Playbooks built by the world's best operations teams
Playbooks built by the world's best operations teams
Playbooks built by the world's best operations teams
Write the logic once in natural language. Console executes it across identity, access, devices, and more.
Write the logic once in natural language. Console executes it across identity, access, devices, and more.
Write the logic once in natural language.
Console executes it across identity, access, devices, and more.
All
IT
HR
Security
RevOps
Finance
Legal
30/60/90-Day Check-Ins
Playbooks
/
30/60/90-Day Check-Ins
30/60/90-Day Check-Ins
Created by
Console Team
Published
HR
Okta
Google Calendar
Google Docs
+8
Trigger
Scheduled — every day at 9:00 AM America/Chicago
Instructions
When HR marks an employee as terminated in the HRIS system.
#Custom Workday Query Hires for employees at exactly day 30, day 60, and day 90 from their start date.
For each matching employee:
#Lookup Users with includeManager.
Resolve HRBP via custom Get HRBP for Department.
Create the check-in calendar event:
#Custom Google Calendar Create Event for a 30-min check-in between employee, manager, and HRBP at the next available common slot within 7 days.
Title: "{{Day-30/60/90}} Check-in - {{employee.name}}".
Pre-fill the agenda by pulling signals:
#Custom Lattice Get Engagement Score for the employee (if Lattice is used).
#Search Okta System Log Custom for login activity (proxy for engagement).
#Custom Slack Get User Activity for message volume in team channels.
#Custom Workday Get Goals Progress if goals are tracked.
Generate the agenda doc:
#Custom Generate Check-in Agenda writes a Google Doc with prefilled engagement signals, suggested questions, and free-text sections.
Attach the doc to the calendar event.
Flag off-track signals:
If engagement score dropped, login activity is low, or no goals set:
#Send Channel Message to #hrbp-alerts with: employee, day milestone, signal that's off, manager.
#Send Direct Message to the manager and HRBP with: calendar invite link, agenda doc link, the flagged signals (if any).
#Send Direct Message to the employee with: "You've got a {{day-X}} check-in coming up with {{manager}} and {{hrbp}}. Anything specific you want to discuss? Add to the agenda doc."
schedule_action wake 1 day after the check-in date to follow up: #Send Direct Message to manager + HRBP: "How did it go? Anything we should escalate or change?"
#Leave Internal Note in the employee's internal HR record.
30/60/90-Day Check-Ins
Playbooks
/
30/60/90-Day Check-Ins
30/60/90-Day Check-Ins
Created by
Console Team
Published
HR
Okta
Google Calendar
Google Docs
+8
Trigger
Scheduled — every day at 9:00 AM America/Chicago
Instructions
When HR marks an employee as terminated in the HRIS system.
#Custom Workday Query Hires for employees at exactly day 30, day 60, and day 90 from their start date.
For each matching employee:
#Lookup Users with includeManager.
Resolve HRBP via custom Get HRBP for Department.
Create the check-in calendar event:
#Custom Google Calendar Create Event for a 30-min check-in between employee, manager, and HRBP at the next available common slot within 7 days.
Title: "{{Day-30/60/90}} Check-in - {{employee.name}}".
Pre-fill the agenda by pulling signals:
#Custom Lattice Get Engagement Score for the employee (if Lattice is used).
#Search Okta System Log Custom for login activity (proxy for engagement).
#Custom Slack Get User Activity for message volume in team channels.
#Custom Workday Get Goals Progress if goals are tracked.
Generate the agenda doc:
#Custom Generate Check-in Agenda writes a Google Doc with prefilled engagement signals, suggested questions, and free-text sections.
Attach the doc to the calendar event.
Flag off-track signals:
If engagement score dropped, login activity is low, or no goals set:
#Send Channel Message to #hrbp-alerts with: employee, day milestone, signal that's off, manager.
#Send Direct Message to the manager and HRBP with: calendar invite link, agenda doc link, the flagged signals (if any).
#Send Direct Message to the employee with: "You've got a {{day-X}} check-in coming up with {{manager}} and {{hrbp}}. Anything specific you want to discuss? Add to the agenda doc."
schedule_action wake 1 day after the check-in date to follow up: #Send Direct Message to manager + HRBP: "How did it go? Anything we should escalate or change?"
