-controlled subscriptions, and AI tools that employees adopt without approval. When 1Password says it can surface unapproved AI use and app spend, the real issue is visibility across the full application and credential lifecycle, not just SSO coverage.

The primary gap is that traditional IAM can confirm who signed in, but not whether the organisation can still govern the application after access moves outside the federated boundary. That leaves offboarding, license reclamation, and auditability exposed across both human identity and emerging AI-enabled workflows.

Key questions

Q: How should security teams govern AI and SaaS access that sits outside SSO?

A: Security teams should treat unfederated apps as separate governance objects, not as extensions of the identity provider. That means discovering browser-based sign-ins, OAuth grants, and locally created accounts, then validating whether revocation actually reaches the application. If the app cannot be controlled end to end, it should be handled as an offboarding and audit risk.

Q: Why do unmanaged AI tools create IAM and finance risk at the same time?

A: Unmanaged AI tools combine access sprawl with consumption-based spend, so identity teams can lose visibility at the same moment finance loses cost predictability. The same tool may be approved informally, used with corporate credentials, and charged against a shared budget until the overrun appears too late. Governance has to connect who can use the tool with who is paying for it.

Q: What breaks when offboarding only disables the identity provider account?

A: Directory disablement alone fails when apps are outside SSO, tokens remain valid, or vendor-side provisioning is incomplete. In those cases, the leaver can still reach systems that the identity team considers closed. Effective offboarding must prove the application access was removed, the license was reclaimed, and any residual session or token state was revoked.

Q: Who should own governance for AI token usage and SaaS sprawl?

A: Ownership should be shared across IAM, security, and finance, because the problem crosses entitlement control, data exposure, and budget management. IAM can define and revoke access, security can evaluate risk and shadow AI, and finance can monitor consumption and renewal exposure. No single team can close the gap on its own.

Technical breakdown

OAuth grants outside SSO create blind spots in SaaS governance

Many modern work apps are adopted through browser sign-in flows that issue OAuth tokens directly, bypassing the identity provider’s normal control path. That means access can exist without a matching SSO record, and revocation becomes inconsistent if the token lives in the app rather than the central directory. Once those grants spread across personal browser sessions, app vaults, and consumer-style login flows, IT loses a reliable source of truth for entitlement ownership and lifecycle state.

Practical implication: map OAuth-granted access separately from SSO coverage and treat every unfederated app as an offboarding risk.

Token-based AI consumption changes the control problem

AI services do not behave like fixed-seat SaaS. Their consumption costs rise in real time, and usage often tracks teams, prompts, and model calls rather than simple named-user licensing. That creates a governance gap between identity, finance, and operations because the organisation may know who has access, yet still miss how quickly tokens are being consumed or which business unit is driving the overrun. Budget controls built for annual renewals are too slow for this model.

Practical implication: tie AI usage telemetry to identity and cost centres so overages can be acted on before renewal cycles close.

Lifecycle governance must include app, license, and access reclamation

Offboarding is no longer a single deprovisioning event. In SaaS-heavy environments, access can persist in unfederated apps, dormant paid tiers, and vendor-managed admin consoles after the employee exits or changes role. Effective governance therefore spans joiner, mover, and leaver control across the application estate, not just the identity provider. The core architectural issue is that the control plane is fragmented, so lifecycle completion cannot be inferred from one system alone.

Practical implication: require application-level reclamation evidence as part of leaver and mover workflows, not just directory disablement.

NHI Mgmt Group analysis

Unapproved AI and SaaS adoption is now an access governance problem, not a shadow IT side note. When employees connect tools through browser logins and OAuth grants, the identity provider no longer has the full picture of who can reach what. That changes the governance boundary from directory management to application-state management. Practitioners should treat every out-of-SSO application as a live control gap, not a procurement exception.

Access-trust assumptions break when revocation lives outside the identity system. The traditional assumption is that disabling a user in the directory meaningfully ends access. That assumption fails when the application was never federated, the token was issued outside central control, or the vendor implementation leaves SCIM incomplete. The implication is that identity programmes must measure whether revocation actually reaches the app, not whether the directory record was closed.

