SaaS visibility and access governance: are your controls keeping up?

TL;DR: SaaS sprawl, shadow IT, and fragmented access governance are pushing organisations toward platforms that combine discovery, lifecycle automation, and review workflows, according to Zluri. KuppingerCole’s executive view highlights that SaaS management and IGA now need to operate as one control plane, not separate programmes.

NHIMG editorial — based on content published by Zluri: a summary of KuppingerCole's executive view on Zluri's SMP and IGA

Questions worth separating out

Q: How should teams govern SaaS access when the application estate keeps changing?

A: Start with discovery, not policy.

Q: Why do shadow IT and SaaS sprawl break access governance?

A: Because governance only works on systems you can see.

Q: What do security teams get wrong about access reviews for SaaS apps?

A: They often treat reviews as a periodic checkbox instead of a decision process grounded in app usage and ownership.

Practitioner guidance

• Build a single SaaS inventory before automating governance Consolidate application discovery data from SSO, HR, SaaS APIs, and manual app lists into one authoritative register.
• Tie onboarding and offboarding to authoritative identity events Connect joiner-mover-leaver triggers to SaaS provisioning and deprovisioning workflows so access changes follow employment changes.
• Use access reviews to resolve entitlement drift, not confirm noise Feed reviewers with application usage, owner context, and entitlement history so they can make real decisions instead of rubber-stamping permissions.

What's in the full report

Zluri's full review covers the operational detail this post intentionally leaves for the source:

• Detailed breakdown of the AuthKnox discovery engine and how its integrations surface SaaS inventory data
• Workflow examples for onboarding, access requests, reviews, and deprovisioning across SaaS applications
• Benchmark-style claims about automation rates, license optimisation, and audit readiness improvements
• Product-specific notes on compliance reports, deprovisioning playbooks, and multi-level review flows

👉 Read Zluri's executive view on SaaS management and IGA →

SaaS visibility and access governance: are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →