惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Schneier on Security
The Register - Security
The Register - Security
月光博客
月光博客
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
The GitHub Blog
The GitHub Blog
博客园 - 司徒正美
罗磊的独立博客
U
Unit 42
S
SegmentFault 最新的问题
Y
Y Combinator Blog
博客园_首页
Hugging Face - Blog
Hugging Face - Blog
J
Java Code Geeks
Schneier on Security
Schneier on Security
Know Your Adversary
Know Your Adversary
C
Check Point Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Simon Willison's Weblog
Simon Willison's Weblog
V
Vulnerabilities – Threatpost
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
阮一峰的网络日志
阮一峰的网络日志
The Hacker News
The Hacker News
博客园 - 叶小钗
C
Cybersecurity and Infrastructure Security Agency CISA
Spread Privacy
Spread Privacy
L
LINUX DO - 热门话题
T
The Exploit Database - CXSecurity.com
P
Palo Alto Networks Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Latest news
Latest news
L
Lohrmann on Cybersecurity
A
About on SuperTechFans
L
LangChain Blog
Stack Overflow Blog
Stack Overflow Blog
S
Securelist
A
Arctic Wolf
D
Darknet – Hacking Tools, Hacker News & Cyber Security
T
Threatpost
Scott Helme
Scott Helme
博客园 - 聂微东
博客园 - 【当耐特】
T
Tenable Blog
I
Intezer
D
DataBreaches.Net
B
Blog RSS Feed
Security Latest
Security Latest
C
Cisco Blogs
T
Tor Project blog
N
Netflix TechBlog - Medium

