IT OPS
HR Termination Webhook to Cloudflare Access Auto-Revoke
When your HRIS sends a termination event, this looks up every Cloudflare Access app the departing employee can reach, revokes those grants.
How it runs
The automated pipeline, trigger to output.
- TriggerHRIS termination webhook receivedHTTP webhook
- LogicValidate payload and confirm terminated status
- ActionFind all Cloudflare Access grants for the emailCloudflare
- ActionRevoke each matching Access grantCloudflare
- ActionAppend revocation results to Postgres logPostgres
- OutputConfirm revocation summary in SlackSlack
What it does
Turns an HR termination event into immediate, scoped revocation of Cloudflare Access. Instead of waiting for a nightly batch, it removes a departing employee's app grants the moment HR marks them terminated, then reports exactly what was revoked.
When to use it
Use this when you want real-time offboarding rather than a daily sweep, and your HRIS can fire a webhook on status change. It closes the window between termination and access removal that audits and incident reviews care most about.
How it works
- 1An HR webhook delivers a termination payload with the employee's email.
- 2A logic step validates the payload and confirms the status is `terminated`.
- 3It queries Cloudflare for every Access app and policy the email currently has.
- 4For each matching grant, it calls Cloudflare to remove the user from the policy.
- 5The revocation results, including any failures, are appended to a Postgres offboarding log.
- 6A Slack message confirms the employee, the apps touched, and any grants that failed to revoke for manual follow-up.
Set it up
What you configure once, before turning it on.
- 1Connect HTTP webhookTrigger any URL on agent actions.
- 2Connect CloudflareWorkers, Pages, R2, KV — the edge stack.
- 3Connect PostgresAny Postgres URL — query, write, migrate.
- 4Connect SlackChannels, DMs, threads, mentions.
- 5Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
- 6Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
- 7Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.
More IT Ops workflows
Recurring Sensor Fault Root-Cause Investigator
On a schedule, an agent reviews recent Monday work orders and BigQuery telemetry to identify equipment with repeating faults, drafts a root-cause hypothesis with a recommended fix.
Daily Building Anomaly Digest to MS Teams
Each morning queries BigQuery for the prior day's flagged sensor anomalies, summarizes them by site and system into a ranked briefing.
Agentic Inactive-Seat Reclamation Review
An agent investigates each idle SaaS seat by correlating SSO login gaps with HR status and ticket history, classifies it as reclaim, hold, or escalate, and drafts a reasoned…
Reconcile SSO logins against expense spend to find unmanaged tools
Joins SSO usage data with expense/payment records in Snowflake to surface tools that are being used but not paid for, or paid for but never logged.
Approved-Seat Deprovision Execution
Fires when an IT approver confirms a seat for removal, then executes deprovisioning via the IdP API and logs the action to an audit table and a Linear cleanup ticket.
HVAC Anomaly Detection to Severity-Routed Work Orders
Ingests building HVAC telemetry via webhook, flags out-of-band temperature, pressure, or runtime readings.
Run it inside a business
This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.
Run this workflow in your colony.
14-day trial. No DevOps. No Sales call. Provisioned in under a minute.