SaaS applications have completely transformed the work landscape. What was once centrally implemented by IT is now often autonomously chosen by teams. Creative tools for marketing, analytics solutions for Finance, onboarding software for HR, project tools for consultants; SaaS enables rapid action and experimentation.

However, this freedom simultaneously creates a challenge: the landscape grows faster than organisations can keep up. This results in SaaS sprawl: an explosion of applications, accounts, data, and rights that are beyond the visibility of IT and security.

IAM forms the missing link to not inhibit this growth, but to organise and secure it.

How SaaS sprawl arises

The increase in SaaS applications is not due to unwillingness or incompetence; it is a direct response to the need for speed and flexibility. Teams seek solutions that help them perform better and do not always wait for central approval. Moreover, SaaS is so accessible that a single credit card is enough to introduce a new tool.

This creates a landscape in which:

• applications are purchased without IT involvement

• external parties gain access without formal registration

• employees create their own accounts in various tools

• HR teams integrate new platforms without IAM coordination

• roles and teams change, but rights are not adjusted

The problem is not the use of SaaS. The problem is the lack of an overall view.

The risks of SaaS sprawl

As soon as applications grow unregulated, risks arise that often remain invisible until something goes wrong.

Lack of visibility on who has access

Organisations often do not know exactly which users are active in which apps. External parties who no longer have anything to do with the organisation may still have access to sensitive information.

Shadow IT and data risks

Tools used outside of IT often store data outside the organisation's policies or security standards. This makes it challenging to comply with ISO 27001, NIS2, and GDPR obligations.

Increased licensing costs

Inactive accounts remain, employees have duplicate access, and no one knows which licenses are still needed.

Audit stress

Auditors want insight into access, rights, and changes. But this overview is entirely lacking when SaaS apps are fragmented.

These risks are not the result of one bad decision but of a structural lack of control. IAM is the solution that restores this control.

🔐 How IAM restores control without blocking innovation

IAM creates a foundation on which SaaS can grow safely and scalably. Joinly does this in a way that aligns with how organisations already work: HR remains responsible for identity data, while IAM determines access based on policy.

This means HR doesn't have to change anything. Employees and external parties are registered in the HR system as always, but Joinly uses that information solely as a source to keep identities in all linked systems in sync.

Access is therefore not determined by HR but by IAM rules in Joinly.

RBAC and ABAC: the engine behind structured access

Joinly supports both Role Based Access Control (RBAC) and Attribute Based Access Control (ABAC).

RBAC

Access is linked to roles or roles within the organisation. This works excellently for:

• standard roles

• fixed departments

• employees with predictable authorities

A marketing employee, for example, automatically gets access to creative tools and campaign software.

ABAC

ABAC uses characteristics of employees or external parties to dynamically grant access. Think of:

• location (EU, UK, globally)

• contract type (internal, external, vendor)

• security level

• team or business unit

• project assignment

For organisations with many temporary employees or rapidly changing teams, ABAC is ideal.

The strength of Joinly is that RBAC and ABAC can be combined, ensuring access is always logical, secure, and scalable.

⚙️ Automatic provisioning: access that automatically aligns

When HR makes changes such as a start date, departure moment, role change, or team change, Joinly automatically picks this up. Accounts are created, rights are granted or withdrawn, licenses are optimised, and access is revoked once someone is no longer active.

This automation prevents:

• forgotten accounts

• human errors

• unclear responsibilities

• delays in onboarding or offboarding

Organisations experience provisioning for the first time as something that happens automatically, exactly at the right moment.

Insight into applications and users

IAM does more than manage access; it also provides the insight needed to manage SaaS. Joinly shows:

• which applications are in use

• which rights users have

• where risks arise

• where licences are not being used efficiently

Thus, SaaS is transformed from an uncontrollable landscape into an environment that offers opportunities for optimisation and security improvement.

Towards a secure and manageable SaaS environment

SaaS sprawl is not something you want to prevent; it means teams are actively renewing and optimising. The challenge is to do this safely and controllably. IAM and particularly a modern IAM platform like Joinly make this possible.

With Joinly, an environment arises in which:

• access is automatically correct

• data is secure

• audits run smoothly

• licensing costs decrease

• external parties are well managed

• SaaS remains user-friendly and compliant

Want to know more? Schedule a no-obligation Demo!