Schema Forge
Automation Philosophy
Workforce automation requires special care due to the personal nature of employee data and the critical timing of JML events. Missed onboarding tasks create poor employee experiences, while delayed offboarding creates security risks.
- Timing is critical - onboarding must complete before day one, offboarding must happen immediately
- Personal data compliance - automations must respect GDPR and data retention policies
- Clear escalation - progressive alerts with clear owners at each stage
- Audit trails - log all automated actions for compliance
JML Automation: Onboarding Provisioning
JML-01: New Employee Provisioning Trigger
When a new Employee record is created with Status = Active, automatically initiate IT asset provisioning, software access requests, and training enrollment.
Trigger Condition:
Object created: Employee
Condition: Status = "Active"Action 1 - Create IT Asset Provisioning Task:
Issue Type: Task
Summary: IT Equipment Provisioning - {{object.Full Name}}
Description:
New employee requires IT equipment provisioning.
Employee: {{object.Full Name}}
Email: {{object.Email}}
Department: {{object.Department.Department Name}}
Location: {{object.Location.Location Name}}
Role: {{object.Role.Role Title}}
Start Date: {{object.Start Date}}
Standard provisioning:
[ ] Laptop or desktop (per department standard)
[ ] Monitor(s) (per role requirements)
[ ] Peripherals (keyboard, mouse, headset)
[ ] Badge/access card
Assignee: IT Asset Management
Due Date: {{object.Start Date}} - 1 day
Priority: High
Action 2 - Create Software Access Tasks:
-- Determine access package based on department
-- For Engineering department:
Applications: GitHub, AWS Console, Jira, Confluence, Slack
-- For Sales department:
Applications: Salesforce, HubSpot, Slack, Zoom
-- For all employees:
Applications: Email, Microsoft 365, SlackAction 3 - Send Welcome Notification:
To: {{object.Email}}, {{object.Manager.Email}}
Subject: Welcome to the team, {{object.Full Name}}!
Hi {{object.Full Name}},
Welcome to {{object.Department.Department Name}}! Your start date is
{{object.Start Date}} at {{object.Location.Location Name}}.
IT is preparing your equipment and access will be ready for your first day.
Your manager {{object.Manager.Full Name}} will be in touch about your
onboarding schedule.
JML Automation: Pre-Start Date Check
JML-02: Onboarding Readiness Alert
Seven days before an employee's Start Date, verify all onboarding tasks are on track and alert if provisioning is incomplete.
Query - Employees starting within 7 days:
objectType = "Employee"
AND Status = "Active"
AND "Start Date" > now()
AND "Start Date" < now(7d)Check IT Asset Assignment:
objectType = "IT Asset"
AND "Assigned To" = "{{employee.Key}}"
AND "Asset Type" = "Laptop"Alert if Incomplete:
To: IT Service Desk, HR Operations
Subject: ALERT: Onboarding Incomplete - {{object.Full Name}} starts in {{days_until_start}} days
Employee {{object.Full Name}} starts on {{object.Start Date}} and provisioning
is not complete.
Missing items:
{{#if laptop_missing}}[ ] Laptop not assigned{{/if}}
{{#if access_missing}}[ ] Core access not provisioned{{/if}}
Immediate action required to ensure day-one readiness.
Escalation Path:
| Days Until Start | Action | Recipients |
|---|---|---|
| 7 days | Information notification | IT Service Desk |
| 3 days | Alert | IT Manager, HR |
| 1 day | Escalation | Department Manager, HR Director |
JML Automation: Offboarding Access Revocation
JML-03: Employee Termination Offboarding
When an Employee status changes to Terminated, immediately revoke all software access and initiate IT asset recovery.
