IT OPS
Reconcile offboarding actions into a queryable audit ledger
After access is revoked, this workflow gathers proof from Slack, GitHub, and Google Drive, writes a structured row per system to a Postgres audit ledger.
How it runs
The automated pipeline, trigger to output.
- TriggerOffboarding-complete webhook receivedHTTP webhook
- ActionVerify GitHub access removedGitHub
- ActionVerify Google Drive shares removedGoogle Drive
- LogicSplit confirmed vs unconfirmed systems
- OutputInsert per-system rows into Postgres ledgerPostgres
- ActionAlert IT on any unconfirmed revocationSlack
What it does
Closes the audit loop. Following an offboarding, it re-checks each system to confirm access is actually gone, writes a structured evidence row per system into a Postgres ledger, and raises an alert if any system still reports active access.
When to use it
Use it when auditors need queryable, per-system proof that revocation happened, not just a free-text note. The Postgres ledger lets you answer "prove this person lost access on this date" with a single query.
How it works
- 1An offboarding-complete webhook fires with the employee email and run id.
- 2The workflow re-checks GitHub to verify org membership is gone.
- 3It re-checks Google Drive to verify no active shares remain.
- 4A branch separates confirmed-revoked systems from any still showing access.
- 5Confirmed evidence rows are inserted into the Postgres audit ledger, one per system, with status and timestamp.
- 6Any unconfirmed revocation triggers a Slack alert to IT so the gap is fixed immediately.
Set it up
What you configure once, before turning it on.
- 1Connect HTTP webhookTrigger any URL on agent actions.
- 2Connect GitHubRepos, issues, pull requests, actions.
- 3Connect Google DriveDocs, sheets, slides, files.
- 4Connect PostgresAny Postgres URL — query, write, migrate.
- 5Connect SlackChannels, DMs, threads, mentions.
- 6Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
- 7Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
- 8Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.
More IT Ops workflows
Recurring Sensor Fault Root-Cause Investigator
On a schedule, an agent reviews recent Monday work orders and BigQuery telemetry to identify equipment with repeating faults, drafts a root-cause hypothesis with a recommended fix.
Daily Building Anomaly Digest to MS Teams
Each morning queries BigQuery for the prior day's flagged sensor anomalies, summarizes them by site and system into a ranked briefing.
Agentic Inactive-Seat Reclamation Review
An agent investigates each idle SaaS seat by correlating SSO login gaps with HR status and ticket history, classifies it as reclaim, hold, or escalate, and drafts a reasoned…
Reconcile SSO logins against expense spend to find unmanaged tools
Joins SSO usage data with expense/payment records in Snowflake to surface tools that are being used but not paid for, or paid for but never logged.
Approved-Seat Deprovision Execution
Fires when an IT approver confirms a seat for removal, then executes deprovisioning via the IdP API and logs the action to an audit table and a Linear cleanup ticket.
HVAC Anomaly Detection to Severity-Routed Work Orders
Ingests building HVAC telemetry via webhook, flags out-of-band temperature, pressure, or runtime readings.
Run it inside a business
This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.
Run this workflow in your colony.
14-day trial. No DevOps. No Sales call. Provisioned in under a minute.