Notifications
Clear all
Topic starter
11/06/2026 11:22 pm
TL;DR: Unchecked SaaS adoption creates visibility gaps, unmanaged credentials, inconsistent offboarding, and wasted licences as teams sign up for apps outside IT oversight, according to 1Password. The governance problem is not just inventory, but proving ownership and enforcing access lifecycle controls across SaaS, IAM, and compliance workflows.
NHIMG editorial — based on content published by 1Password: how SaaS sprawl creates security, audit, and cost gaps
By the numbers:
- Within a matter of minutes, Leon Weavers got a complete view of over 1,000 apps in use.
- 1Password SaaS Manager has 350+ integrations with the most commonly used business applications and finance tools for usage data and entitlements.
Questions worth separating out
Q: How should security teams govern SaaS sprawl across their identity programme?
A: Security teams should treat SaaS sprawl as an identity governance problem, not only a procurement issue.
Q: Why do unmanaged SaaS apps create compliance risk?
A: Unmanaged SaaS apps create compliance risk because they weaken the evidence chain behind access decisions.
Q: What breaks when SaaS offboarding is handled manually?
A: Manual offboarding breaks the link between the identity lifecycle and the application estate.
Practitioner guidance
- Create a continuously validated SaaS inventory Pull application discovery from identity, finance, and endpoint sources so the inventory updates as users adopt or abandon tools.
- Bind offboarding to app-level deprovisioning Map leaver and mover events to the actual SaaS estate, then verify that accounts, licences, and delegated access are removed from each application rather than only from the HR record.
- Use usage data to retire unused entitlements Compare last-login and activity data with assigned licences, then remove seats that no longer support a business function before renewal cycles lock in waste.
What's in the full article
1Password's full research note covers the operational detail this post intentionally leaves for the source:
- A practical SaaS discovery workflow for building a trusted application inventory across business units.
- Examples of how access reviews and onboarding/offboarding workflows are handled in a SaaS management platform.
- Usage-data enrichment for licences, including activity signals that support seat rationalisation.
- Implementation detail on automating deprovisioning and renewals without relying on spreadsheets.
👉 Read 1Password's analysis of SaaS sprawl, access reviews, and licence waste →
SaaS sprawl and access reviews: what IAM teams are missing?
Explore further
12/06/2026 7:59 am
SaaS sprawl is an identity governance failure before it is a procurement failure. The article makes clear that uncontrolled app adoption creates visibility gaps, inconsistent provisioning, and unclear ownership. Those are governance failures because the organisation no longer has a dependable answer to who has access to what and why. The practical conclusion is that SaaS inventory belongs inside identity governance, not only in finance or procurement workflows.
A few things that frame the scale:
- 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage, according to the Ultimate Guide to NHIs.
- Our research also shows: Only 5.7% of organisations have full visibility into their service accounts, which is why discovery gaps persist long after teams believe they have inventory under control.
A question worth separating out:
Q: How do organisations know if SaaS licence optimisation is actually working?
A: It is working when assigned licences closely match real usage, duplicate tools are retired, and removal decisions are tied to business ownership rather than ad hoc cleanup. The strongest signal is that licence reduction also lowers the number of unmanaged applications and unsupported access paths.
👉 Read our full editorial: SaaS sprawl exposes access and governance gaps across IT
