Software asset management and SaaS sprawl: what IAM teams need to know

TL;DR: Software asset management tools are positioned to help organisations discover applications, track renewals, optimise license spend, and support onboarding and offboarding, according to Zluri’s review of 13 tools. The deeper issue is that SaaS governance is now an identity problem as much as a procurement problem, because unmanaged app sprawl creates access, compliance, and lifecycle risk.

NHIMG editorial — based on content published by Zluri: 13 best software asset management tools in 2026

By the numbers:

• Zluri says its discovery engine uses nine methods to accurately discover 100% of SaaS applications within organisations.
• 92% of organisations expose NHIs to third parties, raising concerns about supply chain security.
• Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.

Questions worth separating out

Q: How should security teams govern SaaS applications that sit outside core identity workflows?

A: Security teams should bring SaaS governance into the identity lifecycle, because app discovery, approval, renewal, and removal all depend on accountable ownership.

Q: Why do software asset management tools matter to IAM and IGA programmes?

A: They matter because software inventory only becomes usable when it informs entitlement decisions.

Q: What breaks when SaaS offboarding is not tied to identity revocation?

A: The organisation keeps paying for applications after the business no longer needs them, and access can remain active even after the relationship should end.

Practitioner guidance

• Map SaaS discovery to identity sources Correlate SSO, finance, API, and directory data so that each discovered application has an owner, access path, and business justification.
• Tie renewal alerts to access decisions Use upcoming renewal windows to confirm whether the application still has active users, approved owners, and an accepted business purpose before extending the contract.
• Automate offboarding alongside app retirement Trigger revocation when an employee leaves, an app owner changes, or a SaaS product is retired so dormant subscriptions do not preserve access.

What's in the full article

Zluri's full article covers the product-specific operational detail this post intentionally leaves for the source:

• A side-by-side breakdown of the 13 SAM tools and their feature differences for buyers comparing platforms.
• Vendor-specific discovery methods, integration notes, and deployment considerations that implementation teams would need before purchase.
• Detailed pros and cons for each tool, useful when shortlisting options for procurement and operations.
• Tool-level pricing and support observations that are not the focus of this governance analysis.

👉 Read Zluri's comparison of 13 software asset management tools →

Software asset management and SaaS sprawl: what IAM teams need to know?

Explore further

View Full Forum →  |  NHI Foundation Course →