Trigger:
Object updated: Employee
Condition: Status changed to "Terminated"Action 1 - Revoke All Software Access:
objectType = "Software Access"
AND Employee = "{{object.Key}}"
AND Status = "Active"
-- For each record:
-- Update Status = "Revoked"
-- Add note: "Access revoked due to employee termination on {{now}}"Action 2 - Create Asset Recovery Tasks:
objectType = "IT Asset"
AND "Assigned To" = "{{object.Key}}"
AND Status = "Assigned"Issue Type: Task
Summary: Asset Recovery Required - {{asset.Asset Name}}
Description:
Recover asset from terminated employee:
Asset: {{asset.Asset Name}}
Asset Tag: {{asset.Asset Tag}}
Serial Number: {{asset.Serial Number}}
Former Employee: {{object.Full Name}}
Last Location: {{object.Location.Location Name}}
Recovery Instructions:
[ ] Contact employee/manager for return arrangements
[ ] Inspect asset condition upon return
[ ] Update asset status to Available
[ ] Remove from Assigned To
Assignee: IT Asset Management
Due Date: {{now}} + 3 days
Priority: High
Action 3 - Delete Emergency Contacts (GDPR Compliance):
objectType = "Emergency Contact"
AND Employee = "{{object.Key}}"
-- For each contact: Delete object (no retention required)
-- Log deletion for auditJML Automation: Contractor End Date
JML-04: Contractor Expiry Monitoring
Monitor contractor end dates and automatically initiate offboarding when contracts expire.
Query - 30-day warning:
objectType = "Contractor"
AND Status = "Active"
AND "End Date" < now(30d)
AND "End Date" > now()30-Day Notice:
To: {{object.Sponsor.Email}}, Procurement
Subject: Contractor Contract Ending - {{object.Full Name}} (30 days)
Contractor {{object.Full Name}} from {{object.Company}} has a contract
ending on {{object.End Date}}.
Please confirm one of the following actions:
1. Extend contract (submit extension request)
2. Allow contract to end (no action needed)
If no extension is submitted, offboarding will begin 7 days before end date.
7-Day Final Notice:
To: {{object.Sponsor.Email}}, IT Service Desk
Subject: FINAL NOTICE: Contractor Ending - {{object.Full Name}} (7 days)
Contractor {{object.Full Name}} contract ends {{object.End Date}}.
No extension has been submitted. Offboarding will proceed automatically:
- All software access will be revoked on {{object.End Date}}
- IT assets must be returned by {{object.End Date}}
To extend the contract, submit an extension request immediately.
JML Automation: Internal Transfer
JML-05: Internal Transfer Access Review
When an employee's Department or Role changes, trigger an access review to ensure appropriate access for the new position.
Trigger:
Object updated: Employee
Condition: Department changed OR Role changedCreate Access Review Task:
Issue Type: Task
Summary: Access Review - Internal Transfer - {{object.Full Name}}
Description:
Employee {{object.Full Name}} has been transferred:
Previous Department: {{previousValue.Department.Department Name}}
New Department: {{object.Department.Department Name}}
Previous Role: {{previousValue.Role.Role Title}}
New Role: {{object.Role.Role Title}}
Required Actions:
1. Review each access against new role requirements
2. Revoke access no longer needed
3. Grant new access required for new role
4. Document changes
Assignee: IT Security
Cc: {{object.Manager.Email}}
Due Date: {{now}} + 5 days
Certification Expiry Automation
CE-01: Certification Expiry Warning (90/60/30 Days)
Send progressive alerts as certifications approach expiration to allow time for renewal.
Query - 90-day warning:
objectType = "Employee Certification"
AND Status = "Active"
AND "Expiry Date" > now(89d)
AND "Expiry Date" < now(91d)Query - 60-day warning:
objectType = "Employee Certification"
AND Status = "Active"
AND "Expiry Date" > now(59d)
AND "Expiry Date" < now(61d)Query - 30-day warning:
objectType = "Employee Certification"
AND Status = "Active"
AND "Expiry Date" > now(29d)
AND "Expiry Date" < now(31d)90-Day Notice (Information):
To: {{object.Employee.Email}}
Subject: Certification Expiring in 90 Days - {{object.Certification.Certification Name}}
Hi {{object.Employee.Full Name}},
Your {{object.Certification.Certification Name}} certification expires on
{{object.Expiry Date}} (90 days from now).
