SaaS management platforms and visibility sprawl: what changes for IAM?

TL;DR: Gartner predicts that by 2028 more than 70% of organisations will centralise SaaS application management with an SMP, up from less than 30% in 2025, as overspend, visibility loss, and contract sprawl intensify across SaaS and generative AI usage, according to Gartner. The governance issue is less about tooling selection than about whether IT can establish durable control over app access, lifecycle, and entitlement drift before the sprawl becomes unmanageable.

NHIMG editorial — based on content published by Josys: Josys recognized in the 2025 Gartner Magic Quadrant for SaaS Management Platforms

By the numbers:

• Gartner now predicts that through 2028, over 70% of organizations will centralize SaaS application management using a SaaS management platform, an increase from less than 30% in 2025.
• Josys maintained an overall 4.6/5 rating with 78 Reviews on Gartner Peer Insights for SaaS Management Platforms as of 30 August 2025.

Questions worth separating out

Q: How should organisations govern SaaS sprawl across identity and access processes?

A: Treat SaaS management as part of identity governance, not just software inventory.

Q: When does SaaS licence sprawl become a security problem?

A: It becomes a security problem when unused subscriptions, shared accounts, and stale administrators remain active after the business need has passed.

Q: What do teams get wrong about SaaS management platforms?

A: Teams often treat them as reporting tools when they are more valuable as governance inputs.

Practitioner guidance

• Reconcile SaaS inventory with identity records Join app discovery, user assignment, and ownership data so every active SaaS app maps to a responsible business owner and an identity source of truth.
• Tie licence reviews to joiner-mover-leaver workflows Use offboarding, role changes, and periodic recertification to remove unused subscriptions and stale entitlements at the same cadence as access governance.
• Track AI-enabled SaaS features separately Classify applications that expose generative AI functions, then review their data exposure, ownership, and approval status as a distinct governance category.

What's in the full analysis

Josys's full press release covers the positioning and customer context this post intentionally leaves for the source:

• The exact Gartner category wording and recognition context for Josys's second consecutive placement
• Josys's own description of its 360-degree SaaS visibility, provisioning, and utilisation features
• The customer quote about licence tracking and reassignment workflows
• The full legal and trademark disclaimers attached to the Gartner citation

👉 Read Josys's Gartner Magic Quadrant recognition for SaaS management platforms →

SaaS management platforms and visibility sprawl: what changes for IAM?

Explore further

View Full Forum →  |  NHI Foundation Course →