Blog on 1Password Blog

Why secure-by-design is an incentives problem, with Bob Lord | 1Password NIST and AI agents: 1Password’s approach to agent identity | 1Password Go beyond device health with External Checks in 1Password Device Trust | 1Password Natoma and 1Password help enterprises scale AI securely with governed agent access | 1Password New integrations between 1Password SaaS Manager and EPM | 1Password A first step toward post-quantum security | 1Password RSA 2026: Leading the way to secure agentic AI | 1Password How 1Password is Building a Culture of AI Fluency Through AI Champions | 1Password 1Password vs. Keeper Security: A comparison | 1Password 1Password vs. LastPass: Which is right for you? | 1Password Secure MCP credentials with 1Password and Runlayer | 1Password The next layer of AI security | 1Password Building the next chapter of Go-to-Market in EMEA | 1Password Automating SOC workflows with 1Password Enterprise Password Manager | 1Password Automated Provisioning hosted by 1Password: A Simpler, Smarter Way to Manage Access | 1Password Introducing 1Password® Unified Access: Identity Security for Humans and Their AI Agents | 1Password Next-generation automated provisioning, without compromising zero-knowledge security | 1Password Bitwarden vs. 1Password: Which password manager is right for you? | 1Password Password Manager for Families, Enterprise & Business | 1Password | 1Password How to wrangle SaaS contract renewals | 1Password Stop trusting consumer browsers with work credentials | 1Password IAM stops at sign-in. Your credentials do not. | 1Password Your digital pit crew: a 10-minute pre-race security checklist | 1Password 1Password Device Trust is coming to EMEA | 1Password The identity transformation: Analyst and CIO insights | 1Password Why now is the moment to join 1Password Go-To-Market | 1Password Identity and Accountability in the Age of AI Agents | 1Password How 1Password secures agent architectures | 1Password 1Password becomes the first global partner to transact through Express Private Offers in AWS Marketplace | 1Password Start Learning on 1Password Academy | 1Password Expanding Programmatic Access to 1Password | 1Password Zero knowledge vs. a malicious server: A look at ETH Zurich’s research | 1Password Agents are making filesystems cool again | 1Password Black History Month employee spotlight: Joseph Ojelade | 1Password 1Password's new benchmark teaches AI agents how not to get scammed | 1Password Streamlining SaaS onboarding and offboarding | 1Password 3 common SaaS Management challenges and how to avoid them | 1Password How 1Password Is Evolving Its Partner Ecosystem | 1Password How to build secure agent swarms that power production-grade autonomous systems | 1Password From magic to malware: How OpenClaw's agent skills become an attack surface | 1Password Solving the unsanctioned SaaS problem | 1Password 1Password and 60 Day Hustle: cybersecurity for small businesses | 1Password Security advisory for AI-assisted browsing interactions with the 1Password browser extension | 1Password It’s incredible. It’s terrifying. It’s OpenClaw. | 1Password Managing the risks of social logins | 1Password What’s the first security tool your small business should buy? | 1Password As AI Supercharges Phishing Scams, 1Password Introduces Built-In Protection | 1Password How to interview with confidence at 1Password | 1Password Why SaaS License Waste Is a Cost and Security Problem | 1Password AI is changing the IDE. With 1Password, security keeps up | 1Password How IT teams can get a handle on shadow IT | 1Password Bringing secure, just-in-time secrets to Cursor with 1Password | 1Password The Chasing Entropy Podcast Season One is in the Books | 1Password Now available via QBS Software: 1Password Enterprise Password Manager – MSP Edition | 1Password The role of credentials in the AI espionage campaign reported by Anthropic | 1Password The hidden offboarding step draining your budget | 1Password AWS and 1Password: Innovation in AI and beyond | 1Password Simplifying credential security on OpenAI Atlas | 1Password From Social Work to Social Impact: Growing at 1Password | 1Password Improving in-page notifications in the 1Password browser extension | 1Password Password Manager for Families, Enterprise & Business | 1Password | 1Password Now available via Renaissance: 1Password Enterprise Password Manager – MSP Edition | 1Password Behind the wheel at Oracle Red Bull Racing | 1Password Securing MCP servers with 1Password: Stop credential exposure in your agent configurations | 1Password What’s new in 1Password Enterprise Password Manager - Q4, 2025 | 1Password Belonging as a catalyst for high performance | 1Password Password habits are worsening, but leaders see a path to passwordless | 1Password A simpler, faster way to unlock 1Password | 1Password Oracle Red Bull Racing Episode 4, CIO Matt Cadieux | 1Password 70% of IT and security pros say SSO is falling short | 1Password 1Password's Phishing Survey: Avoid Holiday Phishing Scams | 1Password Securing the Win | 1Password SaaS optimization: How to maximize value and reduce costs | 1Password The enterprise AI crisis: Unsanctioned tools and unenforced policies | 1Password An Identity Security taxonomy for Agentic AI | 1Password Introducing new .env file support in 1Password environments | 1Password Speed and security: Mark Hazelton on protecting Oracle Red Bull Racing’s most valuable asset – its data | 1Password 1Password for Good: Giving back during cybersecurity awareness month | 1Password Utah Mammoth and Utah Jazz score with identity security | 1Password Oracle Red Bull Racing CEO and Team Principal | 1Password Three signs you need a SaaS Management Platform | 1Password Closing the credential risk gap for AI agents using a browser | 1Password Microsoft and Dropbox password managers are sunsetting: What it means and what to do next | 1Password From hackathon nerves to internship wins: Kavya’s journey at 1Password | 1Password 1Password now available in Comet, the AI-powered browser by Perplexity | 1Password 1Password announces new integration with Zscaler | 1Password Breaking the mold: Why more women should consider a career in sales | 1Password What security leaders need to know about mergers and acquisitions | 1Password Clickjacking: What it means for 1Password users | 1Password AI and security at Black Hat: 5 key takeaways from a security expert panel | 1Password Blog | 1Password Do any CISOs feel lucky? | 1Password How to lead with confidence in the AI era: a conversation with Nancy Wang, VP, Engineering | 1Password New Device Trust Check makes browser extension enforcement easier | 1Password Purpose, performance, and trust: Inside the culture powering 1Password’s next chapter | 1Password Now available on Pax8 Marketplace: 1Password Enterprise Password Manager - MSP Edition | 1Password The security principles guiding 1Password’s approach to AI | 1Password Choosing the right SaaS management platform for your business | 1Password Simplify access reviews with 1Password SaaS Manager | 1Password How great usability tripled Duke University's password manager adoption | 1Password
Five tips for successful SaaS Management | 1Password SaaS Manager | 1Password
info@1password.com (Chris Fowler) · 2026-01-16 · via Blog on 1Password Blog

It’s easy to see how SaaS sprawl happens if you picture the moment it starts. A team is blocked, someone needs a tool ASAP, and the answer to their problems lies just behind a free trial, so they sign up for a new tool. No one is being careless. They’re being efficient. The problem is that follow-up rarely keeps pace with new sign-ups, especially when the card on file belongs to "the company" and the requester has already moved on to the next priority.

Watch the webinar

Learn how you can automate SaaS discovery, employee lifecycle management, access reviews, and renewals with 1Password SaaS Manager.

Months later, you realize you are paying for services you don’t use and can’t remember how to log in to, let alone cancel. Every invitation to “try this new tool” adds another subscription, another license, and another place where company IP is stored. Over time, this SaaS sprawl creates an environment overrun with shadow IT and unmanaged apps that IT, security, and finance teams can’t fully see or control.

To get ahead of this, IT teams turn to SaaS management, a process for discovering in-use apps, managing access, and optimizing software spend. At its core, SaaS management ensures the right people have access to the right tools while removing unnecessary access to reduce security risks and overspending.