#Leave Internal Note in the employee's internal HR record.
30/60/90-Day Check-Ins
Playbooks
/
30/60/90-Day Check-Ins
30/60/90-Day Check-Ins
Created by
Console Team
Published
HR
Okta
Google Calendar
Google Docs
+8
Trigger
Scheduled — every day at 9:00 AM America/Chicago
Instructions
When HR marks an employee as terminated in the HRIS system.
#Custom Workday Query Hires for employees at exactly day 30, day 60, and day 90 from their start date.
For each matching employee:
#Lookup Users with includeManager.
Resolve HRBP via custom Get HRBP for Department.
Create the check-in calendar event:
#Custom Google Calendar Create Event for a 30-min check-in between employee, manager, and HRBP at the next available common slot within 7 days.
Title: "{{Day-30/60/90}} Check-in - {{employee.name}}".
Pre-fill the agenda by pulling signals:
#Custom Lattice Get Engagement Score for the employee (if Lattice is used).
#Search Okta System Log Custom for login activity (proxy for engagement).
#Custom Slack Get User Activity for message volume in team channels.
#Custom Workday Get Goals Progress if goals are tracked.
Generate the agenda doc:
#Custom Generate Check-in Agenda writes a Google Doc with prefilled engagement signals, suggested questions, and free-text sections.
Attach the doc to the calendar event.
Flag off-track signals:
If engagement score dropped, login activity is low, or no goals set:
#Send Channel Message to #hrbp-alerts with: employee, day milestone, signal that's off, manager.
#Send Direct Message to the manager and HRBP with: calendar invite link, agenda doc link, the flagged signals (if any).
#Send Direct Message to the employee with: "You've got a {{day-X}} check-in coming up with {{manager}} and {{hrbp}}. Anything specific you want to discuss? Add to the agenda doc."
schedule_action wake 1 day after the check-in date to follow up: #Send Direct Message to manager + HRBP: "How did it go? Anything we should escalate or change?"
#Leave Internal Note in the employee's internal HR record.
Access Request
Playbooks
/
Access Request
Access Request
Created by
Console Team
Published
IT
Okta
AWS
DocuSign
+10
Trigger
Requester asks for access to a specific app, role, or entitlement (e.g. "give me access to DocuSign", "admin on Figma org", "add me to AWS prod role").
Instructions
Parse the target app name and entitlement level (member / admin / specific role) from the request.
#Lookup Apps with the parsed app name to confirm it exists in the catalog. If not found,
#Send Direct Message to the requester asking them to clarify or use Web Research to find the app.
#Lookup Users on the requester with includeManager and includeGroups.
#Lookup Policies with the requester's user ID and the matched app.
Check the policy:
If reviewStrategy == NO_REVIEW_REQUIRED and requester is eligible → proceed to step 7.
If reviewStrategy == APP_OWNERS → resolve app owner from the policy and route via #Request Approval.
If reviewStrategy == REQUESTERS_MANAGER → #Request Approval with the manager from step 3.
If reviewStrategy == EXPLICIT → #Request Approval with the listed approvers.
If approval denied, #Send Direct Message to requester with the reason and #Resolve Request. Stop.
Execute provisioning:
If the app uses Okta SSO with group-based access → #Add to Group (Okta) for the entitlement group from the policy.
If the app has a SCIM/native API → call the app-specific custom create-user or grant-role action.
If the policy specifies a custom provisioning action → invoke it with the entitlement metadata.
#Send Direct Message to the requester confirming access is live, including the app URL and any first-login instructions.
#Leave Internal Note on the request capturing the policy used and the action taken.
Access Request
Playbooks
/
Access Request
Access Request
Created by
Console Team
Published
IT
Okta
AWS
DocuSign
+10
Trigger
Requester asks for access to a specific app, role, or entitlement (e.g. "give me access to DocuSign", "admin on Figma org", "add me to AWS prod role").
Instructions
Parse the target app name and entitlement level (member / admin / specific role) from the request.
#Lookup Apps with the parsed app name to confirm it exists in the catalog. If not found,
#Send Direct Message to the requester asking them to clarify or use Web Research to find the app.
