IT OPS

Reconcile SSO logins against expense spend to find unmanaged tools

Joins SSO usage data with expense/payment records in Snowflake to surface tools that are being used but not paid for, or paid for but never logged.

CategoryIT Ops

Enginesim

Difficultyintermediate

Triggerschedule

Steps5

Setup~15 min

How it runs

The automated pipeline, trigger to output.

TriggerQuarterly schedule fires
ActionQuery SSO usage and expense data from SnowflakeSnowflake
LogicJoin on vendor and classify match status
LogicFilter to used-but-unpaid and paid-but-unused
OutputWrite reconciliation report to NotionNotion

What it does

Shadow SaaS shows up two ways: tools people use without anyone paying through finance, and tools finance pays for that nobody actually signs into. This workflow cross-references both. It pulls SSO application usage and expense line items from Snowflake, joins them on vendor, and classifies each tool as used-but-unpaid, paid-but-unused, or fully matched. The result is a clean reconciliation report in Notion.

When to use it

Run it quarterly during license true-ups or vendor reviews. Great for IT finance partners who want to recover spend on dead subscriptions and catch usage that bypassed procurement, all in one pass.

How it works

1A scheduled quarterly run starts the job.
2Snowflake returns two datasets: SSO usage by application and SaaS expense by vendor.
3A logic step joins them on a normalized vendor key and labels each tool used-but-unpaid, paid-but-unused, or matched.
4A second logic step filters to only the mismatched rows that need attention.
5A Notion page is created with a categorized table of findings and recommended owner per tool.

Set it up

What you configure once, before turning it on.

1
Connect SnowflakeWarehouses, queries, shares.
2
Connect NotionPages, databases, comments.
3
Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
4
Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
5
Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.

More IT Ops workflows

Recurring Sensor Fault Root-Cause Investigator

On a schedule, an agent reviews recent Monday work orders and BigQuery telemetry to identify equipment with repeating faults, drafts a root-cause hypothesis with a recommended fix.

Daily Building Anomaly Digest to MS Teams

Each morning queries BigQuery for the prior day's flagged sensor anomalies, summarizes them by site and system into a ranked briefing.

Agentic Inactive-Seat Reclamation Review

An agent investigates each idle SaaS seat by correlating SSO login gaps with HR status and ticket history, classifies it as reclaim, hold, or escalate, and drafts a reasoned…

Approved-Seat Deprovision Execution

Fires when an IT approver confirms a seat for removal, then executes deprovisioning via the IdP API and logs the action to an audit table and a Linear cleanup ticket.

HVAC Anomaly Detection to Severity-Routed Work Orders

Ingests building HVAC telemetry via webhook, flags out-of-band temperature, pressure, or runtime readings.

Outlook Room Conflict Resolver with Approval Gate in Teams

When an Outlook room clashes, proposes a rebooking and asks the bumped meeting's organizer to approve the move in Microsoft Teams before any change is made.

Browse all IT Ops →

Run it inside a business

This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.

Finance

Research & Trading Desk

Governance-first research, execution, and risk — every trade on the audit trail.

Software

Agent Hive runs Agent Hive

The team that built Agent Hive, exactly as it runs today.

Marketing

Content Marketing Agency

SEO, blogs, social, and reporting on autopilot.

Browse all business templates →Solutions by industry →

Run this workflow in your colony.

14-day trial. No DevOps. No Sales call. Provisioned in under a minute.

Join the Waitlist Browse all workflows →