Five stages. One signed decision. No orphaned sessions.
Every identity change — joiner, mover, or leaver — routes through the same deterministic pipeline. The parse step is the only place a language model touches the decision; everything downstream is structured data, OPA policy, signed packets, and tamper-evident logs.
The bill for a manual offboarding.
Six portals. Four HR tickets. A checklist in Notion that nobody reads. Licenses still billing weeks after someone walked out the door. It's a tax you pay every time a contract ends.
Industry baseline for a single manual IT offboarding — labour only, no license waste.
IT + HR coordination across disconnected admin consoles, per departing employee.
Typical window between a termination notice and the last portal finally revoked.
Portals that produce a tamper-evident, SOC 2-ready audit trail out of the box.
The five stages, in order.
Gatekeeper
Natural-language intake from Slack, Teams, a webhook, or an HR ticket. Gemini distills the raw text into a structured IntentPacket with a confidence score. Adversarial inputs (prompt injection, schema hijack) are caught by a deterministic post-filter before the packet enters the rest of the pipeline.
Metadata
Parallel lookups against HRIS (BambooHR and Workday today; Rippling on the roadmap), your asset system, and every connected portal. Three questions answered: is this person really terminated, what do they still own, and does the HRIS agree with the requester?
Risk
Signals combine into a deterministic, explainable score: privileged account, production ownership, HRIS disagreement, recency, dollar value. Above 0.75 it routes to HITL; above 0.95 it blocks. Every component of the score is in the audit log.
Policy (OPA)
Open Policy Agent evaluates every decision against your tenant's Rego. Allowed actions are then signed with a per-tenant HMAC-SHA256 key so the executor never runs an unsigned packet. The signing key lives in Vault; the doer fetches it just-in-time per execution. (Asymmetric Ed25519 signing — so a compromised doer cannot forge — is on the near-term roadmap.)
Doer Agent
Fetches a 60-second JIT credential from Vault, calls each portal's API in parallel, and writes a SHA-256-chained event to the Zero-Trust WORM ledger for every action. Soft phase (deactivate + revoke sessions) is immediate; hard phase (delete) defers 5 minutes so reinstate-on-mistake works.
What the executor actually receives.
Each downstream call is driven by a single signed packet. Here's the shape:
{
"intent_id": "01J9F2W3Q5R7T9V1X3Y5Z7B9",
"intent_type": "offboard",
"target_identity": {
"email": "john.doe@acme.com",
"hris_id": "bh-4471"
},
"actions": [
{"system": "okta", "verb": "deactivate"},
{"system": "m365", "verb": "block_signin"},
{"system": "github", "verb": "remove_from_org"},
{"system": "slack", "verb": "deactivate"},
{"system": "zoom", "verb": "delete"},
{"system": "salesforce", "verb": "freeze_with_grace_30d"}
],
"risk_score": 0.41,
"opa_decision": "allow",
"issued_at": "2026-05-17T03:14:24Z",
"signature": "hmac-sha256:7f2ac91ed604b3e1...",
"tenant_id": "acme-prod"
}
The same packet shape carries a provision (new-hire grant) or modify (role change) intent — only the intent_type and actions differ. Offboarding is validated end-to-end against a live tenant; the joiner, mover, and access-review paths are code-complete and in active validation, dark behind feature flags until each connector is flipped live.
See it run on your stack.
A 20-minute screen-share. We point a sandboxed tenant at your test directory. You watch a real offboarding go from Slack message to six portals revoked in under fifteen seconds — or we stop early and you have nothing to evaluate.
Or read the security model first.