#Lookup Users on the requester with includeManager and includeGroups.
#Lookup Policies with the requester's user ID and the matched app.
Check the policy:
If reviewStrategy == NO_REVIEW_REQUIRED and requester is eligible → proceed to step 7.
If reviewStrategy == APP_OWNERS → resolve app owner from the policy and route via #Request Approval.
If reviewStrategy == REQUESTERS_MANAGER → #Request Approval with the manager from step 3.
If reviewStrategy == EXPLICIT → #Request Approval with the listed approvers.
If approval denied, #Send Direct Message to requester with the reason and #Resolve Request. Stop.
Execute provisioning:
If the app uses Okta SSO with group-based access → #Add to Group (Okta) for the entitlement group from the policy.
If the app has a SCIM/native API → call the app-specific custom create-user or grant-role action.
If the policy specifies a custom provisioning action → invoke it with the entitlement metadata.
#Send Direct Message to the requester confirming access is live, including the app URL and any first-login instructions.
#Leave Internal Note on the request capturing the policy used and the action taken.
Access Request
Playbooks
/
Access Request
Access Request
Created by
Console Team
Published
IT
Okta
AWS
DocuSign
+10
Trigger
Requester asks for access to a specific app, role, or entitlement (e.g. "give me access to DocuSign", "admin on Figma org", "add me to AWS prod role").
Instructions
Parse the target app name and entitlement level (member / admin / specific role) from the request.
#Lookup Apps with the parsed app name to confirm it exists in the catalog. If not found,
#Send Direct Message to the requester asking them to clarify or use Web Research to find the app.
#Lookup Users on the requester with includeManager and includeGroups.
#Lookup Policies with the requester's user ID and the matched app.
Check the policy:
If reviewStrategy == NO_REVIEW_REQUIRED and requester is eligible → proceed to step 7.
If reviewStrategy == APP_OWNERS → resolve app owner from the policy and route via #Request Approval.
If reviewStrategy == REQUESTERS_MANAGER → #Request Approval with the manager from step 3.
If reviewStrategy == EXPLICIT → #Request Approval with the listed approvers.
If approval denied, #Send Direct Message to requester with the reason and #Resolve Request. Stop.
Execute provisioning:
If the app uses Okta SSO with group-based access → #Add to Group (Okta) for the entitlement group from the policy.
If the app has a SCIM/native API → call the app-specific custom create-user or grant-role action.
If the policy specifies a custom provisioning action → invoke it with the entitlement metadata.
#Send Direct Message to the requester confirming access is live, including the app URL and any first-login instructions.
#Leave Internal Note on the request capturing the policy used and the action taken.
Account & Contact Dedupe
Playbooks
/
Account & Contact Dedupe
Account & Contact Dedupe
Created by
Console Team
Published
RevOps
HubSpot
Salesforce
Apollo
+12
Trigger
New account/contact being created (request-triggered) OR webhook on hubspot.contact.creation / salesforce.account.created.
Instructions
Parse the new record details:
Name, domain, email, phone, location, owner.
Run internal dedupe:
#Search HubSpot Companies by name (fuzzy match) and by domain (exact).
#Search HubSpot Contacts by email and by phone.
Run external enrichment dedupe:
#Apollo Search Companies by Technology and Employee Range for the domain.
#Custom ZoomInfo Search Company for the name + domain.
Compute similarity scores:
Domain match → 100%.
Exact name + same country → 95%.
Fuzzy name (Levenshtein <3) + same domain → 90%.
Phone match → 85%.
Else use weighted attributes.
Branch on scores:
No match (<70%) → proceed with create; just enrich the new record.
Likely match (70-89%) → present options.
High-confidence match (≥90%) → block creation; suggest merge.
For matches (70%+):
#Lookup Users on the requester (or record owner if webhook-triggered).
#Send Direct Message with the candidate matches: "Found {{N}} possible duplicates for {{name}}. Review?"
Include a #Trigger Form with options per candidate: "Merge into this one" / "Different company" / "Create anyway".
On response:
Merge → custom HubSpot Merge Companies (or Salesforce Merge Accounts) with the chosen master.
