TL;DR: Automation can speed onboarding, offboarding, approvals, and SaaS discovery, but the real identity issue is whether those workflows preserve least privilege, lifecycle control, and auditability across employees, applications, and infrastructure, according to Zluri's overview of nine automation tools. Manual effort drops, but governance weakens if access decisions become opaque and rule driven.
NHIMG editorial — based on content published by Zluri: 9 Best Automation Tools for SaaS Operations and SAM/ITAM Teams
Questions worth separating out
Q: How should security teams govern automated onboarding and offboarding workflows?
A: Treat automated joiner-mover-leaver flows as governed access decisions, not just IT tasks.
Q: Why do automation tools create access governance risk in SaaS environments?
A: They can move access decisions out of human view and into workflow logic that is hard to inspect.
Q: What should organisations measure to know whether automation is reducing risk?
A: Measure revoke timeliness, exception volume, access recertification failures, and the percentage of grants that match actual job function or workload need.
Practitioner guidance
- Inventory every automated access path Document which workflows create, change, approve, or revoke access across SaaS, ITSM, and infrastructure tools.
- Separate discovery from entitlement authority Use SaaS discovery, renewal monitoring, and usage data to inform decisions, but keep entitlement approval and revocation inside an authoritative access model.
- Validate contextual recommendations before granting access If a platform suggests apps, groups, or permissions based on role metadata, require periodic sampling against actual job function and application usage.
What's in the full article
Zluri's full article covers the operational detail this post intentionally leaves for the source:
- Vendor-by-vendor feature descriptions for SaaS onboarding, renewal tracking, and vendor lifecycle workflows
- Product-specific discovery methods and automation coverage claims for app inventory and spend control
- Tool-level comparisons of ITSM, endpoint, and cloud automation capabilities across the nine products
- Customer rating snapshots and platform feature lists that implementation teams may want for shortlist work
👉 Read Zluri's roundup of automation tools for SaaS operations and ITAM teams →
SaaS automation tools and the access governance gap teams miss?
Explore further
Automation is not governance unless the access model stays reviewable. The article treats workflow automation as a productivity layer, but identity teams should read it as a control distribution problem. Once onboarding, offboarding, renewals, and request approvals move into orchestration, the core question becomes whether the organization can still prove who had access, why they had it, and when it was removed. Practitioners should treat every automated path as an audit artifact, not a convenience feature.
A few things that frame the scale:
- 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job, according to the 2026 Infrastructure Identity Survey.
- Only 44% of organisations have implemented any policies to manage their AI agents, despite 92% agreeing that governing AI agents is critical to enterprise security.
A question worth separating out:
Q: What is the difference between automation for operations and automation for identity control?
A: Operations automation speeds tasks such as ticket routing, renewals, and provisioning. Identity control automation must also preserve least privilege, ownership, and traceability for every access decision. If a workflow cannot show who authorized access, what changed, and when it was removed, it is not functioning as an identity governance control.
👉 Read our full editorial: Automation tools for SaaS operations expose access governance gaps