Notifications
Clear all
Topic starter
11/06/2026 11:43 pm
TL;DR: Tracking SaaS licenses is less about cost control than governance, because manual spreadsheets, employee surveys, ITAM, and SAM all miss parts of the software stack, according to Zluri. The real issue is that fragmented discovery leaves shadow IT, unused licenses, and offboarding gaps visible only after spend and access have already drifted.
NHIMG editorial — based on content published by Zluri: SaaS Management How to Track Software License
By the numbers:
- Zluri says its discovery engine uses nine methods to find 100% of SaaS app licenses in an organisation.
Questions worth separating out
Q: How should teams govern SaaS licences when users can sign up outside IT?
A: Teams need a discovery-backed system of record that reconciles SSO, finance, HR, and app integrations into one view of subscriptions and access.
Q: Why do spreadsheets fail for SaaS licence governance at scale?
A: Spreadsheets fail because they are manually updated, lag behind user behaviour, and cannot validate whether a licence is still assigned, used, or approved.
Q: What breaks when ITAM or SAM is used to manage SaaS licences?
A: The control breaks because ITAM is built around hardware and SAM is often oriented to installed software, while SaaS is identity-linked and continuously changing.
Practitioner guidance
- Create a single SaaS entitlement inventory Reconcile app discovery from SSO, finance, HR, and direct integrations into one authoritative register so renewals and access decisions are based on current usage, not scattered spreadsheets.
- Tie licence revocation to offboarding workflows Make licence termination part of the same process that removes user access during leaver handling, contractor exit, and role change events so dormant subscriptions do not persist after access should end.
- Review spend for unused and downgradable licences Compare assigned licences against actual usage data and downgrade or reclaim entitlements that are underused, over-tiered, or attached to accounts that no longer need them.
What's in the full article
Zluri's full article covers the operational detail this post intentionally leaves for the source:
- A step-by-step comparison of spreadsheets, surveys, ITAM, SAM, and SaaS management platforms for licence tracking
- Examples of discovery methods used to identify SaaS apps, users, vendors, and subscriptions across the organisation
- Renewal alert timing, approval flow details, and revocation automation for joiner, mover, and leaver processes
- Employee self-service app request and approval workflow details for temporary projects and role changes
👉 Read Zluri's guide to tracking SaaS software licences →
SaaS license tracking and shadow IT: what IAM teams miss?
Explore further
12/06/2026 8:31 am
Shadow SaaS is a governance failure before it is a cost problem. When employees can subscribe to tools outside a central control plane, the organisation loses the ability to prove who has access, who approved it, and whether it should still exist. That is a lifecycle and entitlement visibility failure, not just a procurement inefficiency. Practitioners should treat unmanaged SaaS as an identity surface that expands outside review cycles.
A few things that frame the scale:
- 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage, according to the Ultimate Guide to NHIs.
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
A question worth separating out:
Q: How do teams know if SaaS licence optimisation is actually working?
A: They should see fewer duplicate licences, lower unused-seat rates, and cleaner offboarding outcomes across departments and contractors. If discovery still misses apps connected through finance, browser use, or direct subscriptions, then the optimisation programme is only partial and the savings figure is not trustworthy.
👉 Read our full editorial: SaaS license tracking exposes the governance gap in shadow IT