Certification Details:
- Issuer: {{object.Certification.Issuer}}
- Certificate Number: {{object.Certificate Number}}
- Issue Date: {{object.Issue Date}}
To maintain your certification:
1. Check renewal requirements with {{object.Certification.Issuer}}
2. Schedule exam or complete required CPE/PDUs
3. Submit renewed certificate to L&D
Questions? Contact the Learning & Development team.
30-Day Notice (Urgent):
To: {{object.Employee.Email}}
Cc: {{object.Employee.Manager.Email}}, L&D Team
Subject: URGENT: Certification Expiring in 30 Days - {{object.Certification.Certification Name}}
Hi {{object.Employee.Full Name}},
Your {{object.Certification.Certification Name}} expires in 30 days.
If not renewed by {{object.Expiry Date}}:
- Your certification status will change to Expired
- This may affect your eligibility for certain projects
- Compliance requirements may be impacted
IMMEDIATE ACTION REQUIRED:
1. Schedule renewal exam/activities this week
2. Contact L&D if you need assistance
If you have already renewed, please submit your new certificate.
Certification Auto-Expiry
CE-02: Automatic Status Update
Automatically update certification status to Expired when the expiry date passes.
Query:
objectType = "Employee Certification"
AND Status = "Active"
AND "Expiry Date" < now()Actions:
- Update Status = "Expired"
- Add note: "Certification expired automatically on {{now}}"
- Send notification to employee and manager
- If required certification for role, create compliance alert task
Access Review Automation
AR-01: Quarterly Access Certification
Generate access certification lists for managers to review and certify their team's application access.
Generate Certification Lists by Manager:
objectType = "Software Access"
AND Status = "Active"
AND Employee.Manager = "{{manager.Key}}"Certification Task:
Issue Type: Task
Summary: Q{{quarter}} Access Certification - {{manager.Full Name}}'s Team
Description:
Access Certification Required
As part of our quarterly access review, please certify that each team
member's application access is appropriate for their current role.
Instructions:
1. Review each access grant
2. Mark as CERTIFY or REVOKE
3. For REVOKE, add comment explaining reason
4. Complete within 21 days
Note: Access not certified within 30 days will be automatically revoked.
Assignee: {{manager}}
Due Date: {{now}} + 21 days
Priority: High
Privileged Access Review
AR-02: Monthly Admin Access Review
More frequent review of administrative and privileged access for security compliance.
Query:
objectType = "Software Access"
AND Status = "Active"
AND "Access Level" IN ("Admin", "Power User")Report Content:
- Admin Access Grants: count by application
- Power User Access Grants: count by application
- New Privileged Access (Last 30 Days)
- Users per application with grant dates
IT Asset Lifecycle Automation
AL-01: Asset Assignment Notification
When an IT Asset is assigned to an employee, notify them and their manager.
Trigger:
Object updated: IT Asset
Condition: Assigned To changed from EMPTY to a value
AND Status = "Assigned"Notification:
To: {{object.Assigned To.Email}}
Cc: {{object.Assigned To.Manager.Email}}, IT Asset Management
Subject: IT Equipment Assigned - {{object.Asset Name}}
Hi {{object.Assigned To.Full Name}},
The following IT equipment has been assigned to you:
Asset: {{object.Asset Name}}
Type: {{object.Asset Type}}
Make/Model: {{object.Make}} {{object.Model}}
Serial Number: {{object.Serial Number}}
Asset Tag: {{object.Asset Tag}}
Assignment Date: {{object.Assignment Date}}
Equipment Care:
- This equipment is company property
- Report any issues to the IT Service Desk
- Return equipment when you leave the company
For support, contact the IT Service Desk.
Equipment Refresh Automation
AL-02: Equipment Refresh Due
Identify assets approaching end-of-life for proactive refresh planning.
Query - Assets older than 3 years:
objectType = "IT Asset"
AND Status = "Assigned"
AND "Assignment Date" < now(-1095d)Report Content:
- Employee, asset name, type, make/model
- Age in years and months
- Department grouping
- Summary by asset type (laptops, desktops, other)
Data Quality Automation
DQ-01: Terminated Employee Compliance Check
Daily check to ensure terminated employees have no active resources - a critical security compliance check.
Query - Active access for terminated employees:
objectType = "Software Access"
AND Status = "Active"
AND Employee.Status = "Terminated"Query - Assigned assets for terminated employees:
objectType = "IT Asset"
AND Status = "Assigned"
AND "Assigned To".Status = "Terminated"Alert if Violations Found:
To: IT Security, HR Operations
Subject: COMPLIANCE ALERT: Terminated Employees with Active Resources
The following terminated employees still have active resources:
Software Access (Revoke Immediately):
{{#access_violations}}
- {{employee_name}} has active access to {{application}}
{{/access_violations}}
IT Assets (Recovery Required):
{{#asset_violations}}
- {{employee_name}} has {{asset_name}} ({{asset_tag}}) still assigned
{{/asset_violations}}
These are compliance violations requiring immediate attention.
Automation Schedule Summary
Daily Automations
| Automation | Time | Priority |
|---|---|---|
| Certification Auto-Expiry | 01:00 AM | High |
| Terminated Employee Compliance | 06:00 AM | Critical |
| Contractor End Date Check | 07:00 AM | High |
| Pre-Start Date Check | 08:00 AM | High |
| Certification Expiry Warnings | 08:00 AM | Medium |
Weekly Automations
| Automation | Day/Time | Priority |
|---|---|---|
| Employee Data Completeness | Monday 08:00 AM | Medium |
| Contractor End Date Validation | Monday 08:00 AM | Medium |
Monthly Automations
| Automation | Schedule | Priority |
|---|---|---|
| Privileged Access Review | First Monday 09:00 AM | High |
| Equipment Refresh Report | First Monday 09:00 AM | Medium |
| Skills Inventory Reminder | First Monday | Low |
Quarterly Automations
| Automation | Schedule | Priority |
|---|---|---|
| Access Certification | First Monday of Q1/Q2/Q3/Q4 | High |
| Skills Gap Analysis | First Monday of Quarter | Medium |
Real-Time Automations
| Automation | Trigger | Priority |
|---|---|---|
| Onboarding Provisioning | Employee created (Active) | High |
| Offboarding Access Revocation | Status changed to Terminated | Critical |
| Internal Transfer Review | Department/Role changed | Medium |
| Asset Assignment Notification | Assigned To changed | Low |
Troubleshooting
JML Automation Issues
| Issue | Cause | Solution |
|---|---|---|
| Onboarding tasks not creating | Employee Status not "Active" on create | Ensure Status = "Active" when creating Employee |
| Offboarding not revoking all access | Timing issues or query syntax | Test AQL query in Assets search first |
| Duplicate onboarding tasks | Trigger firing multiple times | Add flag attribute to mark "processed" |
Certification Automation Issues
| Issue | Cause | Solution |
|---|---|---|
| Expiry alerts not sending | Expiry Date not populated | Calculate Expiry Date on certificate creation |
| Wrong certifications expiring | Date comparison logic error | Use < now() not <= now() for "already expired" |
Common AQL Patterns
| Pattern | Query |
|---|---|
| Active employees | objectType = "Employee" AND Status = "Active" |
| Employees starting soon | "Start Date" > now() AND "Start Date" < now(7d) |
| Expiring certifications | "Expiry Date" > now(29d) AND "Expiry Date" < now(31d) |
| Assets older than 3 years | "Assignment Date" < now(-1095d) |
| Terminated with active access | Employee.Status = "Terminated" AND Status = "Active" |
Pro Tip: Always test AQL queries in Assets search before using them in automations. This helps catch syntax errors and verifies the query returns expected results before it runs automatically.