Without this process, unmanaged SaaS causes serious problems. Cost control suffers because companies waste an average of $18 million annually on unused SaaS licenses. Risk grows because 52% of employees use apps not approved by IT, and 38% of employees retain access to data after leaving a company. When app usage is spread across too many places, it becomes nearly impossible to show auditors who has access or what has changed over time.

While SSO is an undeniably valuable tool for managing access, 70% of professionals agree it isn't a complete solution for securing identity. Between apps that lack SCIM support and the "long tail" of unknown shadow IT, successful IT teams have to move beyond manual audits and spreadsheets.

Let’s look at the five things successful IT teams do differently to manage and secure SaaS.

Five tips to improve SaaS management

#1: SaaS discovery does not equal SaaS management

Employees and business units are signing up for new SaaS and AI apps faster than IT can keep track of them. IT teams can get a list of some new apps, but what happens next?

The common pattern: IT discovers apps through a mix of SSO logs, audits, and expense reports, but the process stops at the spreadsheet. Knowing an app exists doesn't tell you who is using it, why they need it, or if a redundant tool already exists in your ecosystem. When teams operate in silos, you don't just get redundant apps, you get redundant bills. Conducting a SaaS audit once a year is not enough.

What successful IT teams do instead: They treat discovery as the start of a workflow, not a final report. They leverage automation to continuously pull shadow IT and shadow AI into a unified list, then immediately add context: who is using it, when it was last used, and how access is granted. Every newly discovered app moves through a deliberate "in review" process where stakeholders are surveyed for business context before IT decides to manage, consolidate, or sunset the tool.

How 1Password SaaS Manager helps:

  • Discover SaaS usage: Capture a list of every newly discovered app and each user to immediately understand who is using what.

  • Turn discovery into management: Use automated "new app discovered" workflows to move items off the IT backlog and into an active review process.

  • Automate user surveys: Automatically reach out to users via Slack, Microsoft Teams, or email to gather essential business context the moment an app is found.

  • Continuous Shadow IT/AI monitoring: Maintain a real-time, unified list of all unmanaged tools so nothing, including tools outside of SSO, slips through the cracks.

  • Streamline license reclamation: Use automated workflows to communicate with users about license removal or plans to consolidate redundant tools.

#2: Offboarding is more than removing access to SSO

The easiest offboarding mistake is disabling SSO and relying on manual app clean-up to finish the job.

The common pattern: IT teams know deactivating SSO access is not a complete offboarding plan, but the rest of the work is manual across dozens of apps. Removing a user in SSO or IdP blocks access to applications behind SSO, but it doesn’t necessarily delete licenses in each app, revoke OAuth tokens, or transfer ownership of files, calendars, or shared resources. That is where the long tail of unmanaged apps can leave accounts and data lingering after an employee departs.

What successful IT teams do instead: They treat SaaS offboarding as an end-to-end workflow. It begins with the discovery list to identify every app a user touched, even those outside of SSO. They trigger automated deprovisioning and license reclamation for each app, keeping the process consistent so the long tail doesn’t become a hiding place for lingering access. Crucially, they build business continuity into the motion: ownership of shared resources is transferred, and managers are notified for review, ensuring work doesn't get stranded when an employee leaves.

How 1Password SaaS Manager helps: 

  • Complete end-to-end workflows: Build automated workflows that cover every critical offboarding step, from recovering licenses to transferring ownership of email inboxes, calendars, and shared files to managers.

  • Automated license reclamation: Instantly revoke access and reclaim paid seats to prevent unused licenses from impacting your budget.

  • Automated manager notifications: Trigger messages via Slack, Microsoft Teams, or email to prompt managers for any necessary manual actions regarding a departure.

#3: Mitigate compliance and security risks with automated access reviews

Once you centralize and automate access reviews, you will never do them in spreadsheets manually again.

The common pattern: Access reviews are a manual frenzy of spreadsheets and "static" exports compiled in a frenzy before a deadline. Because the process is error-prone and slow, permissions inevitably drift as people change roles, teams reorganize, and former employees retain access, leaving the door open for security risks.

What successful IT teams do instead: They stop treating access reviews as a one-off project and start treating them as a repeatable process. Reviews are scheduled, not improvised. Access is reviewed with context, including role, department, risk level, and external identities. And when access needs to be updated, teams can act directly from the review dashboard to revoke or adjust access immediately, producing clean documentation for faster audits. The work becomes less about chasing confirmations and more about maintaining visible control.

How 1Password SaaS Manager helps:

  • Centralize access reviews: Bring all applications, including those that aren’t behind SSO, into a single, unified access review process.

