TL;DR: SaaS sprawl makes application portfolio management a governance problem as much as a cost problem, with Zluri describing discovery, rationalisation, renewal control, and lifecycle automation for SaaS estates. The key issue is that application visibility, access revocation, and shadow IT control increasingly shape identity risk, license waste, and audit readiness.
NHIMG editorial — based on content published by Zluri: Miscellaneous Top 9 Application Portfolio Management Software in 2026
By the numbers:
- Only 5.7% of organisations have full visibility into their service accounts.
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
- 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation.
Questions worth separating out
Q: How should teams manage SaaS sprawl without losing control of access?
A: Start by linking application discovery to ownership, access, and lifecycle state.
Q: Why does application rationalisation matter for IAM and IGA programmes?
A: Because every application introduces users, entitlements, and offboarding work.
Q: How do organisations know if SaaS lifecycle automation is actually working?
A: Look for evidence that provisioning, approval, and revocation happen in the same workflow and that stale licenses disappear after role changes or departures.
Practitioner guidance
- Map applications to identity owners and lifecycle states Require every SaaS application to have a business owner, technical owner, and offboarding path recorded in the same governance system.
- Tie renewal approval to actual usage evidence Before any contract renewal, compare active licenses, login activity, and business-critical usage against the renewal date.
- Automate revocation when users leave or change roles Connect HR, IAM, and SaaS management workflows so departing users lose access and licenses at the same time.
What's in the full article
Zluri's full blog post covers the operational detail this post intentionally leaves for the source:
- The full SaaS management feature breakdown behind Zluri's discovery and license monitoring claims.
- The product-specific renewal alerting and dashboard workflow used to track contract timing and spend.
- The detailed automation workflow for onboarding, offboarding, approval, and license revocation.
- The vendor's own examples of how the platform presents app-level usage and compliance views.
👉 Read Zluri's article on application portfolio management software for SaaS governance →
SaaS sprawl and application portfolios: what IAM teams miss?
Explore further
Application portfolio management is becoming an identity governance discipline, not just an IT operations task. Zluri’s article shows that discovery, renewal management, and lifecycle automation are all control points for SaaS sprawl. Once each application is treated as a bundle of identities, entitlements, and integrations, the governance question changes from 'what software do we own?' to 'what access and accountability does each application create?'. Practitioners should treat application portfolio rationalisation as part of IAM and IGA design, not a separate finance exercise.
A few things that frame the scale:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to the Ultimate Guide to NHIs.
- 71% of NHIs are not rotated within recommended time frames, increasing the risk of compromise over time.
A question worth separating out:
Q: Who should own SaaS governance when applications are spread across business units?
A: Ownership should sit with both the business and the identity function. Business leaders can justify why the app exists, while IAM or IT governance can control access, lifecycle, and retirement. If responsibility sits only with procurement or only with IT, apps tend to persist after their original purpose has faded.
👉 Read our full editorial: Application portfolio management and SaaS sprawl are now identity issues