SaaS license waste and access risk: what IAM teams miss

TL;DR: Unused SaaS licenses are framed as both budget waste and access risk in 1Password’s analysis, which argues that decentralised app buying, black-box usage data, and manual renewal checks leave IT unable to validate who still needs access. The real issue is that license governance and deprovisioning are now the same control problem, not separate finance and security tasks.

NHIMG editorial — based on content published by 1Password: unused SaaS licenses are a budget drain and a security risk

Questions worth separating out

Q: How should security teams handle unused SaaS licenses without losing access control?

A: Treat unused SaaS licenses as an identity governance issue, not only a cost line item.

Q: Why do unused SaaS accounts create security risk?

A: Unused SaaS accounts are risky because they often remain tied to valid entitlements even after the business has stopped using them.

Q: How can teams know whether a SaaS license is actually needed?

A: Teams should compare current login activity, last-use timestamps, and business ownership against the paid entitlement.

Practitioner guidance

• Map SaaS entitlements to identity events Connect joiner, mover, and leaver signals from your identity provider to license assignment, downgrade, and reclaim workflows so unused seats are removed when access changes, not at the next spreadsheet review.
• Correlate usage data with contract records Pull login activity, last-use timestamps, and contract entitlements into one review surface so finance and IAM teams are deciding from the same evidence rather than separate reports.
• Treat inactive access as latent exposure Review accounts tied to former employees, dormant apps, and underused business tools as access risk, then remove or downgrade them before renewal and true-up cycles.

What's in the full article

1Password's full article covers the operational detail this post intentionally leaves for the source:

• How 1Password SaaS Manager connects to identity providers, finance tools, and 350+ apps for license visibility
• The specific workflows used to identify unused licenses, reclaim seats, and remove or downgrade access
• How renewal and true-up preparation changes when usage evidence is available in one system
• The article's guidance on reducing duplicate tools across teams without adding manual admin work

👉 Read 1Password's analysis of unused SaaS licenses, access risk, and renewal blind spots →

SaaS license waste and access risk: what IAM teams miss?

Explore further

View Full Forum →  |  NHI Foundation Course →