SaaS sprawl and access control: what IAM teams need now

TL;DR: The underlying issue is not adoption alone but the governance burden that comes with sprawling SaaS access and usage, as Zluri says it raised $10 million in Series A funding led by MassMutual Ventures to expand SaaS discovery, manage integrations, and automate control of increasingly complex application estates, with more than 100 customers added in 2021 and 300-plus direct integrations reported.

NHIMG editorial — based on content published by Zluri: Miscellaneous SaaS Management Platform Zluri raises $10M led by MassMutual Ventures

By the numbers:

• Zluri said it had added over 100 new customers from North American and Asian markets in the past year.
• Zluri reported a library of 300+ in-depth direct integrations.

Questions worth separating out

Q: How should teams govern SaaS sprawl without losing access visibility?

A: Start with discovery, then tie every application to an owner, an identity source, and a review cadence.

Q: Why does SaaS growth create identity risk for IAM and IGA teams?

A: Because each new application introduces another place where identities, roles, and delegated access can drift out of sync with policy.

Q: How do organisations know whether SaaS automation is actually reducing risk?

A: Measure whether automated workflows are removing stale access faster than it is created, whether exceptions are tracked, and whether review outcomes are reconciled back into the source systems.

Practitioner guidance

• Inventory the full SaaS estate before expanding automation Use discovery to identify every business app, then classify each one by owner, authentication path, and integration type so hidden access paths do not survive the onboarding process.
• Map every SaaS application to a lifecycle owner Assign responsibility for joiner-mover-leaver handling, access reviews, and offboarding at the application level so no service can remain outside governance because ownership is unclear.
• Validate integration depth before using a platform as a control source Check that each connector exposes users, admins, roles, and connection types, not just app presence, so review and remediation decisions are based on actionable identity data.

What's in the full analysis

Zluri's full article covers the operational detail this post intentionally leaves for the source:

• The specific funding breakdown and investor context behind the Series A round
• Zluri's own descriptions of product capability areas, including discovery, management, optimisation, security, and automation
• Customer names and growth claims that show how the vendor positions its SaaS management platform
• The company narrative on how it plans to expand in Asia and North America

👉 Read Zluri's Series A funding update and SaaS management expansion plans →

SaaS sprawl and access control: what IAM teams need now?

Explore further

View Full Forum →  |  NHI Foundation Course →