SaaS sprawl and offboarding gaps: what IAM teams need to know

TL;DR: SaaS sprawl is pushing app selection, provisioning, renewal, and offboarding into a dedicated operations function, while unmanaged buying and manual inventory create spending and security risk, according to Zluri. The governance issue is no longer just software control but lifecycle control across users, apps, and access paths.

NHIMG editorial — based on content published by Zluri: Career Role and Responsibilities of SaaSOps Manager (With JD)

By the numbers:

• 93% of CIOs indicate they’re already adopting or are soon planning to adopt SaaS solutions.
• Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
• NHIs outnumber human identities by 25x to 50x in modern enterprises.

Questions worth separating out

Q: How should organisations govern SaaS offboarding to avoid access leakage?

A: Organisations should treat SaaS offboarding as a governed lifecycle event, not a ticket closure.

Q: Why do SaaS renewals belong in identity governance, not just procurement?

A: Because renewal decisions often preserve active entitlements, dormant accounts, and hidden integrations.

Q: What breaks when SaaS inventory is managed manually in spreadsheets?

A: Manual inventory quickly becomes stale, which means no one can reliably see which apps exist, who owns them, or which identities depend on them.

Practitioner guidance

• Create a single SaaS system of record Centralise application ownership, usage, renewal dates, and business purpose so that procurement, IT, and security work from the same inventory.
• Bind offboarding to access revocation Make employee exit workflows remove app access, delegated permissions, and connected account relationships in the same approval path.
• Review renewals as access certifications Require business owners to confirm current use, data sensitivity, and access legitimacy before any SaaS contract is renewed.

What's in the full article

Zluri's full article covers the operational detail this post intentionally leaves for the source:

• A role-by-role breakdown of SaaSOps responsibilities across IT, procurement, and business stakeholders.
• A sample job description with responsibilities for inventory, renewals, and SaaS administration.
• Practical examples of how SaaSOps teams support onboarding, offboarding, and licence optimisation.
• The vendor's framing of how SaaS management platforms automate repetitive administration tasks.

👉 Read Zluri's guide to the SaaS operations manager role and responsibilities →

SaaS sprawl and offboarding gaps: what IAM teams need to know?

Explore further

View Full Forum →  |  NHI Foundation Course →