Most SaaS applications are designed to enable third party application integrations using plugins and a no-code approach. For example, a SaaS-based CRM system might offer a plugin to integrate with a SaaS email system.
However, not all 3rd party plugins are created equal. Most are developed by known companies and originate from a reputable source such as an app-store. But some plugins might be developed by individuals without the greatest concerns for security practices and even by malicious developers.
So, while 3rd party plugins are potentially good for productivity, they also create risk exposure. Complex SaaS-to-SaaS relationships lead to the risk of unauthorized data sharing, over-provisioning of permissions, and high privileges granted to unknown SaaS vendors.