TL;DR: ITAM and ITSM serve different parts of the SaaS operating model, with ITAM focused on the asset lifecycle and ITSM on service delivery and support, according to Zluri. For IAM teams, the distinction matters because discovery, lifecycle control, and offboarding require asset governance, not just service desk workflows.
NHIMG editorial — based on content published by Zluri: Miscellaneous ITAM vs. ITSM
By the numbers:
- Zluri says its discovery engine uses nine methods to discover all your apps with near 100% accuracy.
Questions worth separating out
Q: What is the difference between ITAM and ITSM in SaaS environments?
A: ITAM governs the asset itself, including inventory, ownership, cost, renewal, and retirement.
Q: Why do SaaS programmes need ITAM as well as ITSM?
A: SaaS programmes need ITAM because service processes alone do not maintain accurate application records, licence ownership, or lifecycle decisions.
Q: How should teams manage SaaS offboarding when employees leave?
A: Teams should tie offboarding to asset lifecycle events, not just helpdesk tickets.
Practitioner guidance
- Separate asset ownership from service fulfilment Define one control owner for the SaaS asset registry and a different owner for incident and request handling so access decisions are not buried inside the service desk.
- Link SaaS onboarding to approved inventory Require every new SaaS application to enter the asset registry before users receive access, licences, or renewal tracking.
- Automate offboarding from lifecycle events Trigger account removal, licence recovery, and app decommissioning from employee departure and application retirement events, then reconcile exceptions weekly.
What's in the full article
Zluri's full article covers the operational detail this post intentionally leaves for the source:
- A side-by-side breakdown of how ITAM and ITSM differ across users, functions, and asset lifecycle ownership.
- Specific examples of SaaS discovery, licence renewal monitoring, and vendor management workflows inside the platform.
- Operational automation for employee onboarding and offboarding that this post only referenced at a governance level.
- The article's original feature summary for enterprise SaaS management, including how the product positions control and compliance support.
👉 Read Zluri's comparison of ITAM and ITSM for SaaS governance →
ITAM vs. ITSM for SaaS governance: what IAM teams should separate?
Explore further
ITAM and ITSM diverge at the control boundary, not just the process layer. The article shows that ITAM is responsible for the asset's lifecycle, while ITSM is responsible for service delivery and support. In SaaS governance, that means identity controls fail when organisations ask a service process to do an asset process's job. The practitioner conclusion is that ownership, inventory accuracy, and lifecycle decisions must sit with asset governance, not ticket flow.
A few things that frame the scale:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which shows why inventory accuracy and ownership records matter before access can be governed.
A question worth separating out:
Q: What should organisations measure to tell whether SaaS governance is working?
A: The best measures are inventory accuracy, licence reclamation rate, offboarding completion, and the number of SaaS applications that remain unowned or unreviewed. If those numbers are weak, service management may be functioning while governance is still failing.
👉 Read our full editorial: ITAM vs. ITSM for SaaS governance: where identity control diverges