Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

SaaS pricing models and access sprawl: what IAM teams miss


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9079
Topic starter  

TL;DR: SaaS pricing models shape how IT teams buy, budget for, and control application access, and the article argues that subscription, tiered, feature-based, freemium, and per-user models each create different procurement trade-offs, according to Zluri. The governance issue is that buying decisions can easily outpace identity controls, especially when app access is broad and loosely reviewed.

NHIMG editorial — based on content published by Zluri: Procurement SaaS Pricing Models, a procurement guide for IT teams

By the numbers:

Questions worth separating out

Q: How should teams govern SaaS access when procurement is decentralised?

A: Treat procurement as the start of the identity lifecycle, not the end of a buying decision.

Q: Why do SaaS pricing models create access governance problems?

A: Because the pricing model shapes how quickly applications are adopted and how broadly access is assigned.

Q: What do security teams get wrong about SaaS licence management?

A: They often treat seat counts as a finance metric instead of an access control signal.

Practitioner guidance

  • Link procurement approvals to identity review Require IAM or IGA review before a new SaaS subscription can be activated, especially where the service creates user, admin, or integration accounts.
  • Reconcile licence seats with active identities Compare purchased seats, assigned users, and actual login activity on a recurring basis.
  • Review feature entitlements after rollout After implementation, confirm which paid features are actually used and remove unused capabilities from both the contract and access model.

What's in the full article

Zluri's full blog post covers the operational detail this post intentionally leaves for the source:

  • Specific SaaS pricing model examples and how each one is typically structured in vendor contracts.
  • Commercial pros and cons of flat-rate, tiered, feature-based, and per-user pricing for procurement teams.
  • Vendor-specific examples such as Basecamp, Office 365, Salesforce, and Slack pricing approaches.
  • Practical buying considerations for organisations trying to balance budget predictability with app flexibility.

👉 Read Zluri's guide to SaaS pricing models for IT procurement teams →

SaaS pricing models and access sprawl: what IAM teams miss?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8508
 

Pricing-driven SaaS adoption is an identity governance problem before it is a spend problem. When software can be trialled, expanded, and renewed with little friction, the identity perimeter grows faster than review processes can catch up. That means procurement decisions directly shape entitlement sprawl, especially where business teams can buy outside central control. The practical conclusion is that SaaS buying must be treated as an identity intake event, not a finance-only transaction.

A few things that frame the scale:

  • 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools, according to Ultimate Guide to NHIs.
  • Only 5.7% of organisations have full visibility into their service accounts, which shows how quickly identity oversight degrades once procurement expands the tool estate.

A question worth separating out:

Q: Who is accountable when unused SaaS access remains active after a purchase?

A: Accountability should sit across procurement, application ownership, and identity governance. Procurement approves the spend, the business owner validates need, and IAM or IGA enforces recertification and offboarding so access does not survive beyond operational use.

👉 Read our full editorial: SaaS pricing models expose the governance gap in app procurement



   
ReplyQuote
Share: