SaaS Manager and access reviews: what this means for IAM teams

TL;DR: SaaS oversight is becoming an identity lifecycle problem, not just an inventory problem, as 1Password’s quarterly security spotlight says SaaS Manager is being used to control SaaS spend, automate provisioning and deprovisioning, and streamline access reviews across the employee lifecycle, according to 1Password.

NHIMG editorial — here’s why we think this discussion matters

By the numbers:

• Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
• 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation.
• 92% of organisations expose NHIs to third parties, raising concerns about supply chain security.

Questions worth separating out

Q: How should teams govern SaaS access across the employee lifecycle?

A: They should bind SaaS access to joiner, mover, and leaver events, then automate provisioning, access reviews, and deprovisioning from the same identity record.

Q: Why do access reviews often fail in SaaS environments?

A: They fail when reviewers do not have enough context to judge whether access is still needed.

Practitioner guidance

• Map SaaS applications to lifecycle events Tie every application to a joiner, mover, and leaver trigger so provisioning and removal follow the same authoritative identity record.
• Automate deprovisioning for offboarding and role changes Remove access when employment status, contractor status, or job function changes rather than relying on manual cleanup after the fact.
• Require usage context in access reviews Give reviewers app ownership, last-use data, and entitlement scope so they can decide whether access is still justified.

What to expect at the briefing

1Password's full webinar covers the operational detail this post intentionally leaves for the source:

• The live walkthrough of how SaaS Manager is being used to automate provisioning and deprovisioning across the employee lifecycle.
• The discussion of how full SaaS visibility exposed unnecessary spend and access blind spots.
• The fireside chat format with Wendy Nather and Jordan Rickards, which adds implementation context beyond the summary here.
• The broader portfolio update section, which covers recent product changes not unpacked in this analysis.

👉 Register for 1Password's quarterly security spotlight on SaaS governance →

SaaS Manager and access reviews: what this means for IAM teams?

Explore further

View Full Forum →  |  NHI Foundation Course →