IT Ops workflows

Aggregates the week's shadow-IT findings and review outcomes from Snowflake and Linear into a single rollup with trends.

When a termination record lands via webhook, this workflow revokes the employee's access across Slack, GitHub, and Google Drive, then writes an immutable audit record to Notion.

After access is revoked, this workflow gathers proof from Slack, GitHub, and Google Drive, writes a structured row per system to a Postgres audit ledger.

When Sentry marks an issue as resolved, drafts a friendly all-clear update, confirms the error rate has actually dropped via Cloudflare.

On a new-hire event from HR, checks which baseline Cloudflare Access apps the role should have, compares against what is actually granted.

Watches Cloudflare for a surge in 5xx responses and, when origin errors confirm a real outage, writes and auto-publishes a degraded-service banner to your status page…

On an offboarding webhook, checks Datadog SSO logs and Snowflake expense records for any tools the departing employee used or paid for outside the managed app catalog.

An agent takes a Sentry-detected outage, judges blast radius, writes channel-tailored updates, and broadcasts to the status page, customer email, and a Discord community at once.

Transcribes inbound voice notes, scores sentiment and urgency with an LLM, files the request in Linear.

Takes a submitted IT onboarding intake form and fans out account creation across CRM, project tracking, and ticketing tools in parallel, then collects the results.

Transcribes an inbound field voice report, classifies its urgency with OpenAI, and either pages the on-call responder via PagerDuty for emergencies or files a standard Trello…

Triggered by an offboarding webhook, this workflow exports the departed user's Drive and Dropbox files into a dated archive in object storage and logs the retention record…

An agent reviews per-user usage telemetry to distinguish never-used seats from premium-tier overprovisioning, drafts a personalized recommendation per user.

Monitors a forwarding inbox for SaaS welcome and verify-your-email messages, extracts the app and the employee.

When a PagerDuty incident resolves, this drafts the closing status-page update plus a short customer-facing recap, gets it approved in Slack, and publishes the resolution.

Classifies severity from a maintenance photo and, only for emergencies like floods or electrical hazards.

When a PagerDuty incident escalates or its priority changes, regenerates an honest.

Detects users approaching the idle-seat cutoff, emails them a keep-or-lose-it nudge with a grace window, and auto-revokes only those who stay inactive through the deadline.

Detects users approaching the idle-seat cutoff, emails them a keep-or-lose-it nudge with a grace window, and auto-revokes only those who stay inactive through the deadline.

Starts on a manager's offboarding request, asks them to approve the revocation list in Slack, then sweeps the approved systems and reports back which seats were confirmed revoked.

When HR marks an employee as departed, this sweeps every connected SaaS tool, deactivates their seat.

On a schedule ahead of a maintenance window, OpenAI drafts a maintenance notice, posts it to the status page, announces in Slack.

From a maintenance event on a shared calendar, this drafts an advance status-page notice with the window and expected impact, approves it in Slack, and schedules publication.

When a new shadow-IT Linear issue is created, an agent researches the vendor's security posture and data practices on the web, writes a risk brief into the issue.

When a SaaS renewal date approaches via webhook, the CEO agent cross-references SSO usage against contracted seats and drafts a rightsizing brief recommending exactly how many…

An agent that investigates a named departed employee across your systems, finds every lingering access grant and shared resource.

When HR marks an employee as departed, sweep every connected SaaS tool, revoke the person's seats.

Classifies a Sentry-confirmed incident into a severity tier and routes the right plain-language update to the right place: critical posts to the status page immediately.

When a Sentry issue crosses an alert threshold, drafts a customer-readable incident update with a severity tier, routes it to Slack for one-tap approval.

On a fixed schedule, pulls all currently open Sentry issues above a severity floor, writes a single consolidated plain-language status digest.

An on-call engineer submits a short incident form via webhook; the flow enriches it with the linked Sentry issue, drafts a customer-ready update at the chosen severity.

When a Datadog monitor trips, this drafts a public status-page update with tone matched to the alert's priority and posts it to a Slack approval channel before anything goes live.

When Sentry flags a spiking error, drafts a customer-readable status update with a sensible ETA and posts it to Slack for one-click approve or edit before anything goes public.

When the Datadog monitor that opened an incident recovers, this drafts a plain-language "resolved" update and routes it to Slack for a final human sign-off before closing…

Monitors a shared IT inbox for SaaS welcome and verification emails sent to company addresses, uses an LLM to identify the vendor and the employee.

An agent takes a new-department brief, provisions the Outlook shared mailbox, configures signature and auto-reply, creates a Teams channel, and files an onboarding doc.

Monitors a resolving incident and, once Sentry error volume drops back to baseline and stays there, drafts and posts a friendly resolved update closing out the status-page…

Receives HVAC sensor alerts via webhook, classifies severity by deviation from setpoint, and pages the assigned mechanical vendor's on-call while logging the incident to Airtable.

An agent reviews each onboarding access request against your written access policy, flags over-provisioned or unusual requests for IT, and auto-approves the rest.

Routes a new hire's requested app access through their manager for approval, then provisions only the approved apps and logs the decision for audit.

Detects Google Workspace users with no Drive activity for a configurable window, confirms each with their department lead in Slack.

Runs every morning, cross-checks an offboarding roster against live access in GitHub and Google Drive, and flags any account that should have been revoked but is still active.

An IT admin types an offboarding command in Slack with an employee email, and the workflow revokes GitHub and Google Drive access.

An agent investigates everywhere a departed employee still has access across connected systems, decides what to revoke versus reassign, executes the changes.

When your HRIS sends a termination event, this looks up every Cloudflare Access app the departing employee can reach, revokes those grants.

On a scheduled run, this workflow finds recently departed users still holding paid SaaS seats, reclaims the licenses, and reports the monthly savings to finance and IT.

When an HR webhook marks an employee as departed, instantly enumerates all their SaaS seats and opens a single consolidated deprovision approval with a Slack approve/deny prompt…

When an HR offboarding event fires, it sweeps every SaaS app for seats still assigned to the departed user, cross-checks SSO to confirm no recent activity.

Each morning compares the live Cloudflare WAF rulesets against the version-controlled config in Git and reports any out-of-band drift to Slack and a Notion audit log.

Watches for offboarding tickets and works the access-revocation checklist item by item.

Triggered by an onboarding webhook, builds the new hire's welcome kit by creating their personal folder, granting access to role-relevant docs and handbooks.

Triggered by a last-day calendar event, this workflow waits until end of day, then revokes Slack and GitHub access and emails the manager a completed offboarding checklist.

When a PagerDuty incident is triggered, drafts a customer-safe status-page note with OpenAI, posts it to your status webhook.

On a new hire's start date, verifies every required account was actually created across systems and nudges IT about any gaps before the employee logs in.

An agent takes a departing employee's name, discovers every SaaS tool they touch across your org, revokes access in each.

When an on-call lead clicks Approve on a drafted update in Slack, this publishes it to the status page and simultaneously broadcasts the same wording to customers via email…

Each morning, scans for hires starting in three days and pre-stages their accounts and welcome materials so everything is ready before day one.

When HR marks a new hire as starting, this provisions their core SaaS accounts (email, chat, file storage) based on their department and posts a checklist to the IT channel.

For each near-expiry certificate, an agent figures out the responsible service owner from your records, drafts a renewal action plan, files a tracking ticket.

Joins SaaS charges from Snowflake with first-seen domains from Cloudflare DNS to confirm real shadow-IT adoption, scores each tool by spend and reach.