Notifications
Clear all
Topic starter
09/06/2026 11:59 pm
TL;DR: Choosing a SAM tool still comes down to visibility, license optimisation, integration, vendor management, and risk controls, with KuppingerCole cited in the source as backing Zluri’s SaaS discovery claims. The deeper issue is that software governance now overlaps with identity governance, because app inventory without user and access context leaves security and compliance decisions incomplete.
NHIMG editorial — based on content published by Zluri: SaaS Management 5 Questions to Ask For Selecting the Best SAM Tool for Your IT Team
By the numbers:
- Only 5.7% of organisations have full visibility into their service accounts.
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
Questions worth separating out
Q: How should teams evaluate SAM tools for identity governance coverage?
A: Teams should check whether the SAM tool connects software inventory to identities, entitlements, and ownership data.
Q: Why do SaaS management tools matter to IAM teams?
A: SaaS management matters to IAM teams because software access is identity access in practice.
Q: What breaks when SAM visibility does not include app users and owners?
A: When SAM visibility excludes users and owners, the organisation can count software but cannot govern it.
Practitioner guidance
- Map SAM data to identity sources Require the tool to join software inventory with SSO, directory, and app-discovery signals so each application can be tied to real users, owners, and access paths.
- Use licence data for offboarding and reclaim Validate that unused licences can be reassigned or removed when staff leave, contractors roll off, or usage drops below policy thresholds.
- Test whether risk scoring reflects delegated access Check that app-risk scores consider who can access the app, what data can be shared, and whether third-party connections remain active beyond their intended use.
What's in the full article
Zluri's full article covers the operational detail this post intentionally leaves for the source:
- A closer look at how its discovery methods are used to build a unified SaaS inventory across connected systems.
- Detailed examples of licence optimisation fields such as renewal date, licence type, cost, and payment method.
- The risk-scoring workflow that blends breach events, compliance data, and security probes into app-level assessments.
- The vendor-management view that links contracts, purchasing history, and renewal handling to software governance.
👉 Read Zluri's guide to selecting a SAM tool for software and access governance →
SaaS management visibility and compliance: what teams should check?
Explore further
10/06/2026 2:34 am
SaaS management has become an identity governance problem, not a shelfware problem. The article treats SAM as a way to control cost and compliance, but the operational reality is broader: every SaaS app also carries user entitlements, external access, and data-sharing trust. Once a platform is connected to SSO, directories, and third-party apps, it starts participating in identity governance. Practitioners should treat SAM selection as part of their broader access architecture, not a procurement decision in isolation.
A few things that frame the scale:
- Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
A question worth separating out:
Q: Which frameworks should guide SaaS access and application governance?
A: NIST CSF and OWASP-NHI are the most relevant lenses for SaaS governance because they connect discovery, protection, and access control to the identities using the software. Use those frameworks to check whether inventory feeds ownership, entitlement review, and lifecycle actions rather than staying at reporting level.
👉 Read our full editorial: SAM tool selection exposes the governance gap in SaaS visibility
