Notifications
Clear all
Topic starter
10/06/2026 10:53 pm
TL;DR: Credential sprawl now extends across SaaS apps, AI tools, and unmanaged accounts outside SSO, with 54% of organisations dissatisfied with their current secrets management solution because not all secrets are secured, according to Akeyless research. The control gap is no longer theoretical: departments are building access paths faster than security teams can govern them.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
Q: What breaks when employees create accounts outside SSO and PAM coverage?
A: Accounts created outside SSO and PAM usually lack central ownership, lifecycle records, and consistent authentication controls.
Q: Why do unmanaged SaaS and AI tool logins increase IAM risk?
A: Unmanaged logins bypass the identity processes that give teams visibility into access, ownership, and offboarding.
Practitioner guidance
- Inventory unmanaged credentials across departments Start with SaaS apps, AI tools, and business systems that allow account creation outside SSO.
- Extend governance beyond privileged access Do not limit review cycles to PAM-scoped accounts.
- Create lifecycle ownership for shadow accounts Assign accountable owners to any account that was created with a work email and never provisioned through the identity platform.
What to expect at the briefing
1Password's full webinar covers the operational detail this post intentionally leaves for the source:
- Department-by-department examples of where credential sprawl is forming outside SSO
- Walkthroughs of how 1Password EPM is positioned to close gaps left by SSO and PAM
- Live use cases showing how teams can govern credentials without changing day-to-day work
- Details on the alternate session for viewers in different time zones
👉 Read 1Password's live demo on credential sprawl and AI tool access →
Credential sprawl outside SSO: what IAM teams need to fix by June 30, 2026?
Explore further
