Notifications
Clear all
Topic starter
12/06/2026 9:07 pm
TL;DR: Broader discovery methods improve SaaS visibility, shadow IT detection, and access oversight across SSO, finance, browser, device, and directory signals, according to Zluri’s comparison with Trelica. The underlying issue is not tool count but whether identity programmes can actually see unmanaged SaaS and act on it before risk becomes normalised.
NHIMG editorial — based on content published by Zluri: SaaS Management Zluri vs Trelica: Which SaaS Management Platform Is Better?
Questions worth separating out
Q: How should security teams build a complete SaaS inventory?
A: Security teams should combine identity, finance, endpoint, browser, and directory signals rather than relying on a single source.
Q: Why does shadow IT create an identity governance problem?
A: Shadow IT creates an identity governance problem because unseen apps sit outside ownership, access review, and offboarding workflows.
Q: What do teams get wrong about SaaS discovery and compliance?
A: Teams often mistake partial discovery for complete governance.
Practitioner guidance
- Build a multi-signal SaaS inventory Correlate IdP, finance, browser, endpoint, MDM, and directory sources so discovered applications can be compared against approved applications and app owners.
- Assign ownership to every discovered app Require each SaaS application to have an accountable business owner, technical owner, and review cadence before it is treated as governed.
- Move SaaS discovery into lifecycle workflows Trigger access review, offboarding, and renewal decisions from a common inventory so new or unmanaged apps do not bypass joiner-mover-leaver processes.
What's in the full article
Zluri's full comparison covers the operational detail this post intentionally leaves for the source:
- The full 9-method discovery breakdown across SSO, finance, browser, desktop, MDM, CASB, HRMS, and directory signals
- Side-by-side feature comparisons for SaaS security, compliance, renewals, and spend optimisation
- The article's own claims about visibility, app ownership, and risk scoring that implementation teams may want to evaluate directly
- A vendor-specific view of how the platform presents managed, unmanaged, restricted, and under-review applications
👉 Read Zluri's comparison of SaaS discovery and shadow IT coverage →
SaaS discovery gaps and shadow IT visibility , what teams miss?
Explore further
12/06/2026 10:59 pm
Discovery breadth is now an access-governance control, not a reporting feature. SaaS visibility determines whether identity teams can see the full set of applications that need ownership, review, and offboarding. If a platform only captures a narrow slice of signals, unmanaged apps stay outside governance and the organisation mistakes partial inventory for control. The practitioner conclusion is simple: discovery coverage is part of the identity control plane.
A few things that frame the scale:
- Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
A question worth separating out:
Q: Who should own unmanaged SaaS applications?
A: Unmanaged SaaS applications should be brought under explicit business and technical ownership as soon as they are discovered. Without ownership, there is no reliable way to review access, manage spend, or decide whether the app should stay in use. Accountability is the control that turns discovery into governance.
👉 Read our full editorial: SaaS discovery and shadow IT visibility remain IAM blind spots