Different / Create anyway → proceed with creation. Capture justification in a deal note.
Enrichment regardless of path:
Apply Apollo/ZoomInfo enrichment via #Update HubSpot Company Properties.
#Send Direct Message confirming the action taken.
#Send Channel Message to #revops-data weekly summary of duplicates prevented.
#Leave Internal Note capturing the decision.
Account & Contact Dedupe
Playbooks
/
Account & Contact Dedupe
Account & Contact Dedupe
Created by
Console Team
Published
RevOps
HubSpot
Salesforce
Apollo
+12
Trigger
New account/contact being created (request-triggered) OR webhook on hubspot.contact.creation / salesforce.account.created.
Instructions
Parse the new record details:
Name, domain, email, phone, location, owner.
Run internal dedupe:
#Search HubSpot Companies by name (fuzzy match) and by domain (exact).
#Search HubSpot Contacts by email and by phone.
Run external enrichment dedupe:
#Apollo Search Companies by Technology and Employee Range for the domain.
#Custom ZoomInfo Search Company for the name + domain.
Compute similarity scores:
Domain match → 100%.
Exact name + same country → 95%.
Fuzzy name (Levenshtein <3) + same domain → 90%.
Phone match → 85%.
Else use weighted attributes.
Branch on scores:
No match (<70%) → proceed with create; just enrich the new record.
Likely match (70-89%) → present options.
High-confidence match (≥90%) → block creation; suggest merge.
For matches (70%+):
#Lookup Users on the requester (or record owner if webhook-triggered).
#Send Direct Message with the candidate matches: "Found {{N}} possible duplicates for {{name}}. Review?"
Include a #Trigger Form with options per candidate: "Merge into this one" / "Different company" / "Create anyway".
On response:
Merge → custom HubSpot Merge Companies (or Salesforce Merge Accounts) with the chosen master.
Different / Create anyway → proceed with creation. Capture justification in a deal note.
Enrichment regardless of path:
Apply Apollo/ZoomInfo enrichment via #Update HubSpot Company Properties.
#Send Direct Message confirming the action taken.
#Send Channel Message to #revops-data weekly summary of duplicates prevented.
#Leave Internal Note capturing the decision.
Account & Contact Dedupe
Playbooks
/
Account & Contact Dedupe
Account & Contact Dedupe
Created by
Console Team
Published
RevOps
HubSpot
Salesforce
Apollo
+12
Trigger
New account/contact being created (request-triggered) OR webhook on hubspot.contact.creation / salesforce.account.created.
Instructions
Parse the new record details:
Name, domain, email, phone, location, owner.
Run internal dedupe:
#Search HubSpot Companies by name (fuzzy match) and by domain (exact).
#Search HubSpot Contacts by email and by phone.
Run external enrichment dedupe:
#Apollo Search Companies by Technology and Employee Range for the domain.
#Custom ZoomInfo Search Company for the name + domain.
Compute similarity scores:
Domain match → 100%.
Exact name + same country → 95%.
Fuzzy name (Levenshtein <3) + same domain → 90%.
Phone match → 85%.
Else use weighted attributes.
Branch on scores:
No match (<70%) → proceed with create; just enrich the new record.
Likely match (70-89%) → present options.
High-confidence match (≥90%) → block creation; suggest merge.
For matches (70%+):
#Lookup Users on the requester (or record owner if webhook-triggered).
#Send Direct Message with the candidate matches: "Found {{N}} possible duplicates for {{name}}. Review?"
Include a #Trigger Form with options per candidate: "Merge into this one" / "Different company" / "Create anyway".
On response:
Merge → custom HubSpot Merge Companies (or Salesforce Merge Accounts) with the chosen master.
Different / Create anyway → proceed with creation. Capture justification in a deal note.
Enrichment regardless of path:
Apply Apollo/ZoomInfo enrichment via #Update HubSpot Company Properties.
#Send Direct Message confirming the action taken.
#Send Channel Message to #revops-data weekly summary of duplicates prevented.
#Leave Internal Note capturing the decision.
