SaaS sprawl and access control: what IAM teams miss

TL;DR: SaaS optimization is presented as a way to reduce duplicated tools, unused licenses, and spend, while also improving visibility, security, and compliance across the application estate, according to Zluri. The deeper issue is that unmanaged SaaS growth is an identity governance problem, not just a procurement problem.

NHIMG editorial — based on content published by Zluri: SaaS Management SaaS Optimization: A Comprehensive Guide

By the numbers:

• Only 5.7% of organisations have full visibility into their service accounts.
• 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.

Questions worth separating out

Q: How should security teams govern SaaS sprawl without losing control of access?

A: Start with a complete SaaS inventory that includes purchased apps, connected integrations, and local account stores.

Q: Why does SaaS sprawl create identity risk as well as cost waste?

A: Because every extra application can hold active users, OAuth grants, API tokens, or local admins after the business need has passed.

Q: What do teams get wrong about SaaS license optimisation?

A: They treat it as a procurement cleanup exercise and ignore the identity state underneath.

Practitioner guidance

• Build a complete SaaS inventory across business and IT channels Combine SSO logs, expense data, API integrations, and procurement records so you can see sanctioned and unsanctioned apps in one place.
• Reconcile licenses, users, and active usage on a fixed cadence Compare what was purchased with what is assigned and what is actually used.
• Include connected apps and delegated access in recertification Review OAuth grants, vendor integrations, and locally created users alongside directory-based accounts.

What's in the full article

Zluri's full blog post covers the operational detail this post intentionally leaves for the source:

• Step-by-step SaaS inventory centralisation across discovery methods and admin sources
• Detailed license usage monitoring workflow for finding underused and duplicated subscriptions
• Contract renewal and auto-renewal management mechanics for procurement teams
• Examples of spend analysis and approval workflows for SaaS portfolio control

👉 Read Zluri's guide to SaaS optimisation and spend control →

SaaS sprawl and access control: what IAM teams miss?

Explore further

View Full Forum →  |  NHI Foundation Course →