12 March 2025

SaaS management platforms empower organizations to address the compounding challenges of SaaS application usage across the business that lead to overspend, elevated risk, lack of visibility and contract sprawl. This inaugural Magic Quadrant helps I&O leaders identify suitable vendors.

Strategic Planning Assumptions

* Through 2027, organizations that fail to centrally manage SaaS life cycles will remain five times more susceptible to a cyber incident or data loss due to incomplete visibility into SaaS usage and configuration.

* Through 2027, organizations that fail to attain centralized visibility and coordinate SaaS life cycles will overspend on SaaS by at least 25% due to unused entitlements and unnecessary, overlapping tools.

* Through 2027, over 50% of organizations will centralize SaaS application management using an SMP.

‍

Market Overview

The SMP market focuses primarily on addressing the operational and financial challenges associated with SaaS-hosted application portfolios.

‍
Organizational SaaS spend continues to grow as organizations shift from traditional on-premises application hosting strategies to operationally efficient “as-a-service” delivery models. SaaS spend currently averages $1,370 per-employee , a 55% increase since 2021 (12% CAGR).1 Further compounding the challenge, Gartner estimates that as many as 25% of provisioned licenses are not regularly used by employees. In addition to increased spend, decentralized ownership and sourcing results in increased risk, as organizations are generally only aware of 40% of applications in use. Social media analysis has also revealed that some SaaS application vendors may be adopting less-transparent pricing practices, resulting in further challenges for buyers.

‍
Emerging governmental regulations (see Note 1) focused on asset discovery, risk assessment and disclosure require that many organizations maintain an accurate inventory of their application portfolio. Given the lack of visibility into SaaS application usage, most organizations will be unable to fully comply without a centralized SMP, alongside other asset management and security tools. Though the majority of regulations are currently focused on specific industries (mainly financial services and technology providers), Gartner expects these regulations to expand to all industries in the near future, further driving SMP market growth.

‍
SMP providers often target four discrete buyer personas: IT asset management, IT security and compliance, IT procurement and IT operations. However, SMP features often are oriented toward the needs of IT procurement and IT operations, and most providers have the best success marketing and selling to them.

‍
Many Gartner clients are not yet fully aware of the complexity and challenges presented by unmanaged SaaS portfolios and frequently rely on traditional, yet ineffective, tools and methods to identify and manage discrete SaaS application entitlements and usage. SaaS security tools such as SaaS security posture management (SSPM), cloud access security brokers (CASBs), and security service edge (SSE) can generally identify and block visits to SaaS provider websites. However, they often lack the context to distinguish between a site visit and actual usage. These tools also lack functionality to manage, automate, optimize or enable SaaS entitlements.

‍
While hype has progressed past the Peak of Inflated Expectations (see Hype Cycle for Digital Workplace Infrastructure and IT Operations, 2024), demand from Gartner clients for SMP and related strategy topics remains low. Most conversations with Gartner clients are currently focused on solving a specific problem: trying to understand the market landscape; choosing between SMP, SaaS security and software asset management (SAM) tools; and overcoming resistance to adding another tool. Despite low client demand, Gartner recommends that organizations implement the capabilities of an SMP to reduce the financial, operational and visibility risks associated with unmanaged applications and the largely underestimated size and related spend within the SaaS portfolio.

‍
Most of the vendors in this market are fairly nascent. Due to the relatively low market maturity and vendors’ need to generate revenue, buyers have significant leverage when negotiating SMP contracts. Despite this leverage, Gartner recommends negotiating relatively short-term contracts (one or two years), as it is difficult to determine the overall viability for many of the vendors in this report. Outcomes such as mergers, acquisitions and financial instability may impact the serviceability of vendors in this market.

‍
Over the next 12 to 18 months, Gartner anticipates the following demand-side market changes:
* Stronger partnerships and collaboration across procurement, finance, IT security and applications, and lines of business to control SaaS sprawl.
* Organizations will centralize SaaS portfolio responsibility and will formalize roles in response to increased regulation and cost scrutiny.
* Demand and budget for SaaS management will increase as organizations realize the magnitude of unmanaged SaaS cost, sprawl and risk, while adoption growth remains uncontrolled.
* Increased use of SMP to monitor SaaS adoption and measure return on strategic SaaS investments.
* Rising demand for simplified contract negotiation and renewal, and detailed usage data to support rightsizing of contracts.
‍

