70% of IT and security pros say SSO is falling short – Here’s how to close the gap

When IT and security teams lack visibility and control over the SaaS apps employees use, the result is wasted spend, unsanctioned access, and compliance failures. Yet 1Password’s research shows that all too often, SaaS usage is evading the tools meant to govern it.

This blog is part two in our series analyzing the 1Password Annual Report 2025: The Access-Trust Gap. 

• To read part one, which addresses AI governance, click here.

• If you haven’t had a chance to read the full report yet, download it here. 

The Access-Trust Gap report lays out the issues plaguing the SaaS landscape:

The SaaS explosion has long outpaced traditional IT oversight. Today, enterprises face an environment where hundreds of cloud- and browser-based applications are in active use, many without IT’s knowledge or control. Shadow IT is no longer a fringe behavior; it's a foundational threat to modern access governance. And even sanctioned apps pose risks when access is poorly managed, offboarding is incomplete, or they are not protected by SSO.”

SaaS governance statistics from the report

• 52% of employees have downloaded applications without IT’s approval

• On average, 34% of a company’s apps are not protected by SSO

Offboarding is challenging because so many apps are outside SSO, and additionally, SCIM's effectiveness varies by vendor implementation. As a result, you can disable someone's access through your SSO provider, but it's easy to miss something, and ongoing monitoring is required." Mark Hillick, CISO, Brex

Imperative: SaaS governance

When it comes to managing their SaaS ecosystem, IT admins are running up against the limits of SSO solutions. The original promise of SSO was to provide secure, centralized access to all a company’s apps. But in practice, SSO is often unfeasibly expensive and plagued by integration challenges. On top of that, SSO can only protect the apps that IT is aware of, which doesn’t account for unsanctioned shadow IT.

To address these limitations, IT leaders must find comprehensive solutions that complement SSO and allow for full lifecycle management of all SaaS apps.

Priorities include:

1. Invest in technology that enables the continuous discovery of shadow IT. To be effective, this must include web-based apps as well as locally hosted software. 

2. Mandate SSO where possible and secure authentication for apps that cannot be federated.

3. Automate SaaS access governance to ensure complete lifecycle management, including for non-SSO managed apps. 

How 1Password helps close the Access-Trust Gap for SaaS

Trelica by 1Password is a SaaS management solution that enables IT teams to discover, manage, and secure every SaaS app in use at their organization. Now, let’s go through each of the priorities listed above and discuss how Trelica by 1Password helps to address them.

Invest in technology that enables the continuous discovery of shadow IT

Trelica by 1Password continuously discovers every work-related app employees use, so IT teams can either bring them under management or block access to them.

Mandate SSO where possible and secure authentication for apps that cannot be federated

Trelica by 1Password proactively notifies admins about apps where SSO is available but not in use. For apps outside SSO, it can revoke risky OAuth tokens that grant third-party apps access to company resources.

Automate SaaS access governance to ensure complete lifecycle management, including for non-SSO managed apps

Manual lifecycle and permissions management creates an environment ripe for errors and unsanctioned access. Trelica by 1Password automatically provisions apps to users by syncing with HR data during onboarding, conducts regular access reviews, and revokes access to every application during offboarding, thus improving security and saving budget by reducing unused licenses.

Explore Trelica by 1Password with an interactive demo.

Close your Access-Trust Gap with 1Password

For SaaS environments, the Access-Trust Gap encompasses both shadow IT and apps that IT is aware of, but can’t fully manage with existing tools. The SaaS explosion isn’t slowing down anytime soon, which means there will never be a better time to assess your own organization’s Access-Trust Gap and start closing it. 

To learn more about how 1Password can help you secure your business without slowing you down, reach out to us today.

You can also click here to read the full Access-Trust Gap report.