  • Replace spreadsheets with standardized workflows: Eliminate manual data entry and "static" exports by reviewers for faster, automated review cycles.

  • Enable in-line remediation: Adjust permissions or revoke access directly from the access review dashboard the moment a discrepancy is identified.

  • Gain context for every user: View access levels alongside critical data points like role, department, and risk level to make informed security decisions.

#4: Connect SaaS usage to license spend data

If you can’t tie license entitlements to actual SaaS usage, you can’t control SaaS spend.

The common pattern: IT grants access quickly to keep employees productive, but visibility stops at "has access." Without usage data, you end up paying for inactive licenses for people who haven't logged in for months or entire teams on premium tiers they don't actually need. This results in wasted spend hidden in plain sight, ongoing operational costs of manual audits, and removals that divert IT from higher-value work.

What successful IT teams do instead: They connect license usage directly with spend data to make optimization a daily operation, not a pre-renewal fire drill. They set clear inactivity thresholds of 30, 60, or 90 days to identify waste. Then, they automate the "reclamation" by prompting users via Slack, Microsoft Teams, or email to confirm they still need access before a seat is downgraded or removed. They keep waste from compounding quietly, one seat at a time.

How 1Password SaaS Manager helps: 

  • Correlate usage with spend: Utilize 350+ direct API integrations with the most commonly used business apps to automatically track login data with license expenditures.

  • Continuous optimization: Move away from last-minute budget scrambles by reclaiming unused licenses and optimizing seats continuously.

  • Identify tier-level waste: Downgrade users on expensive premium tiers who only require basic functionality.

#5 Manage contract renewals proactively with shared visibility across IT and procurement

Tie usage and contract data together to give IT and procurement teams the information they need to avoid surprise true-ups and negative impacts on your budget.

The common pattern: When a renewal looms, IT and Finance find themselves in a manual "chase." Finance asks the questions, “Do we need this? Is it being used?” but the answers are isolated in fragmented systems. IT has to sift through contract details that live in procurement tools, while usage data is buried in IdP reports, app-admin consoles, and ad hoc exports.

Without a unified view, decisions are made on incomplete data. This leads to a reactive cycle: auto-renewals lock in bloated seat counts, surprise true-ups occur when teams add licenses unnecessarily, and redundant tools persist because no one can see the overlap. Ultimately, IT and Finance end up looking at different numbers, which means lost negotiation leverage and preventable year-over-year spend increases.

What successful IT teams do instead: They bring contract, spend, and usage data together into a single view of the SaaS portfolio, so everyone, including IT, procurement, and finance, plans renewals from the same source of truth. That view shows what you are paying for, who is using it, renewal dates, renewal status, license availability, and overlapping tools by category. When data is shared and up to date, renewals stop being a last-minute scramble and become a normal operational workflow: align early, negotiate with confidence, and consolidate where it makes sense.

How 1Password SaaS Manager helps:

  • Centralize contract and vendor data: Integrate directly with finance tools or use 1Password SaaS Manager’s built-in AI tool to upload and extract key details from contracts.

  • Establish a shared source of truth: Give IT, Finance, and Procurement a unified view of the entire SaaS portfolio, including spend, usage, and renewal status.

  • Surface tool overlap and redundancy: Automatically identify overlapping tools to support informed consolidation and cost-cutting decisions.

  • Trigger proactive renewal notifications: Use automated workflows to alert the right stakeholders 30, 60, or 90 days before a contract expires, avoiding overspending.

  • Negotiate with data-driven confidence: Approach renewals with real-time utilization data to ensure you only pay for the apps and licenses the company actually needs.

A faster way to see, manage, and optimize your SaaS environment

SaaS sprawl happens because everyone is trying to get work done, using the best tools available to them. The difference with successful IT teams is that they don’t rely on one-time audits or spreadsheets to stay in control. They build repeatable SaaS management processes that maintain visibility, ensure secure onboarding/offboarding, validate access reviews continuously, optimize licenses before waste compounds, and bring contract renewals into a shared view with procurement and finance.

Customers choose 1Password SaaS Manager because it delivers rapid, automated visibility into their SaaS environment, cuts manual work, and centralizes spend optimization.

By turning SaaS management into a repeatable, automated workflow, you can stop worrying about the "free trial" that started it all. You can let your teams move fast and stay efficient, knowing that your SaaS stack and your budget are no longer piling up in the dark.

Watch the webinar

Learn how you can automate SaaS discovery, employee lifecycle management, access reviews, and renewals with 1Password SaaS Manager.

Secure access to your company’s apps

Talk to our team to empower your workforce with secure SaaS access.