Workflow Automation

Workflow automation runs actions in response to identity events — notify, open a ticket, call a webhook, or provision — so governance and lifecycle steps happen without manual follow-up.

Admin console: /admin/workflows

Concepts

• Trigger — the event that fires a workflow. Supported emit points include JOINER, LEAVER (deprovisioning), PROVISION_FAILED, and SIGN_IN.
• Action executor — what the workflow does: NOTIFY, WEBHOOK, OPEN_TICKET (via the ticketing integrations), or PROVISION (the downstream/JIT path).
• Best-effort — a workflow failure never aborts the auth or provisioning flow it hangs off.

How it works

When a trigger fires, the workflow engine dispatches the configured actions. A joiner can kick off provisioning + a welcome notification; a leaver can deprovision + open an offboarding ticket; a failed provision can alert an admin. Because hooks are best-effort, a downstream hiccup won't break the primary flow.

Typical setup

1. /admin/workflows → create a workflow.
2. Pick a trigger (JOINER / LEAVER / PROVISION_FAILED / SIGN_IN).
3. Add one or more actions (NOTIFY / WEBHOOK / OPEN_TICKET / PROVISION).

Related

• Reconciliation — remediate drift the automation surfaces.
• Integrations — ticketing and webhook targets.