In case anyone is wondering, here is the proposal from Cloudflare: https://blog.cloudflare.com/saas-to-saas-security/

TL;DR: visibility and control for all connections (marketplace apps, 4th parties) to your 3rd party SaaS platforms. See which connections are active as well as when and how much they transmit. Transparent token splitting to force connections through the proxy as well as instant token revocation and ACLs.

We are currently building this and would appreciate your feedback!