Notifications
Clear all
Topic starter
12/06/2026 9:10 pm
TL;DR: Workflow automation can provision apps for new hires, run access reviews, and apply AI-suggested templates to reduce manual SaaS access work, improve policy consistency, and help remove outdated accounts, according to Josys. The strategic shift is from ad hoc administration to governed lifecycle control across SaaS entitlements.
NHIMG editorial — based on content published by Josys: New workflow automations transform SaaS access management
By the numbers:
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
Questions worth separating out
Q: How should teams automate SaaS access without losing governance control?
A: Start by binding automation to authoritative identity data, approved access policy, and a clear revocation path.
Q: Why do access review workflows fail in SaaS environments?
A: They fail when certification is treated as evidence collection rather than entitlement change.
Q: What do organisations get wrong about AI-suggested workflow templates?
A: They often assume a template is a governance decision when it is really only a starting pattern.
Practitioner guidance
- Map onboarding triggers to authoritative identity attributes Use HR or directory attributes only after checking that role, department, and location data are current and owned by a trusted source system.
- Wire review outcomes to actual revocation actions Confirm that a negative or unanswered access review removes or scopes down access in every connected SaaS application, not just in the review console.
- Validate workflow templates before broad rollout Review each AI-suggested template against approved access policy, exception handling, and ownership before allowing teams to reuse it broadly.
What's in the full article
Josys' full article covers the operational detail this post intentionally leaves for the source:
- How the onboarding workflow is configured around user attributes and lifecycle events.
- How access review surveys are routed to app owners or end users before revocation decisions are applied.
- How AI-suggested templates are selected and adapted to access policy requirements.
- How the workflow automation is positioned across SaaS visibility, security, and lifecycle management.
👉 Read Josys' article on workflow automations for SaaS access management →
SaaS access workflow automation: what changes for IAM teams?
Explore further
12/06/2026 11:02 pm
Workflow automation is a governance control only when the underlying policy is authoritative. Automated onboarding and review are useful only if role data, entitlement mappings, and revocation rules are trustworthy. Otherwise, the organisation has simply accelerated the wrong decision. The practitioner conclusion is that access automation must be governed like any other identity policy layer, not treated as a workflow convenience.
A few things that frame the scale:
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them, according to Ultimate Guide to NHIs.
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools, according to Ultimate Guide to NHIs.
A question worth separating out:
Q: How can security teams tell whether SaaS automation is improving control?
A: Measure whether automation reduces orphaned access, shortens the time between a lifecycle event and entitlement change, and produces audit evidence that matches actual access state. If those indicators do not improve, the organisation may have automated the admin step without improving governance. That is efficiency, not control.
👉 Read our full editorial: Workflow automation for SaaS access management cuts manual risk
