SaaS governance for AI tools and agents is becoming essential

At a glance

What this is: This analysis examines how SaaS sprawl and AI tool adoption are exposing visibility, access governance, and spend control gaps across human, machine, and agent identities.

Why it matters: It matters because IAM, IGA, and PAM teams are now being asked to govern applications and tokens that sit outside traditional SSO and lifecycle controls.

By the numbers:

• 52% of employees have downloaded apps without IT approval.
• 27% have worked on AI-based applications their employer did not approve.

👉 Read 1Password's analysis of AI and SaaS governance gaps in the Gartner Magic Quadrant context

Context

SaaS governance now extends beyond application inventory. Once employees and AI tools begin using apps outside SSO, traditional IAM controls lose sight of who approved the access, how long it persists, and whether the access is still justified.

The article argues that AI adoption is amplifying an existing SaaS sprawl problem rather than creating a new one. For identity teams, the operational issue is unified governance across humans, machine identities, and AI agents that act on behalf of people.

This is a typical enterprise pattern: tool adoption moves faster than approval, inventory, and recertification processes. The result is an access surface that grows faster than the controls designed to govern it.

Key questions

Q: How should security teams govern SaaS and AI tools that sit outside SSO?

A: Security teams should treat out-of-SSO apps as identity-governed assets, not informal productivity tools. That means discovering them from multiple sources, linking them to user and token ownership, and routing them through approval, review, and removal workflows. Without that lifecycle, shadow SaaS becomes persistent access rather than a temporary exception.

Q: Why do unapproved SaaS and AI apps create identity risk?

A: They create risk because access can be granted once and then continue operating outside normal identity controls. Once an app has an OAuth token or similar delegated permission, the organisation may lose sight of who approved it, what scope it has, and when it should be revoked.

Q: What breaks when SaaS governance is separated from identity governance?

A: What breaks is accountability. Inventory may still show the app, but the organisation no longer knows which identity created the relationship, which system approved it, or whether revocation happened when the business need ended. That gap turns governance into observation without control.

Q: What should organisations do when employees adopt AI tools without approval?

A: They should classify the tool, determine whether it touches company data, and decide quickly whether to approve, restrict, or remove it. The key is to route the decision through identity and lifecycle controls, not leave it as an isolated policy violation with no technical follow-through.

How it works in practice

SaaS sprawl outside SSO creates an identity blind spot

When applications sit outside SSO, identity teams lose the central control point that normally links user, device, and entitlement data. Discovery becomes fragmented across identity providers, browser data, finance systems, and endpoint telemetry. That fragmentation is operationally serious because governance depends on knowing not just that an app exists, but who connected it, what access it has, and whether that access is still justified. In mixed SaaS and AI environments, the hidden risk is not the application itself, but the unaudited identity relationships around it.

Practical implication: build cross-source discovery that can surface app use even when it bypasses SSO.

OAuth tokens turn app usage into durable access

OAuth grants often behave like standing credentials once a user approves an app, because the token can continue operating until it is revoked or expires. That makes access governance more than a login problem. It becomes a lifecycle problem involving approval, token scope, monitoring, and revocation. In environments where AI tools call APIs on behalf of users, token sprawl can create a parallel access layer that lives outside ordinary recertification routines. The key technical issue is persistence without visible ownership.

Practical implication: treat OAuth revocation and scope review as part of access governance, not just app onboarding.

Unified governance is a lifecycle problem, not just a dashboard problem

A unified access model is only useful if it connects discovery, approval, review, and removal. Otherwise it simply centralises visibility into stale access. For SaaS and AI tools, lifecycle management has to span HR, finance, identity, and security sources so that a change in role, cost centre, or tool usage can trigger the right governance action. This is the control plane question behind unified access: whether the organisation can remove access consistently after the business need disappears.

Practical implication: align SaaS governance with lifecycle workflows so stale access is removed from the same system that discovered it.

NHI Mgmt Group analysis

Unified SaaS governance is now an identity problem, not a software inventory problem. The article shows that SaaS discovery, AI tool oversight, and access governance are converging into one control domain. Once applications and tokens sit outside SSO, the question is no longer how many apps exist, but which identity relationships were created without durable oversight. Practitioners should treat SaaS governance as an extension of identity governance, not a procurement dashboard.

