TL;DR: SaaS sprawl is pushing app selection, provisioning, renewal, and offboarding into a dedicated operations function, while unmanaged buying and manual inventory create spending and security risk, according to Zluri. The governance issue is no longer just software control but lifecycle control across users, apps, and access paths.
NHIMG editorial — based on content published by Zluri: Career Role and Responsibilities of SaaSOps Manager (With JD)
By the numbers:
- 93% of CIOs indicate they’re already adopting or are soon planning to adopt SaaS solutions.
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
- NHIs outnumber human identities by 25x to 50x in modern enterprises.
Questions worth separating out
Q: How should organisations govern SaaS offboarding to avoid access leakage?
A: Organisations should treat SaaS offboarding as a governed lifecycle event, not a ticket closure.
Q: Why do SaaS renewals belong in identity governance, not just procurement?
A: Because renewal decisions often preserve active entitlements, dormant accounts, and hidden integrations.
Q: What breaks when SaaS inventory is managed manually in spreadsheets?
A: Manual inventory quickly becomes stale, which means no one can reliably see which apps exist, who owns them, or which identities depend on them.
Practitioner guidance
- Create a single SaaS system of record Centralise application ownership, usage, renewal dates, and business purpose so that procurement, IT, and security work from the same inventory.
- Bind offboarding to access revocation Make employee exit workflows remove app access, delegated permissions, and connected account relationships in the same approval path.
- Review renewals as access certifications Require business owners to confirm current use, data sensitivity, and access legitimacy before any SaaS contract is renewed.
What's in the full article
Zluri's full article covers the operational detail this post intentionally leaves for the source:
- A role-by-role breakdown of SaaSOps responsibilities across IT, procurement, and business stakeholders.
- A sample job description with responsibilities for inventory, renewals, and SaaS administration.
- Practical examples of how SaaSOps teams support onboarding, offboarding, and licence optimisation.
- The vendor's framing of how SaaS management platforms automate repetitive administration tasks.
👉 Read Zluri's guide to the SaaS operations manager role and responsibilities →
SaaS sprawl and offboarding gaps: what IAM teams need to know?
Explore further
SaaS operations is now part of the identity governance surface. The article describes a function that sits between procurement, IT, and business teams, but the deeper issue is governance over who can create, keep, and remove access in a SaaS estate. That matters because app sprawl creates identity sprawl: human access, delegated access, and hidden machine access all expand together. Practitioners should treat SaaSOps as a control point in the broader identity programme, not as a back-office admin role.
A few things that frame the scale:
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them, according to Ultimate Guide to NHIs.
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
A question worth separating out:
Q: What is the difference between SaaS operations and SaaS security ownership?
A: SaaS operations focuses on lifecycle control, inventory, renewals, and business enablement, while SaaS security ownership focuses on access risk, data exposure, and governance. In mature programmes, the two overlap because app lifecycle decisions directly affect who has access, how long access lasts, and whether offboarding actually removes it.
👉 Read our full editorial: SaaS operations management is becoming an identity governance problem