HR & RECRUITING
Route New-Hire Access Requests to IT by Department
On a new HRIS record, this decides which systems and groups the hire needs from their department and seniority.
How it runs
The automated pipeline, trigger to output.
- TriggerNew employee row inserted in HRIS tablePostgres
- LogicMap department and seniority to least-privilege access profile
- ActionOpen Linear access-provisioning issue with per-grant checklistLinear
- OutputEmail the hiring manager the issue link for approvalGmail
What it does
Reads a new employee record and produces a precise access request for IT. Instead of a vague "set up the new person" ticket, it expands the hire's department and level into the concrete list of SaaS apps, repo access, mailing lists, and security groups they should receive, then files a single structured Linear issue with that list as a checklist.
When to use it
Use it when access creep and inconsistent grants are a problem and you want least-privilege provisioning driven by role rather than by whoever sets up the account. Good for teams that already run IT work through Linear.
How it works
- 1A new row in the HRIS table (Postgres) triggers the flow with department, title, and manager.
- 2A logic step maps department plus seniority to an access profile — the apps, groups, and repos that role gets by default.
- 3It builds a Linear issue titled for the hire, with each grant as a checkbox sub-item and the manager named as approver.
- 4The issue is assigned to the IT provisioning team with a due date before the start date.
- 5A confirmation with the issue URL is sent to the hiring manager for sign-off.
Set it up
What you configure once, before turning it on.
- 1Connect PostgresAny Postgres URL — query, write, migrate.
- 2Connect LinearIssues, projects, cycles, triage.
- 3Connect GmailRead, draft, send, label.
- 4Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
- 5Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
- 6Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.
More HR & Recruiting workflows
Assemble and send the debrief packet after the final interview
Triggered when a candidate's final interview ends on the calendar, it waits a short window for scorecards, compiles the aggregated packet to Google Drive.
New-Hire Credential Intake to Renewal Calendar Holds
When a new credential is added to the tracker, it validates the record, files the document.
Credential Renewal Evidence Verification Agent
When an employee replies with a renewed credential document, an agent reads the attachment, extracts the new expiry date and credential number.
Escalate Compliance-Blocking Credential Lapses to Managers
Each day it finds credentials that have already expired or expire within 48 hours and are flagged compliance-blocking.
Day-one readiness orchestrator across all onboarding owners
An agent-driven coordinator that, when a hire is launched, plans the full provisioning program across IT, Facilities, and Finance, opens the work in your tracker.
Loom intake to req-tracker row in Airtable
Transcribes a hiring manager's Loom intake, scores the brief for completeness, and either logs a ready req in Airtable or routes incomplete intakes to a follow-up Slack ping.
Run it inside a business
This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.
Run this workflow in your colony.
14-day trial. No DevOps. No Sales call. Provisioned in under a minute.