Notifications

Clear all

SaaS app management lifecycle: what identity teams need to fix

Last Post

RSS

NHI Mgmt Group

(@nhi-mgmt-group)

Member Moderator

Joined: 1 year ago

Posts: 5324

Topic starter 12/06/2026 12:50 am

TL;DR: SaaS sprawl, poor utilisation, and inconsistent offboarding create operational, compliance, and security risk across discovery, onboarding, training, promotion, and retirement, according to Zluri. The underlying issue is not tooling alone but governance discipline: who owns each app, who can access it, and how unused software is removed safely.

NHIMG editorial — based on content published by Zluri: Do You Know Your SaaS Stack?

By the numbers:

About 35% of this spend isn’t utilized optimally.

Questions worth separating out

Q: How should organisations govern SaaS applications across their lifecycle?

A: They should govern SaaS as a lifecycle, not a purchase.

Q: Why do SaaS stacks create identity governance risk?

A: SaaS stacks create risk because access, ownership, and retirement are often managed separately.

Q: What breaks when SaaS offboarding is handled by procurement alone?

A: Access revocation, data handling, and integration shutdown are usually missed when procurement treats offboarding as a contract task.

Practitioner guidance

Create a single SaaS ownership register Assign a named business owner and technical owner to every application, then require both before onboarding, renewal, or retirement decisions can proceed.
Tie onboarding to access governance Make application provisioning contingent on role assignment, approval routing, and entitlement review so access is never created outside the governance process.
Treat offboarding as identity revocation When a SaaS product is retired, remove user access, admin rights, and connected integrations before the service is fully shut down.

What's in the full article

Zluri's full article covers the lifecycle detail this post intentionally leaves at a governance level:

How the SaaS App Management Lifecycle maps to discovery, try and buy, onboarding, training, promotion, and offboarding.
Why decentralised software purchasing creates centralised governance problems for identity and compliance teams.
How organisations can think about utilisation tracking and software retirement as part of lifecycle control.
The article's framing of SaaS as a business case for coordinated management across technology, finance, procurement, and security.

👉 Read Zluri's framework for managing the SaaS app lifecycle →

SaaS app management lifecycle: what identity teams need to fix?

Explore further

View Full Forum → | NHI Foundation Course →

Quote

Topic Tags

Forum Statistics

9 Forums

6,557 Topics

9,536 Posts

13 Online

135 Members

Latest Post: Netwrix Auditor tools for audit validation: what teams should use Our newest member: Alex Recent Posts Unread Posts Tags

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed

#1 Authority in NHI Education, Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs), including AI Agents.

Get in Touch

Quick Links

FAQ

NHI 101 Articles

Legal & Policies