SaaS sprawl and Shadow IT: what IAM teams need to control

TL;DR: SaaS sprawl creates security, compliance, and cost risk when employees adopt apps outside IT visibility, according to Zluri. Automation helps discovery and inventory management, but it also exposes the deeper identity governance problem: access, lifecycle, and renewal control still fail when app usage is fragmented.

NHIMG editorial — based on content published by Zluri: Automation Manage SaaS Sprawl With The Power Of Automation

By the numbers:

• Zluri says its discovery approach can identify 100% of SaaS apps used within an organization through its library of 225,000+ apps.
• Zluri directly integrates with around 300 SaaS applications, giving it visibility into access levels, permissions, and license details.

Questions worth separating out

Q: How should security teams reduce SaaS sprawl without losing control of access?

A: Start by building a single inventory that merges discovery, procurement, and identity data.

Q: Why does SaaS sprawl create identity governance risk?

A: Because every unsanctioned app adds another access path, another data store, and often another set of tokens or integrations.

Q: What do organisations get wrong about Shadow IT in SaaS environments?

A: They treat it as a procurement problem when it is also an access and lifecycle problem.

Practitioner guidance

• Reconcile SaaS discovery across every source of truth Combine SSO logs, finance records, browser telemetry, and admin exports into one inventory so hidden apps do not survive because they were seen in only one system.
• Assign lifecycle ownership to every SaaS application Require a named owner for each app, integration, and renewal decision so de-provisioning and offboarding are not left to the last team that notices the app.
• Review duplicate and abandoned licenses as access risks Flag apps with overlapping functionality, dormant usage, or auto-renewal drift and treat them as entitlement exposure before renewal decisions lock them in.

What's in the full article

Zluri's full article covers the operational detail this post intentionally leaves for the source:

• A closer look at how its automation model discovers SaaS apps across SSO, finance, API, browser, and desktop signals.
• Details on the DUAAS framework and how it is used to identify duplicate, unused, abandoned, auto-renewed, and poorly matched licenses.
• Examples of how the platform surfaces app usage, license details, and access logs for operational review.
• A fuller walkthrough of how the vendor positions automation for onboarding, de-provisioning, and SaaS spending control.

👉 Read Zluri's article on managing SaaS sprawl with automation →

SaaS sprawl and Shadow IT: what IAM teams need to control?

Explore further

View Full Forum →  |  NHI Foundation Course →