# How it works

## We extract your context.  We build your workflows.  We maintain everything.

Offboarding, license management, access reviews.

Every app, every exception, every rule. Automated from trigger to report.

Less than a week. ~2 hours of your time.

1. **Your context**  
   We learn your rules

2. **Your blueprint**  
   You review before we build

3. **Build**  
   60+ APIs + browser automation

4. **Deploy**  
   You test before you pay

Live in <1 week

## End-to-end automation for four IT processes.

Each sounds simple until you try to do it completely — every step, across every app, every time, with evidence.

### 01 Offboarding

47 actions across 30 apps, with branching logic per exit type. One click. Full audit trail.

### 02 License Management

Always-on cleanup with app-specific rules. Automated Slack campaigns. Reclaim seats with evidence.

### 03 User Access Reviews

Continuous gap detection, reviewer sign-off in Slack, auditor-ready evidence. SOC 2, ISO 27001, HIPAA.

### 04 Spend Intelligence

Every SaaS dollar classified. Shadow IT surfaced. Stale subscriptions flagged. Unowned apps assigned. Financial data joined with your IT graph so you see every app, every user, every dollar in one place.

## How we engage

### Under a week, start to finish.

You tell us the what. We figure out the how.

1. **Learn your setup**  
   We learn your setup
   Every step, every exception, every rule your team follows. Completely understood before we build anything.

What we capture  
   - **Every step:** Who files the ticket? What gets checked, skipped, forgotten?
   - **Every exception:** Contractors vs. FTEs, deferred access, department-specific rules.
   - **Every rule** that lives in someone’s head and nowhere else.

~2 hours  
   Your total time investment

2. **Hypothesis**  
   A detailed blueprint before we build anything
   Step-by-step blueprint of what the automated system will do. You review. Nothing is built until confirmed.

What's in the blueprint  
   - **Every trigger:** What starts the workflow
   - **Every branch:** Different paths by exit type, department, app
   - **Every app action:** What happens in each app, via API or browser

You review it first

Every trigger, branch, action, and exception handler — visible before a single line of code is written.

3. **Build**  
   Four building blocks
   Every workflow is assembled from the same components.

- Workflow logic
   - Deep integrations
   - Browser automation
   - Reusable components

4. **Deploy**  
   Sandbox first. Start small, confirm, expand.

- **Phased testing:** Expected paths and edge cases verified before go-live.
   - **Transparent logic:** Every trigger, branch, action, and exception handler is visible. No black box.
   - **You test before you pay:** Offboarding runs in production before billing starts.

Risk-free onboarding

5. **Ongoing**  
   We maintain everything underneath
   APIs change. Consoles get redesigned. We update. You don't notice.

- **Integration maintenance:** API changes, console redesigns, token refresh — handled before you notice.
   - **All workflows included:** Offboarding, license management, access reviews, spend intelligence. One monthly fee.
   - One vendor. One SOC 2 review.

## Customer stories

### What used to take days now takes seconds.

**45 min per offboard → 47 seconds. L1 runs it now.**  
3 exit types, 4 apps, one click. Navan (no API) handled via browser automation.

**First run found 28 unused seats. ~$3.4K saved on one app.**  
Quarterly license cleanup with app-specific rules. Automated Slack campaigns to inactive users.

**300-500 contractor offboards per day. Single-click approval.**  
Detects Jira tickets automatically, enriches against identity data, batches into one Slack digest. Deactivations and ticket closures run in parallel.

**Quarterly access reviews → continuous monitoring. 35 gaps surfaced.**  
Per-reviewer Slack DMs. 22 accounts removed. Gaps surface the day they happen.

## The anatomy

### Every IT workflow we build has the same skeleton.

1. **Trigger**  
   What starts the workflow. Any combination per workflow.
   - Human ad hoc
   - Scheduled
   - External signal
   - Listener

2. **Rules + Reconciliation**  
   The logic layer that decides what happens.
   - Per-app rules and policies
   - Identity graph reconciliation
   - Conditional branching
   - Filters and exceptions

3. **Human Review**  
   The system handles the routine. Your team handles the exceptions.
   - Slack/Teams DMs
   - Manager approvals
   - Input gathering
   - Exception handling

4. **Actions**  
   Execute via API, browser automation, or ticket creation. Every app, in parallel.
   - Provision / deprovision
   - Modify roles and entitlements
   - Create tickets
   - Suspend, lock, transfer

5. **Reports**  
   Visibility and evidence at every step. Reports can exist without actions. Monitoring mode is a valid entry point.
   - Slack/Teams summaries
   - Auditor-ready evidence
   - Real-time gap alerts

### Three data channels

1. **API**  
   60+ apps, read + write

2. **Browser**  
   Local browser agent for apps without APIs

3. **CSV**  
   Data-in for apps with no API and no automatable web UI
   Upload via Slack or email.
