SaaS sprawl and application portfolios: what IAM teams miss

TL;DR: SaaS sprawl makes application portfolio management a governance problem as much as a cost problem, with Zluri describing discovery, rationalisation, renewal control, and lifecycle automation for SaaS estates. The key issue is that application visibility, access revocation, and shadow IT control increasingly shape identity risk, license waste, and audit readiness.

NHIMG editorial — based on content published by Zluri: Miscellaneous Top 9 Application Portfolio Management Software in 2026

By the numbers:

• Only 5.7% of organisations have full visibility into their service accounts.
• 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
• 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation.

Questions worth separating out

Q: How should teams manage SaaS sprawl without losing control of access?

A: Start by linking application discovery to ownership, access, and lifecycle state.

Q: Why does application rationalisation matter for IAM and IGA programmes?

A: Because every application introduces users, entitlements, and offboarding work.

Q: How do organisations know if SaaS lifecycle automation is actually working?

A: Look for evidence that provisioning, approval, and revocation happen in the same workflow and that stale licenses disappear after role changes or departures.

Practitioner guidance

• Map applications to identity owners and lifecycle states Require every SaaS application to have a business owner, technical owner, and offboarding path recorded in the same governance system.
• Tie renewal approval to actual usage evidence Before any contract renewal, compare active licenses, login activity, and business-critical usage against the renewal date.
• Automate revocation when users leave or change roles Connect HR, IAM, and SaaS management workflows so departing users lose access and licenses at the same time.

What's in the full article

Zluri's full blog post covers the operational detail this post intentionally leaves for the source:

• The full SaaS management feature breakdown behind Zluri's discovery and license monitoring claims.
• The product-specific renewal alerting and dashboard workflow used to track contract timing and spend.
• The detailed automation workflow for onboarding, offboarding, approval, and license revocation.
• The vendor's own examples of how the platform presents app-level usage and compliance views.

👉 Read Zluri's article on application portfolio management software for SaaS governance →

SaaS sprawl and application portfolios: what IAM teams miss?

Explore further

View Full Forum →  |  NHI Foundation Course →