Token spend has become an identity-adjacent control surface because usage, entitlement, and cost now move together. Consumption-based AI pricing means governance teams can no longer separate access review from financial oversight. The field is moving toward a model where app discovery, access policy, and spend telemetry need to be reconciled in one operating view. Practitioners should stop treating AI budgets as a finance-only issue.

Lifecycle governance is the named concept this market is still underestimating. The lifecycle does not end when a user leaves the directory or a license is reassigned. It ends only when access, tokens, subscriptions, and residual application state are all revoked or reclaimed across every control plane. That is the failure mode exposed by SaaS sprawl and unmanaged AI adoption, and it is where identity governance work now has to focus.

From our research:

• 64% of valid secrets leaked in 2022 are still valid and exploitable today, proving that detection alone is not enough without automated revocation, according to The State of Secrets Sprawl 2026.
• 24,008 unique secrets were exposed in MCP configuration files in 2025 alone, showing how AI tooling can introduce fresh credential exposure at protocol boundaries.
• For a broader identity view, read Top 10 NHI Issues to connect secrets exposure, lifecycle control, and unmanaged access patterns.

What this signals

Access-trust debt: the longer SaaS and AI access exists outside federated control, the more likely teams are to inherit orphaned entitlements, stale tokens, and unreconciled cost centres. That is why governance programmes need a full application-state inventory, not just an identity directory.

When the control plane is fragmented across SSO, browser extensions, finance systems, and vendor dashboards, the operating model shifts from approval to discovery. Teams that still rely on annual review cycles will miss the real-time drift that now defines SaaS and AI governance.

The broader signal is that identity programmes need to treat application usage telemetry as a governance input. For practitioners building to NIST Cybersecurity Framework 2.0, that means improving Identify and Protect functions together, not as separate workstreams.

For practitioners

• Inventory access outside SSO Build a separate register of apps reached through browser sign-ins, OAuth grants, and local credentials so unfederated access is visible alongside directory-managed access.
• Reconcile AI usage with identity and finance data Join app discovery, user identity, and cost centre data so token overages, unmanaged tools, and dormant spend can be tied to accountable owners.
• Prove offboarding reaches the application layer Require evidence that access was removed from the app itself, not just the directory, before closing leaver and mover records.
• Track AI tools as governed applications Classify approved AI platforms, rejected shadow AI, and personal account usage separately so policy enforcement can follow the actual access path.

Key takeaways

• AI adoption outside IT approval is now creating identity governance gaps that traditional SSO coverage cannot close.
• The scale is material: unapproved AI use, out-of-SSO apps, and token-based spending all move faster than manual review processes.
• Practitioners need application-level discovery, revocation proof, and cost visibility to govern SaaS and AI as one access problem.

Key terms

• Shadow AI: Shadow AI is the use of AI tools, models, or services that the organisation has not formally approved or can no longer govern. The risk is not only policy non-compliance. It is that access, context, data exposure, and spend may all sit outside the controls security teams rely on.
• Unfederated Application: An unfederated application is a service or tool that users access without the identity provider controlling the session end to end. That can happen through local accounts, direct OAuth grants, or vendor-specific login flows. Once access bypasses federation, revocation and auditability become partial at best.
• Lifecycle Reclamation: Lifecycle reclamation is the process of removing access, reclaiming licenses, and clearing residual entitlements when a user changes role or leaves. For SaaS and AI tooling, it must include application-level confirmation, not just directory disablement, because access can persist outside central identity records.
• Token-Based Consumption: Token-based consumption is a pricing and usage model where AI cost accumulates according to actual model activity rather than fixed seats. This turns spend into a live governance concern tied to users, teams, and usage patterns, and it requires identity and finance data to be analysed together.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by 1Password: 1Password’s analysis of SaaS Manager, AI token visibility, and access governance. Read the original.