TL;DR: Gartner predicts that by 2028 more than 70% of organisations will centralise SaaS application management with an SMP, up from less than 30% in 2025, as overspend, visibility loss, and contract sprawl intensify across SaaS and generative AI usage, according to Gartner. The governance issue is less about tooling selection than about whether IT can establish durable control over app access, lifecycle, and entitlement drift before the sprawl becomes unmanageable.
NHIMG editorial — based on content published by Josys: Josys recognized in the 2025 Gartner Magic Quadrant for SaaS Management Platforms
By the numbers:
- Gartner now predicts that through 2028, over 70% of organizations will centralize SaaS application management using a SaaS management platform, an increase from less than 30% in 2025.
- Josys maintained an overall 4.6/5 rating with 78 Reviews on Gartner Peer Insights for SaaS Management Platforms as of 30 August 2025.
Questions worth separating out
Q: How should organisations govern SaaS sprawl across identity and access processes?
A: Treat SaaS management as part of identity governance, not just software inventory.
Q: When does SaaS licence sprawl become a security problem?
A: It becomes a security problem when unused subscriptions, shared accounts, and stale administrators remain active after the business need has passed.
Q: What do teams get wrong about SaaS management platforms?
A: Teams often treat them as reporting tools when they are more valuable as governance inputs.
Practitioner guidance
- Reconcile SaaS inventory with identity records Join app discovery, user assignment, and ownership data so every active SaaS app maps to a responsible business owner and an identity source of truth.
- Tie licence reviews to joiner-mover-leaver workflows Use offboarding, role changes, and periodic recertification to remove unused subscriptions and stale entitlements at the same cadence as access governance.
- Track AI-enabled SaaS features separately Classify applications that expose generative AI functions, then review their data exposure, ownership, and approval status as a distinct governance category.
What's in the full analysis
Josys's full press release covers the positioning and customer context this post intentionally leaves for the source:
- The exact Gartner category wording and recognition context for Josys's second consecutive placement
- Josys's own description of its 360-degree SaaS visibility, provisioning, and utilisation features
- The customer quote about licence tracking and reassignment workflows
- The full legal and trademark disclaimers attached to the Gartner citation
👉 Read Josys's Gartner Magic Quadrant recognition for SaaS management platforms →
SaaS management platforms and visibility sprawl: what changes for IAM?
Explore further
SaaS management is now a lifecycle governance discipline, not a reporting layer. The value of centralised visibility is not the dashboard itself but the ability to connect discovery, provisioning, review, and offboarding across the application estate. That makes SMP data relevant to IAM, IGA, and compliance teams that need a single view of who should have access and who still does. Practitioners should treat SaaS management as part of entitlement governance, not a sidecar operational tool.
A few things that frame the scale:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to the Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which shows how weak visibility often precedes weak control, according to the Ultimate Guide to NHIs.
A question worth separating out:
Q: How can security teams assess whether SaaS governance is actually working?
A: Look for measurable outcomes such as reduced inactive licences, fewer orphaned app owners, faster offboarding, and cleaner entitlement recertification results. If the programme only produces dashboards and reports, governance has not been operationalised. A working programme changes access state, not just awareness.
👉 Read our full editorial: Josys recognition in Gartner's SaaS management quadrant