IT OPS
Revoke departed-employee app access on HRIS termination
When a termination record lands via webhook, this workflow revokes the employee's access across Slack, GitHub, and Google Drive, then writes an immutable audit record to Notion.
How it runs
The automated pipeline, trigger to output.
- TriggerHRIS termination webhook receivedHTTP webhook
- LogicConfirm event is a true termination
- ActionDeactivate Slack accountSlack
- ActionRemove from all GitHub org teamsGitHub
- ActionTransfer Google Drive ownership to managerGoogle Drive
- OutputWrite revocation audit record to NotionNotion
What it does
Turns an HRIS termination event into a full access sweep. It deactivates the employee's Slack account, removes them from all GitHub org teams, transfers their Google Drive ownership, and logs every revocation to a Notion audit page with timestamps.
When to use it
Use it the moment HR marks an employee as terminated and you want access killed within minutes, not at the next manual review. Ideal for teams that need a defensible audit trail for SOC 2 or ISO control evidence.
How it works
- 1A termination webhook fires with the employee's email and last day.
- 2A filter confirms the record is a real termination (not a transfer or leave) before any access is touched.
- 3Slack deactivates the user account by email.
- 4GitHub removes the user from every org team and revokes seat access.
- 5Google Drive reassigns file ownership to the employee's manager so nothing is orphaned.
- 6A Notion page logs each action, who triggered it, and the exact UTC time as the permanent audit record.
Set it up
What you configure once, before turning it on.
- 1Connect HTTP webhookTrigger any URL on agent actions.
- 2Connect SlackChannels, DMs, threads, mentions.
- 3Connect GitHubRepos, issues, pull requests, actions.
- 4Connect Google DriveDocs, sheets, slides, files.
- 5Connect NotionPages, databases, comments.
- 6Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
- 7Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
- 8Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.
More IT Ops workflows
Recurring Sensor Fault Root-Cause Investigator
On a schedule, an agent reviews recent Monday work orders and BigQuery telemetry to identify equipment with repeating faults, drafts a root-cause hypothesis with a recommended fix.
Daily Building Anomaly Digest to MS Teams
Each morning queries BigQuery for the prior day's flagged sensor anomalies, summarizes them by site and system into a ranked briefing.
Agentic Inactive-Seat Reclamation Review
An agent investigates each idle SaaS seat by correlating SSO login gaps with HR status and ticket history, classifies it as reclaim, hold, or escalate, and drafts a reasoned…
Reconcile SSO logins against expense spend to find unmanaged tools
Joins SSO usage data with expense/payment records in Snowflake to surface tools that are being used but not paid for, or paid for but never logged.
Approved-Seat Deprovision Execution
Fires when an IT approver confirms a seat for removal, then executes deprovisioning via the IdP API and logs the action to an audit table and a Linear cleanup ticket.
HVAC Anomaly Detection to Severity-Routed Work Orders
Ingests building HVAC telemetry via webhook, flags out-of-band temperature, pressure, or runtime readings.
Run it inside a business
This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.
Run this workflow in your colony.
14-day trial. No DevOps. No Sales call. Provisioned in under a minute.