TL;DR: IT teams are being pushed to manage SaaS sprawl, onboarding, offboarding, and license control as a single governance problem, according to Josys. The issue is no longer only operational efficiency, because unmanaged app access and poor visibility now directly affect security, spend, and audit readiness.
NHIMG editorial — based on content published by Josys: Run SaaS Right: Why IT Teams Are Going Pro with Josys
By the numbers:
- 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation.
- Only 5.7% of organisations have full visibility into their service accounts.
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
Questions worth separating out
Q: How should organisations govern SaaS sprawl without losing access control?
A: Start with a complete application inventory, then assign business and technical ownership to every app.
Q: Why does SaaS lifecycle management matter to IAM teams?
A: Because SaaS lifecycle management determines whether access remains justified after a user changes role or leaves.
Q: What breaks when SaaS visibility is incomplete?
A: Access reviews become partial, offboarding becomes inconsistent, and audit evidence stops reflecting reality.
Practitioner guidance
- Inventory every SaaS application and its identity owner Build a current register of active applications, business owners, and technical owners so no app sits outside lifecycle accountability.
- Tie offboarding to access removal in the same workflow Require user departure, role change, or app retirement to trigger access revocation and license cleanup together.
- Reconcile license usage against actual account activity Compare assigned licenses with login activity and application usage on a scheduled basis.
What's in the full article
Josys' full blog post covers the operational detail this post intentionally leaves for the source:
- The campaign positioning and messaging structure behind Run SaaS Right, including how Josys is framing IT operating discipline.
- The product-facing description of onboarding, offboarding, license management, and SaaS visibility workflows.
- The platform narrative around audit readiness, cost controls, and shadow IT reduction in a managed SaaS estate.
- The call-to-action flow for booking a demo or starting a trial, which is omitted from this analysis.
👉 Read Josys' Run SaaS Right campaign on SaaS governance and IT performance →
SaaS lifecycle governance: what IT teams are actually missing?
Explore further
SaaS governance is becoming an identity lifecycle problem, not just an IT operations problem. The article is right to frame speed and discipline as important, but the deeper issue is that application sprawl multiplies identity states faster than teams can govern them. Once onboarding, offboarding, and license allocation fragment across hundreds of apps, access control becomes inconsistent by default. Practitioners should read this as a lifecycle governance challenge, not a software management theme.
A few things that frame the scale:
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools, according to Ultimate Guide to NHIs.
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures.
A question worth separating out:
Q: How can teams keep SaaS access and spending under control?
A: Reconcile application usage, assigned licenses, and account activity in one workflow. When those records are managed separately, organisations miss both excess spend and excess privilege. A joined-up process makes it easier to remove dormant access and retire unused licenses before they become governance debt.
👉 Read our full editorial: SaaS lifecycle governance is becoming an IT performance problem