Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

SaaS visibility and offboarding gaps: what IAM teams miss


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9079
Topic starter  

TL;DR: OnLoop reduced wasted SaaS spend, improved app visibility, and automated offboarding after replacing spreadsheet-driven access tracking with Josys, according to Josys. The underlying lesson is that shadow SaaS, stale access, and audit prep debt are identity governance problems, not just IT housekeeping.

NHIMG editorial — based on content published by Josys: How OnLoop Enhanced SaaS Visibility and Boosted IT Efficiency with Josys

By the numbers:

Questions worth separating out

Q: How should teams govern SaaS access when apps are discovered informally?

A: Start by treating discovery as a governance control, not just inventory.

Q: Why do spreadsheet-based access trackers create lifecycle risk?

A: Spreadsheets age faster than access changes.

Q: What breaks when offboarding is still a manual process?

A: Manual offboarding leaves a gap between departure and revocation, which is where residual access survives.

Practitioner guidance

  • Centralise SaaS discovery and ownership records Replace spreadsheet registers with a continuously updated inventory that links each app to an owner, usage status, and access state.
  • Automate leaver-triggered revocation Connect departure events to scheduled removal steps so access is revoked across all connected apps without manual chasing.
  • Tie review evidence to live entitlement data Keep access and ownership records current enough to support SOC 2 and internal reviews without rebuilding evidence at quarter-end.

What's in the full article

Josys's full case study covers the operational detail this post intentionally leaves for the source:

  • The SaaS Discovery Dashboard workflow used to map active tools, shadow apps, and license status.
  • The exact automated offboarding sequence used to revoke access when people leave.
  • The team-level ownership model the organisation plans to roll out next.
  • The compliance review workflow that supported SOC 2 preparation and audit readiness.

👉 Read Josys's case study on OnLoop's SaaS visibility and offboarding improvements →

SaaS visibility and offboarding gaps: what IAM teams miss?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8508
 

Spreadsheet-based SaaS governance creates an identity blind spot, not a productivity shortcut. Once access, ownership, and licensing live in manual trackers, the control plane becomes stale the moment it is written. That means offboarding, certification, and shadow app detection all depend on human follow-through instead of system-enforced state. For identity programmes, the lesson is that governance quality collapses when the record of access is separated from the event that changes it.

A few things that frame the scale:

  • Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
  • 91.6% of secrets remain valid five days after the targeted organisation is notified, showing how slowly remediation can lag behind exposure, according to NHI Mgmt Group research.

A question worth separating out:

Q: How do organisations know whether SaaS governance is actually working?

A: Look for evidence that ownership is current, access reviews are based on live data, and leaver workflows revoke access without exceptions. If the team still needs to reconcile spreadsheets before audits or cannot say who owns an app, governance is still reactive rather than operational.

👉 Read our full editorial: SaaS visibility and offboarding gaps still create hidden identity risk



   
ReplyQuote
Share: