🔐

Front office · People

Every hire set up on day one. Every departure shut off in 24 hours.

Turnover means touching every system by hand — and an ex-worker who still has login access is a breach and a compliance exposure. One form, your one-click approval, and every account is granted or revoked from a tracked checklist with a full audit trail: who requested, who approved, when each system was actioned.

Replaces:Office manager (onboarding/offboarding admin)IT admin time per hire and terminationThe unmeasured risk of an ex-employee with live access≈ $1.2K–$3.5K/mo of labor scoped to replace

What this module does

Four capabilities that show up in week one.

01

One form for the whole company

Managers use a single tokenized form for every hire and departure — no logins, no tickets. Nothing changes until the named approver clicks approve, so every account traces to a request and an approval on record.

02

Role templates decide access

Each role maps to exactly the systems it needs. A new CSR gets the CSR set — nothing more. Access beyond the role requires its own approved request.

03

Revocations on a 24-hour clock

The moment a departure is approved, every system the person ever had access to goes on a revocation checklist with a 24-hour SLA — auto-executed where a connector exists, tracked runbook steps where it does not. Overdue revocations alarm.

04

The audit trail is the artifact

Who requested, who approved, who executed, and when — per system, per worker. In regulated industries (telecom CPNI, lending) this is the difference between a policy and proof.

How it works

During setup we inventory every system a worker can touch and define role templates. From then on: a manager submits the form, the approver gets a one-click approve/reject email, and approval explodes into per-system tasks — grants on a 3-day clock for hires, revocations on a 24-hour clock for departures. Systems with a connector execute automatically and confirm themselves; the rest run as assigned runbook steps. Every completion is logged.

Integrates with

Zapier Catch Hooks (~8,000 apps — Google Workspace, M365, CRMs, HR tools)Closed-loop confirm callbacks (a task completes only when the automation actually ran)Tracked manual runbooks for closed systems (carrier portals, legacy tools)

Compliance + guardrails

Nothing is ever granted or revoked without a recorded request and a named approval. Approval links are single-use. Client-supplied text is sanitized in every notification. Departure revocations cover every system the worker ever held, not just their current role. Overdue revocations trip a daily alarm — a departed worker with live access is treated as an incident, not a backlog item.

Availability

Included with any plan

FAQ

Common questions about Hires & Departures.

What if a system has no integration?

It still gets covered. Systems without a connector run as tracked manual runbook steps with an owner and the same SLA and audit trail. Closed systems like carrier portals are exactly why the checklist model exists — nothing is silently skipped.

Who approves?

You name the approver (usually the owner or ops lead). Managers can request; only the approver can approve, from a one-click email — no dashboard required.

Does this replace our HR system?

No — it sits beside it. HR owns employment; this owns ACCESS: the accounts, permissions, and logins across your stack, with the audit trail HR systems don't produce.

The rest of the business backend

Module 11 of 17 in the Morthn operating layer · See all 17