IT OPS

Dormant OAuth Grant Quarterly Revocation Review

Each quarter, identifies OAuth apps that have not been used in 90+ days and compiles a cleanup report in Notion with a per-app recommendation so IT can bulk-revoke stale…

CategoryIT Ops

Enginesim

Difficultyintermediate

Triggerschedule

Steps5

Setup~15 min

How it runs

The automated pipeline, trigger to output.

TriggerQuarterly schedule fires
ActionPull grants with last-activity timestampsCustom MCP server
LogicFlag 90+ day idle apps and score them
ActionBuild Notion review doc with recommendationsNotion
OutputNotify IT channel doc is readySlack

What it does

Finds the long tail of forgotten OAuth grants: apps an employee connected once and never used again. It builds a quarterly Notion review doc ranking each stale app and recommending keep or revoke.

When to use it

Run it as a recurring access-hygiene chore. Dormant grants are pure attack surface with no business value, and a quarterly sweep keeps your authorized-app list lean without disrupting active tools.

How it works

1A quarterly schedule starts the review.
2A custom-MCP call pulls every grant plus its last-activity or last-token-use timestamp.
3A logic step flags apps idle for 90+ days and scores each by scope sensitivity and user reach.
4A Notion action creates a structured review page listing flagged apps with a keep/revoke recommendation and rationale.
5A Slack action notifies the IT channel that the quarterly review doc is ready.
6The output records the review cycle so the next quarter compares against fresh activity data.

Set it up

What you configure once, before turning it on.

1
Connect Custom MCP serverConnect any MCP-compatible tool you own.
2
Connect NotionPages, databases, comments.
3
Connect SlackChannels, DMs, threads, mentions.
4
Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
5
Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
6
Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.

More IT Ops workflows

Outlook Room Conflict Resolver with Approval Gate in Teams

When an Outlook room clashes, proposes a rebooking and asks the bumped meeting's organizer to approve the move in Microsoft Teams before any change is made.

Outlook Room Double-Booking Resolver with Auto-Rebook

Detects when two meetings claim the same Outlook room resource and automatically relocates the lower-priority meeting to a comparable free room.

Self-Service Reclaim Email for Idle Users

Detects users idle in a SaaS app past the threshold and emails each one a keep-or-release link; unanswered seats after the deadline are auto-flagged for removal.

Reconcile SSO logins against expense spend to find unmanaged tools

Joins SSO usage data with expense/payment records in Snowflake to surface tools that are being used but not paid for, or paid for but never logged.

Indoor Air Quality Breach to Tenant Notice and Work Order

Listens for CO2, VOC, or humidity sensor alerts via webhook, and when a zone exceeds occupant-safety limits it emails affected tenants, opens a Monday remediation task.

Daily Building Anomaly Digest to MS Teams

Each morning queries BigQuery for the prior day's flagged sensor anomalies, summarizes them by site and system into a ranked briefing.

Browse all IT Ops →

Run it inside a business

This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.

Software

Agent Hive runs Agent Hive

The team that built Agent Hive, exactly as it runs today.

Marketing

Content Marketing Agency

SEO, blogs, social, and reporting on autopilot.

Media

YouTube Studio

Scripts, edits, thumbnails, and scheduling — every week.

Browse all business templates →Solutions by industry →

Run this workflow in your colony.

14-day trial. No DevOps. No Sales call. Provisioned in under a minute.

Join the Waitlist Browse all workflows →