OAuth access has become the new standing privilege layer for SaaS and AI tools. The access path is often created by a single user consent event and then persists independently of the original business context. That is why token revocation, consent review, and lifecycle offboarding matter as much as provisioning. The practical conclusion is that entitlement review must now cover app-granted access, not only directory-managed accounts.

Access drift outside SSO: the control model assumes applications are either centrally governed or visibly sanctioned. That assumption breaks when employees and AI systems can adopt tools, connect APIs, and continue operating without those relationships ever entering the identity lifecycle. The implication is that governance programmes must stop treating shadow SaaS as an exception and start treating it as a structural state of modern work.

AI agents widen the governance gap because they multiply access without creating a new accountability model. Human users already strain approval and review processes; AI systems make that strain harder by acting through delegated tokens and multiple application boundaries. That does not require a new identity theory, but it does require tighter linkage between consent, scope, and accountability. Practitioners should expect AI adoption to expose every weak point in existing lifecycle discipline.

Spend optimisation and security governance are now coupled. The same unknown application that creates risk also creates unused licences, duplicate contracts, and orphaned access paths. That coupling matters because finance signals can now help security teams find identity drift, while security findings can help finance rationalise waste. The result is a broader governance model that only works if both functions share the same access truth.

From our research:

• 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
• Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities.
• That confidence gap becomes more material as identity teams move from isolated app control to lifecycle governance, as outlined in NHI Lifecycle Management Guide.

What this signals

Access drift outside SSO: the next governance failure is less likely to be a single rogue app than a web of delegated tokens, approvals, and forgotten connections. Teams that can correlate discovery, consent, and offboarding will see the problem first, but the control gap is already structural. For a broader control lens, align programme reporting with NIST Cybersecurity Framework 2.0.

With 92% of organisations exposing NHIs to third parties, per our Ultimate Guide to NHIs, the question for practitioners is no longer whether shadow access exists, but how quickly it can be discovered and removed. That makes identity, finance, and endpoint telemetry part of the same control conversation.

As AI tools and agents begin to inherit human permissions, the governance model has to shift from application approval to access accountability. That means reviewing consent, token scope, and lifecycle triggers together, then feeding those signals into the same programme metrics used for privileged access and recertification.

For practitioners

• Map app discovery across all identity sources Combine identity provider, browser, device, finance, and vault data to identify applications that never passed through SSO. Prioritise tools with active OAuth grants or data access because they create the fastest path from shadow adoption to persistent exposure.
• Review OAuth consent as a lifecycle event Add consent review, token scope checks, and revocation triggers to the same workflow used for access removal. If a tool is no longer approved, the token should be treated as removable access rather than a passive configuration detail.
• Tie SaaS governance to offboarding and role change When an employee changes team, cost centre, or employment status, verify whether connected SaaS apps and AI tools are still justified. Build the removal step into the lifecycle workflow so stale access does not survive the business need.
• Create a shared control view for IT, security, and finance Use one inventory to reconcile application use, approvals, spend, and access risk. Shared reporting shortens the time between discovering an unapproved tool and deciding whether to sanction, restrict, or remove it.

Key takeaways

• SaaS sprawl is now an identity governance issue because app use outside SSO creates access relationships that IAM teams can no longer see cleanly.
• The scale of the problem is already measurable, with 52% of employees downloading apps without IT approval and 27% using unapproved AI-based applications.
• The control response has to connect discovery, OAuth revocation, and lifecycle offboarding, or shadow access will continue to outlive the business need.

Key terms

• Shadow SaaS: SaaS applications adopted or used outside formal IT visibility and approval. In identity terms, the risk is not only uncontrolled software spend but unmanaged access relationships, missing audit trails, and delegated permissions that survive long after the original business need has changed.
• OAuth Token: A delegated credential that lets an application act with a user’s granted permissions. For governance, the important point is that token scope and lifetime can create standing access unless they are reviewed and revoked as part of identity lifecycle processes.
• SaaS Governance: The set of controls used to discover, approve, monitor, and remove application access across the enterprise. Effective SaaS governance links application inventory to identity ownership, lifecycle events, auditability, and spend oversight instead of treating apps as purely procurement assets.
• Access Drift: The gradual expansion or persistence of access beyond the original business purpose. In SaaS and AI environments, access drift often appears when tools are approved once, then continue operating through tokens, integrations, or agent workflows that never re-enter review.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by 1Password: 1Password Named a Leader in the 2026 Gartner Magic Quadrant for SaaS Management Platforms. Read the original.