JML LIFECYCLE AUTOMATION
A complete rebuild of the employee lifecycle automation suite from scratch — covering every touchpoint from day-one provisioning to final offboarding. Not a patch job: a ground-up redesign of how a 500+ person company manages its people operations in IT.
95%+
Time Reduction
2–4 hrs → 5–10 min
500+
New Hires/Year
3K+
Hours Saved/Year
80%
Error Reduction
OVERVIEW
JML — Joiners, Movers, Leavers — is the operational backbone of IT. When it breaks, new hires don't have access on day one. When someone leaves and offboarding is manual, accounts stay open. When an employee moves teams, their access doesn't update. All of it creates security risk, compliance exposure, and operational chaos.
The previous system was fragmented: some processes were partially automated, others relied entirely on manual IT work, and most had no deduplication logic — meaning the same event could trigger multiple duplicate tickets across systems.
The rebuilt suite eliminated all of that. Every employee event — hire, offboard, leave of absence, rehire, name change, manager change, department change, location change — is now automatically detected via Workday API polling, ticketed with full audit evidence in Freshservice, and actioned across Okta, Slack, Google Workspace, and every connected system — without a human touching it.
COMPONENTS
Onboarding — CorpSys Service Bot
Replaced a 2–4 hour manual email process with a fully Slack-native provisioning flow. Hiring managers complete all IT setup for new hires — app access, Slack channels, Google Groups, IT preferences — through a structured modal interface without ever leaving Slack.
- • Dynamic app search and selection with real-time Okta provisioning
- • 24-hour submission deadline automatically enforced before start date
- • Deduplication prevents double-submissions across hiring workflows
- • Mobile-compatible — works on Slack mobile app
Offboarding
Triggered automatically when Okta detects a deactivation. The offboarding sequence runs a coordinated series of actions across multiple systems — all logged, all auditable, no manual intervention required.
- • Equipment return label generation and shipping coordination
- • Google Drive transfer to manager
- • Email forwarding setup with configurable duration
- • Account deactivation across all connected systems
- • Freshservice ticket created with full evidence trail
- • SOX-scoped systems require change tickets even for emergency deactivations
Employee Changes
Scheduled Workday polling detects changes across 10+ employee fields. When a change is detected, the system creates individual Freshservice tickets with the prior value, new value, effective date, and confirmation from the employee's manager — fulfilling SOX audit evidence requirements.
- • Fields tracked: name, manager, title, department, sub-department, division, team, location, time type, cost center
- • Deduplication logic prevents duplicate tickets across simultaneous change events
- • Prior and new values captured with timestamps
- • Manager confirmation workflow for sensitive field changes
- • Saves ~300–400 hours/year across the employee changes process
Leave of Absence (LOA)
LOA is deceptively complex — employees can have overlapping, future-dated, and concurrent leave records in Workday. A naive sync would create duplicate tickets and incorrect Okta attribute updates. The solution uses custom Python-based deduplication logic to resolve overlapping records before syncing.
- • Parses all LOA records per employee and determines current true status
- • States: On LOA, Returned from LOA, Future-dated LOA
- • Syncs Workday → Okta on_leave attribute → Freshservice ticket
- • Prevents duplicate LOA tickets across overlapping records
- • Saves ~130–185 hours/year on LOA processing alone
Rehire Processing
Rehire detection uses business-day calendar calculations to distinguish true rehires from same-company conversions (contractor-to-FTE, etc.). For true rehires, the system flags any previously held sensitive group memberships rather than auto-restoring access — a deliberate design choice for SOX compliance.
- • Business-day gap calculation to identify rehire vs. conversion
- • SOX, Finance/ERP, CRM, and Privileged AD groups flagged for manual review
- • Non-sensitive group memberships can be safely auto-restored
- • Full audit trail of prior and restored access