Notifications
Clear all
Topic starter
11/06/2026 10:42 pm
TL;DR: SaaS discovery, lifecycle automation, and offboarding are now core operational concerns for IT teams, especially where app sprawl and access ownership overlap, according to Zluri’s 2026 overview of IT tools. The practical lesson is that tool choice is increasingly an identity governance decision, not just an IT productivity one.
NHIMG editorial — based on content published by Zluri: IT Teams Top Tools for IT Teams in 2026
Questions worth separating out
Q: How should teams govern SaaS access when app ownership is spread across departments?
A: Start by assigning a named owner, approver, and reviewer to every application, then link each app to a lifecycle process for joiners, movers, and leavers.
Q: Why do SaaS sprawl and identity sprawl usually appear together?
A: Because applications are often bought outside central IT while access is still granted through shared directories, SSO, and one-off approvals.
Q: What breaks when offboarding is treated as a ticket closure exercise?
A: Access can remain active in connected applications even after the HR or service desk ticket is marked complete.
Practitioner guidance
- Map SaaS discovery to identity ownership Use discovery data from SSO, finance, and directory sources to identify app owners, approvers, and access administrators for every SaaS system.
- Tie provisioning to joiner and mover events Make onboarding and role changes depend on authoritative HR or directory events, then test whether permissions change in the target apps without manual intervention.
- Verify offboarding removes access everywhere Run a monthly sample of leavers and confirm that access retrieval, revocation, and reassignment completed across all SaaS applications, including direct integrations and shadow app connections.
What's in the full article
Zluri's full article covers the operational detail this post intentionally leaves for the source:
- Detailed descriptions of each IT tool category and the specific product features the vendor highlights for SaaS operations.
- Expanded walkthroughs of Zluri’s discovery methods, renewal features, and lifecycle workflow examples across onboarding and offboarding.
- The vendor’s own explanation of how its app store, playbooks, and automation model are intended to reduce manual work.
- Additional product-level context on integrations, analytics, and compliance views that implementation teams would compare during evaluation.
👉 Read Zluri’s overview of the top IT tools shaping SaaS operations in 2026 →
SaaS operations and identity governance: what IT teams miss?
Explore further
12/06/2026 7:01 am
SaaS management is now an identity governance control plane, not a back-office utility. When discovery, onboarding, offboarding, and app approvals sit in one operational layer, they define who keeps access and which applications remain governable. That makes SaaS tooling part of the identity surface itself, especially where app sprawl and decentralized procurement have already weakened oversight. Practitioners should treat this as an IGA boundary problem, not an IT support problem.
A few things that frame the scale:
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools, according to Ultimate Guide to NHIs.
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them, according to Ultimate Guide to NHIs.
A question worth separating out:
Q: How do IT teams reduce SaaS risk without slowing down users?
A: Use policy-backed app catalogues, pre-approved workflows, and lifecycle automation so common requests move quickly while exceptions are still reviewed. The right model is faster standard access with tighter control over unusual requests, not slower access for everyone.
👉 Read our full editorial: IT team tooling exposes identity governance gaps in SaaS operations
