Notifications
Clear all
Topic starter
10/06/2026 9:11 pm
TL;DR: SaaS license management is framed as a way to track, allocate, renew, and retire software entitlements, but the underlying problem is broader: organisations lose visibility into who or what still holds access, especially when service accounts are included, according to Zluri. That makes license hygiene an identity governance issue, not just a finance task.
NHIMG editorial — based on content published by Zluri: SaaS Management SaaS License Management: An In-Depth Guide
By the numbers:
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
- 92% of organisations expose NHIs to third parties, raising concerns about supply chain security.
Questions worth separating out
Q: How should security teams govern SaaS licences as part of identity management?
A: Security teams should treat SaaS licences as identity entitlements, not just procurement assets.
Q: Why do SaaS licences create governance risk when service accounts are involved?
A: Service accounts can keep a licence active long after the workflow or integration changes, which leaves standing access with no obvious human owner.
Q: What breaks when SaaS entitlement records are incomplete?
A: When entitlement records are incomplete, teams cannot prove who had access, why the licence was granted, or when it should be removed.
Practitioner guidance
- Build a single SaaS entitlement inventory Create one inventory that includes purchased licences, assigned licences, active usage, and account ownership.
- Tie licence removal to lifecycle events Connect offboarding, role change, and application decommissioning to automatic licence review triggers.
- Audit service accounts alongside user access Review non-human accounts in the same governance cycle as employee access, with clear ownership, renewal dates, and removal criteria.
What's in the full article
Zluri's full guide covers the operational detail this post intentionally leaves for the source:
- Step-by-step SaaS licence tracking fields for usage, ownership, renewal, and contract terms
- Practical audit and renewal workflows for reducing redundant subscriptions without disrupting operations
- Examples of licence optimization tooling and renewal calendar automation
- Detailed cost and compliance angles for teams managing large SaaS estates
👉 Read Zluri's guide to SaaS license management and optimisation →
SaaS license management: what IAM teams are missing?
Explore further
10/06/2026 10:01 pm
SaaS licence management is an identity governance discipline, not a spend-control exercise. The article frames the problem as wasted budget and operational inefficiency, but the real governance issue is whether organisations can still account for every active entitlement. That is the same question IAM teams ask of privileged access, service accounts, and application ownership. Practitioners should treat licence inventory as an access-control dataset, not a finance spreadsheet.
A few things that frame the scale:
- 92% of organisations expose NHIs to third parties, raising concerns about supply chain security, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which is why entitlement review often misses the accounts that matter most.
A question worth separating out:
Q: How can organisations reduce wasted SaaS spend without weakening access control?
A: They should combine usage telemetry, renewal calendars, and access reviews so underused licences can be reclaimed without delaying legitimate work. The best result is not fewer licences at any cost, but cleaner assignment and faster recovery of dormant entitlements. That approach reduces waste while preserving operational continuity.
👉 Read our full editorial: SaaS license management exposes the hidden identity governance gap