Over the next 12 to 18 months, Gartner anticipates the following supply-side market changes:
* SMP vendors will increase their focus on high-value use cases within IT operations and IT procurement.
* Traditional SAM market vendors will expand their capabilities to include SMP use cases.
* Continued investor interest in and further funding of SMPs.
* Increased normalization in base feature sets due to coalescing buyer needs and vendors’ needs for increased operational scalability.
* Increased partnerships, as well as mergers and acquisitions, among SMP and adjacent tool vendors.
* Introduction of managed services offerings from SMP, consulting and outsourcing vendors to address skills gaps. Few SMPs offer managed services today.
* Increased focus on automation of common IT operations tasks, such as automatic inactive license harvesting.
* Increased number of direct SaaS application integrations from the average of 114 per vendor today.
* Enhanced risk rating for SaaS applications, including compliance with common certifications and detection of data breaches.

Market Definition/Description

Gartner defines SaaS management platforms (SMP) as software tools that aim to help organizations discover, manage, optimize and automate the SaaS application life cycle from one centralized console. Core SMP capabilities include discovery, cost optimization, employee self-service via an application store, insights to increase adoption and automation of onboarding/offboarding activities.

As SaaS adoption accelerates, IT leaders struggle to discover and support SaaS-hosted applications in accordance with company, market or geographic policies and regulations. Increased SaaS costs — combined with limited visibility into the entire SaaS portfolio (including unapproved SaaS) and high levels of overdeployed and underconsumed licenses — result in significant financial, operational and cybersecurity risk. SMPs help mitigate these risks and offer these benefits:

* Discovery and monitoring of approved and unapproved SaaS usage.
* Increased SaaS ROI due to providing data to help drive adoption.
* Improved management, forecasting and decision making regarding SaaS contracts and renewals, as well as optimized costs and license entitlements.
* Enhanced employee experience via a curated self-service app catalog or store to find and request access to approved SaaS apps.
* Streamlined onboarding of new SaaS apps to the organization.
* Reduced IT overhead with automation of configuration and policy management.
* Increased collaboration between teams that participate in the SaaS application life cycle, including all stakeholders internal and external to IT.
* Reduced risk with greater awareness of unapproved SaaS applications that are not integrated into corporate identity providers.
* Improved ability to comply with an increasing number of new regulations that require complete awareness of where company and customer data resides, and accelerated disclosure of potential breaches or vulnerabilities.

Common use cases include:
* Discover: Uncover sanctioned and unsanctioned SaaS use and costs, while balancing employee privacy.
* Optimize: Analysis, insights, alerting and automation to optimize SaaS costs and entitlement.
* Enable: Availability of an employee-facing application store or catalog to simplify SaaS requests. Analysis, insights and alerting to help drive SaaS adoption and maximize ROI.
* Automate: Simplify SaaS administration (request fulfillment, onboarding, offboarding, license reclamation, etc.) with customizable and template-based workflows.
* Manage: Management of configuration, policy, users and licenses via read/write API integration.
* Comply: Identification of SaaS applications and common certification details to determine compliance with industry regulations and organizational policy.

Must-Have Capabilities

The must-have capabilities for this market include:
* The ability to discover authorized and unauthorized SaaS usage via browser extension, device agent, financial/expense systems integration, security tool integration (including but not limited to SASE, SSE, CASB, SIEM, SWG, firewall and EDR), SSO and IDP platform integration, endpoint management tool integration, email system integration or direct API integration with SaaS applications.
* The ability to optimize SaaS-related expenses, including the ability to identify redundant applications, identify and reallocate unused licenses, optimize usage, forecast SaaS expenses and assign ownership of applications to business owners outside of IT with role-based access controls.
* The ability to directly manage common SaaS applications from the SMP via read/write API integration.

Standard Capabilities

The standard capabilities for this market include:
* A platform compliant with applicable regulatory requirements, such as GDPR and SOC2 II.
* Extensibility via APIs, integrations, as well as providing capability for data import and export.
* An employee self-service SaaS application catalog, including a high number of direct SaaS application integrations.

Optional Capabilities

Optional capabilities for this market include:
* Providing risk and compliance ratings for discovered apps, including applicable certifications.
* Pricing and adoption benchmarking reports.
* Vendor and contract management capabilities.
* GenAI integration for admins.
* Application request form and process for employees to request SaaS applications.

‍