1Password has been recognized as a leader in the 2026 Gartner® Magic Quadrant™ for SaaS Management Platforms. SaaS Manager gives IT and security teams visibility into unapproved AI use and every app, AI tool, and dollar spent across their organization. This foundation lets teams identify real-time AI token overruns before mid-year budget surprises hit, cut wasted license spend, and reduce friction for employees requesting access. The platform closes the access gaps that happen outside of SSO, governing human access across the full employee lifecycle and enabling AI agents to automate governance workflows through an MCP Server. We believe our placement in the Gartner® Magic Quadrant™ reflects our vision that with the right controls, SaaS management can help a business move faster.
Read the Gartner® Magic Quadrant™ for SaaS Management Platforms Employees aren't waiting for IT approval to adopt AI. The 1Password Access-Trust Gap Report found that 27% of knowledge workers were using AI-based applications that their employer didn’t approve. Coding assistants, productivity tools, and AI platforms are being connected to work accounts, granted API access, and signed in with corporate credentials, often through a single "sign in with Google" OAuth token that leaves no trace in the identity provider. IT has no record of these AI tools, no visibility into what data enters the AI’s context window, and no way to revoke access. When those tools run on consumption-based pricing, annual AI token budgets are being depleted within months, with no signal to finance until the allocation is nearly gone.
SaaS sprawl has been a known cybersecurity problem for years, and until recently, traditional identity management was sufficient to keep pace. While the proliferation of AI and SaaS tools empowers teams to set themselves up and get rolling without waiting for IT review or procurement, that agility creates gaps in spending, visibility, governance, and compliance that traditional budget controls and SSO cannot close.
According to the Access-Trust Gap Report, 52% of employees have created accounts for new AI tools and SaaS apps without IT approval, and 34% of company apps sit outside SSO, where IT has no way to see, secure, or revoke access.
Shadow IT and unmanaged shadow AI don’t automatically disappear when employees change roles or leave the organization, and IT can’t revoke access for unfederated tools. In an interview with 1Password, Mark Hillick, CISO at Brex, said, “Offboarding is challenging because so many apps are outside SSO, and additionally, SCIM's effectiveness varies by vendor implementation. As a result, you can disable someone's access through your SSO provider, but it's easy to miss something, and ongoing monitoring is required."
The 1Password browser extension detects OAuth credential grants in real time, surfacing new AI tools to IT before they become governance gaps or offboarding problems. SaaS Manager closes the visibility gap of unmanaged AI and SaaS by continuously discovering applications across identity providers, SSO logs, finance systems, device agents, browser extensions, and 1Password vaults, to surface all the tools your employees log into for work.
When Flipdish connected SaaS Manager to their identity provider and finance systems, they discovered more than 1,000 applications in under five minutes. "Okta was a good first step for us," said Leon Weavers, IT Manager at Flipdish, "but we still had limited visibility of our SaaS estate."
Discovered apps are matched against a library of 40,000+ pre-populated profiles to show immediate risk context and compliance posture. SaaS Manager also integrates with 400+ systems across IT, HR, finance, identity, and security, including
Unlike traditional SaaS licensing, token-based AI consumption pricing means spend accumulates in real time, not just at renewal. Token budgets set at the start of the year can drain in just a few months. Finance leaders are already asking how much they're spending on AI, which team is driving the overrun, and when prepaid token commitments expire.
When Uber deployed Claude Code to 5,000 engineers, the company exhausted its entire annual budget in four months. Most organizations manage AI consumption using a combination of vendor dashboards, CSV exports, and spreadsheets, leaving finance without visibility into real-time consumption trends.
SaaS Manager replaces disparate vendor dashboards with a single view of AI usage and cost, broken down by team, user, and model. Burn-rate alerts catch overages before they hit for vendors like Cursor, Claude, and OpenAI. AI-assisted contract extraction pulls key terms and renewal dates directly from vendor agreements, so finance and IT can act between renewals. This turns unpredictable AI costs into a managed line item and helps finance forecast usage, attribute spend by team, and make confident decisions at renewals.
AI and SaaS governance requires continuous monitoring of a dynamic workforce. When Zuora onboarded SaaS Manager, they found that 20% of users on paid license tiers hadn't logged in to licensed applications for more than 90 days.
SaaS Manager identifies unused licenses and redundant applications across the entire portfolio, providing IT and procurement teams with a continuous view of opportunities to cut and consolidate spend.
Zuora achieved 10x ROI within six months and reduced license management effort by 90%. "SaaS Manager is a trusted source of information for IT and Procurement," said Paul Heard, Chief Information Officer at Zuora. "We can now maximize the value from our SaaS purchases."
Effective governance requires consistent enforcement of access policies. Teams that rely on manual processes risk inconsistent enforcement, fall behind on access reviews, and create conditions for burnout.
"From onboarding to offboarding, SaaS Manager automates the user lifecycle," Bernard Isibor, IT Engineer at Elastic, told 1Password. That includes automated Slack nudges to inactive users. If they confirm they no longer need access, the license is reclaimed, and the action is logged, without an IT ticket. "We now have full confidence that leavers can no longer access our SaaS tools," said Rusty Searle, Head of IT at Elastic.
Employees can request access through a self-service portal, and IT approves or revokes through a single interface. For the recurring work, pre-built automation handles license reclamation and deprovisioning, with a library of templates covering license-tier downgrades and rightsizing recommendations. IT configures both through a no-code workflow builder. The audit trail generated across every automated workflow takes the manual work out of SOC 2, ISO 27001, SOX, PCI, or other compliance reviews.
Every subscription includes access to the MCP Server for 1Password SaaS Manager. It provides agentic AI systems and LLM-based tools with secure, programmatic access to SaaS Manager’s API, enabling them to continuously ingest data, detect anomalies, and automate governance workflows. With the connection, IT gains visibility into AI agent access events.
We believe that is the standard IT, security, and finance teams will require in 2027.
SaaS Manager is part of 1Password's Unified Access platform, connecting SaaS governance to the credentials and identities that secure every app in your portfolio. Read the report, or see what IT teams who use it every day have to say.
Read what fellow IT professionals say about SaaS Manager on Gartner Peer Insights™.
Schedule a demo to see how your org could go from app sprawl to governed access.