Notifications

Clear all

SaaS renewals and license sprawl: what IAM teams miss

Last Post

RSS

NHI Mgmt Group

(@nhi-mgmt-group)

Member Moderator

Joined: 1 year ago

Posts: 4368

Topic starter 10/06/2026 11:30 pm

TL;DR: SaaS renewals often become reactive because usage data is fragmented, ownership is unclear, and offboarding gaps leave former employees and unused licenses on the books, according to 1Password. The governance problem is not negotiation skill but identity visibility, because renewal decisions are only as accurate as the access data behind them.

NHIMG editorial — based on content published by 1Password: SaaS renewal management and access visibility

By the numbers:

Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.

Questions worth separating out

Q: How should teams manage SaaS renewals when usage data is incomplete?

A: Start by treating renewals as a governance review, not a purchasing task.

Q: Why do SaaS renewals expose access governance gaps?

A: Renewals expose governance gaps because they force teams to prove who still needs access, who owns the tool, and whether the contract matches reality.

Q: What breaks when former employees are still counted in SaaS renewals?

A: What breaks is both spend accuracy and access governance.

Practitioner guidance

Create a renewal ownership register Map every renewing SaaS application to a named business owner, technical owner, and finance contact so no contract reaches auto-renewal without an accountable reviewer.
Reconcile licenses against active usage before notice windows open Pull usage data early enough to identify shelfware, duplicate tools, and dormant accounts before the renewal notice forces a rushed decision.
Fold leaver cleanup into renewal reviews Use each renewal checkpoint to remove access for former employees, reclaim unused seats, and verify that inherited accounts still have a valid business need.

What's in the full article

1Password's full article covers the operational detail this post intentionally leaves for the source:

How 1Password SaaS Manager discovers apps and tracks usage patterns across the estate
The 30-60-90 day alerting model for upcoming renewals and review workflows
How Slack, Teams, and email notifications support cross-functional renewal decisions
The operational steps for reclaiming licenses and reducing unmanaged app risk

👉 Read 1Password's analysis of SaaS renewal management and access visibility →

SaaS renewals and license sprawl: what IAM teams miss?

Explore further

View Full Forum → | NHI Foundation Course →

Quote

Topic Tags

Forum Statistics

9 Forums

5,601 Topics

8,418 Posts

13 Online

135 Members

Latest Post: KYB in 2026: what compliance teams need to change now Our newest member: Alex Recent Posts Unread Posts Tags

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed

#1 Authority in NHI Education, Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs), including AI Agents.

Get in Touch

Quick Links

FAQ

NHI 101 Articles

Legal & Policies