IT OPS
Offboarding Orphaned Access Sweep Agent
An agent that investigates a named departed employee across your systems, finds every lingering access grant and shared resource.
How it runs
The automated pipeline, trigger to output.
- TriggerChat request names the departed employee
- ActionQuery GitHub for lingering access and tokensGitHub
- ActionFind owned and externally shared Drive filesGoogle Drive
- LogicReason over findings and rank by riskOpenAI
- OutputDeliver prioritized remediation planSlack
What it does
Runs an investigative sweep for a single departed person whose offboarding may have been incomplete. The agent reasons across multiple systems to find access that survived the official offboarding: stale tokens, lingering group memberships, shared documents, and service accounts they still own, then writes a ranked remediation plan.
When to use it
Use this during a security review, after a rushed departure, or when an audit flags a former employee. It is for the messy real-world cases where a simple checklist isn't enough and you need judgment about what's risky.
How it works
- 1A chat request kicks off the sweep with the departed employee's name and email.
- 2The agent queries GitHub for lingering org membership, owned repos, and active personal tokens.
- 3It searches Google Drive for files the user still owns or has shared externally.
- 4It checks Slack for active sessions and channel memberships tied to the account.
- 5It reasons over the findings, ranks each by risk, and drafts a remediation plan.
- 6It delivers the prioritized plan and risk notes to the security review channel for sign-off.
Set it up
What you configure once, before turning it on.
- 1Connect GitHubRepos, issues, pull requests, actions.
- 2Connect Google DriveDocs, sheets, slides, files.
- 3Connect SlackChannels, DMs, threads, mentions.
- 4Connect OpenAIModels, embeddings, files.
- 5Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
- 6Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
- 7Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.
More IT Ops workflows
Recurring Sensor Fault Root-Cause Investigator
On a schedule, an agent reviews recent Monday work orders and BigQuery telemetry to identify equipment with repeating faults, drafts a root-cause hypothesis with a recommended fix.
Daily Building Anomaly Digest to MS Teams
Each morning queries BigQuery for the prior day's flagged sensor anomalies, summarizes them by site and system into a ranked briefing.
Agentic Inactive-Seat Reclamation Review
An agent investigates each idle SaaS seat by correlating SSO login gaps with HR status and ticket history, classifies it as reclaim, hold, or escalate, and drafts a reasoned…
Reconcile SSO logins against expense spend to find unmanaged tools
Joins SSO usage data with expense/payment records in Snowflake to surface tools that are being used but not paid for, or paid for but never logged.
Approved-Seat Deprovision Execution
Fires when an IT approver confirms a seat for removal, then executes deprovisioning via the IdP API and logs the action to an audit table and a Linear cleanup ticket.
HVAC Anomaly Detection to Severity-Routed Work Orders
Ingests building HVAC telemetry via webhook, flags out-of-band temperature, pressure, or runtime readings.
Run it inside a business
This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.
Run this workflow in your colony.
14-day trial. No DevOps. No Sales call. Provisioned in under a minute.