Notifications
Clear all
Topic starter
09/06/2026 11:46 pm
TL;DR: SaaS management platforms are increasingly being evaluated not just for app discovery and cost control, but for how they surface who has access, at what level, and whether that access should still exist, according to Zluri. That shift makes SaaS management an identity governance problem, not a procurement one.
NHIMG editorial — based on content published by Zluri: SaaS Management Top 20 SaaS Management Platforms [2026]
By the numbers:
- Only 5.7% of organisations have full visibility into their service accounts.
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
Questions worth separating out
Q: How should security teams govern SaaS apps that are outside formal approval channels?
A: Start by treating unapproved SaaS as an identity and data governance issue, not just an app inventory problem.
Q: Why do SaaS management platforms matter to IAM teams?
A: Because SaaS platforms often hold the actual access relationships that IAM teams need to govern.
Q: What do organisations get wrong about SaaS licence optimisation?
A: They often treat licence reduction as the end goal when the real issue is access state.
Practitioner guidance
- Map SaaS discovery sources to identity controls Tie API, SSO, browser, and finance signals to the owner of access decisions so discovery results can trigger entitlement review, access cleanup, or app approval workflows.
- Bind licence reviews to access recertification Do not let licence optimisation run separately from identity governance.
- Treat shadow AI as an identity intake problem Put unapproved AI apps through the same intake, risk classification, and access policy path you use for unmanaged SaaS, because the governance failure is the hidden identity relationship, not the app label.
What's in the full article
Zluri's full article covers the operational detail this post intentionally leaves for the source:
- Per-platform feature-by-feature comparisons for 20 SaaS management products
- Vendor-specific discovery methods, licensing functions, and admin workflows
- Customer rating snapshots and product positioning details for each platform
- The source article's selection guidance for choosing an SMP by budget and use case
👉 Read Zluri's roundup of the top SaaS management platforms for 2026 →
SaaS management platforms and identity governance: what changes now?
Explore further
10/06/2026 2:15 am
SaaS management has become an identity control plane, not an IT convenience layer. The article's most useful contribution is that it links application visibility to access governance, licence state, and remediation. That is the right direction because the real risk is not app count alone, but unmanaged entitlements inside an expanding SaaS estate. Practitioners should treat SaaS management as part of the identity system, not a parallel dashboard.
A few things that frame the scale:
- Only 5.7% of organisations have full visibility into their service accounts, according to the Ultimate Guide to NHIs.
- That same research finds that 97% of NHIs carry excessive privileges, which is why visibility alone is not enough without entitlement control and review.
A question worth separating out:
Q: How do teams stop SaaS sprawl from becoming a security problem?
A: By connecting discovery to policy enforcement. When a new app appears, teams should assess its data handling, identity links, and approval status before usage becomes routine. If the app cannot be governed in the same workflow as approved services, it should remain restricted until it can.
👉 Read our full editorial: SaaS management platforms now sit inside identity governance
