SaaS license sprawl: what IAM teams need to fix first

TL;DR: SaaS licensing is framed as a procurement problem, but Zluri’s analysis shows it quickly becomes an identity and governance problem when visibility, renewal control, and access allocation break down across a large application stack. The real issue is not just cost leakage but unmanaged access that expands shadow IT, compliance exposure, and security risk.

NHIMG editorial — based on content published by Zluri: SaaS licenses explained and practical considerations for IT teams

By the numbers:

• Only 5.7% of organisations have full visibility into their service accounts.
• 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
• 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.

Questions worth separating out

Q: How should organisations govern SaaS licenses as part of IAM and IGA?

A: Treat SaaS licenses as governed entitlements, not just commercial line items.

Q: Why do SaaS license sprawl and shadow IT create security risk?

A: Because every unsanctioned app adds accounts, admins, and integrations that sit outside central visibility.

Q: What breaks when SaaS renewal management is disconnected from usage data?

A: Organisations keep paying for seats that no longer support a business need and preserve access that should have been removed.

Practitioner guidance

• Tie license approvals to identity ownership Require every new SaaS subscription to have a named business owner, an IAM owner, and a renewal date aligned to access review cadence.
• Reconcile spend data with identity inventory Compare procurement records, app discovery data, and account inventories each month to identify apps with no active owner, no recent usage, or no offboarding path.
• Use renewal windows for entitlement cleanup Before any contract renews, validate seat usage, admin accounts, and integrations that depend on the application.

What's in the full article

Zluri's full blog covers the operational detail this post intentionally leaves for the source:

• Detailed pricing-model comparisons for per-user, per-feature, and usage-based licensing
• Expanded discussion of enterprise versus end-user license trade-offs for procurement teams
• Longer explanation of SaaS agreement terms, renewals, and service-level commitments
• Practical license-management examples tied to inventory, usage, and optimisation workflows

👉 Read Zluri's guide to SaaS license types and management →

SaaS license sprawl: what IAM teams need to fix first?

Explore further

View Full Forum →  |  NHI Foundation Course →