IT OPS
Offboarding SaaS Seat Sweep with Confirmation Ledger
When HR marks an employee as departed, this sweeps every connected SaaS tool, deactivates their seat.
How it runs
The automated pipeline, trigger to output.
- TriggerHRIS webhook: employee marked departedHTTP webhook
- ActionRevoke GitHub org membership and re-check by emailGitHub
- ActionDeactivate Slack member and verify statusSlack
- LogicBranch: confirmed vs. unconfirmed revocation
- ActionAppend per-system result row to offboarding ledgerNotion
- OutputPost unconfirmed items to IT channel for follow-upSlack
What it does
Kicks off the moment an employee's status flips to "offboarded" and runs a full access-revocation pass across your SaaS stack. For each tool it attempts to deactivate the user's seat, then re-checks the tool's API to confirm the seat is actually gone before marking that line item done. Anything it can't confirm is flagged for a human.
When to use it
Use it as your standing offboarding runbook so departures never leave dormant logins behind. Ideal for teams that have failed an access-review audit or want a defensible paper trail proving each seat was revoked on a specific date.
How it works
- 1An HR/HRIS webhook fires when someone is marked departed, carrying their email and accounts.
- 2The flow fans out a revocation call to each SaaS tool (GitHub, Slack, and others) using that email.
- 3After each call it re-queries the tool to verify the seat no longer exists, branching to a retry or a flag on mismatch.
- 4Every result — confirmed, failed, or needs-review — is written as a row in a Notion offboarding ledger.
- 5A summary of unconfirmed items is posted to the IT channel so a human closes the loop.
Set it up
What you configure once, before turning it on.
- 1Connect HTTP webhookTrigger any URL on agent actions.
- 2Connect GitHubRepos, issues, pull requests, actions.
- 3Connect SlackChannels, DMs, threads, mentions.
- 4Connect NotionPages, databases, comments.
- 5Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
- 6Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
- 7Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.
More IT Ops workflows
Recurring Sensor Fault Root-Cause Investigator
On a schedule, an agent reviews recent Monday work orders and BigQuery telemetry to identify equipment with repeating faults, drafts a root-cause hypothesis with a recommended fix.
Daily Building Anomaly Digest to MS Teams
Each morning queries BigQuery for the prior day's flagged sensor anomalies, summarizes them by site and system into a ranked briefing.
Agentic Inactive-Seat Reclamation Review
An agent investigates each idle SaaS seat by correlating SSO login gaps with HR status and ticket history, classifies it as reclaim, hold, or escalate, and drafts a reasoned…
Reconcile SSO logins against expense spend to find unmanaged tools
Joins SSO usage data with expense/payment records in Snowflake to surface tools that are being used but not paid for, or paid for but never logged.
Approved-Seat Deprovision Execution
Fires when an IT approver confirms a seat for removal, then executes deprovisioning via the IdP API and logs the action to an audit table and a Linear cleanup ticket.
HVAC Anomaly Detection to Severity-Routed Work Orders
Ingests building HVAC telemetry via webhook, flags out-of-band temperature, pressure, or runtime readings.
Run it inside a business
This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.
Run this workflow in your colony.
14-day trial. No DevOps. No Sales call. Provisioned in under a minute.