Account Research Brief
Playbooks
/
Account Research Brief
Account Research Brief
Created by
Console Team
Published
RevOps
Gong
HubSpot
ZoomInfo
+5
Trigger
Requester asks for an account one-pager ("pull firmographics + champion + meeting notes + product usage for Acme").
Instructions
Parse the target account name and the scope of the brief (firmographics / champion / meetings / usage / news / all).
Resolve the account:
#Search HubSpot Companies by name.
If multiple matches, #Send Direct Message with disambiguation.
Pull data in parallel:
#Get HubSpot Company Details with Activity Timeline for the base record.
#Search HubSpot Contacts by Property Filter with companyId for contact list.
#Search HubSpot Deals by Company for open and historical deals.
#Custom ZoomInfo Get Firmographics for industry, employee count, revenue, tech stack.
#Custom Gong Get Calls by Account for the last 5 calls.
#Custom Product Analytics Get Usage for product engagement (if customer).
#Web Research for recent news / press / fundraising / layoffs about the company.
Identify the champion:
From the contact list, sort by:
Engagement score (Gong talk time + email opens + meetings).
Title weight (VP/Director > Manager > IC).
Recent activity recency.
Top result = champion candidate.
Compose the brief:
Company snapshot: industry, size, HQ, revenue, tech stack.
Champion: name, title, contact info, recent engagement summary.
Other key contacts: list with titles.
Recent meetings (last 5): date, attendees, AI summary.
Product usage (if customer): MAU/WAU, key features used, trend.
Recent news: 3-5 bullets.
Open opportunities: list with stage, amount, close date.
Format as a Slack message with sections + a Google Doc link for the full version.
#Custom Generate Account Brief Doc to write the full version to Google Drive.
#Send Direct Message with the brief and doc link.
Offer follow-up: "Want to set up a call with {{champion}}?" or "Want me to enrich the contact list further?"
#Leave Internal Note capturing the brief generation.
Account Research Brief
Playbooks
/
Account Research Brief
Account Research Brief
Created by
Console Team
Published
RevOps
Gong
HubSpot
ZoomInfo
+5
Trigger
Requester asks for an account one-pager ("pull firmographics + champion + meeting notes + product usage for Acme").
Instructions
Parse the target account name and the scope of the brief (firmographics / champion / meetings / usage / news / all).
Resolve the account:
#Search HubSpot Companies by name.
If multiple matches, #Send Direct Message with disambiguation.
Pull data in parallel:
#Get HubSpot Company Details with Activity Timeline for the base record.
#Search HubSpot Contacts by Property Filter with companyId for contact list.
#Search HubSpot Deals by Company for open and historical deals.
#Custom ZoomInfo Get Firmographics for industry, employee count, revenue, tech stack.
#Custom Gong Get Calls by Account for the last 5 calls.
#Custom Product Analytics Get Usage for product engagement (if customer).
#Web Research for recent news / press / fundraising / layoffs about the company.
Identify the champion:
From the contact list, sort by:
Engagement score (Gong talk time + email opens + meetings).
Title weight (VP/Director > Manager > IC).
Recent activity recency.
Top result = champion candidate.
Compose the brief:
Company snapshot: industry, size, HQ, revenue, tech stack.
Champion: name, title, contact info, recent engagement summary.
Other key contacts: list with titles.
Recent meetings (last 5): date, attendees, AI summary.
Product usage (if customer): MAU/WAU, key features used, trend.
Recent news: 3-5 bullets.
Open opportunities: list with stage, amount, close date.
Format as a Slack message with sections + a Google Doc link for the full version.
#Custom Generate Account Brief Doc to write the full version to Google Drive.
#Send Direct Message with the brief and doc link.
Offer follow-up: "Want to set up a call with {{champion}}?" or "Want me to enrich the contact list further?"
#Leave Internal Note capturing the brief generation.
Account Research Brief
Playbooks
/
Account Research Brief
Account Research Brief
Created by
Console Team
Published
RevOps
Gong
HubSpot
ZoomInfo
+5
Trigger
Requester asks for an account one-pager ("pull firmographics + champion + meeting notes + product usage for Acme").
Instructions
Parse the target account name and the scope of the brief (firmographics / champion / meetings / usage / news / all).
Resolve the account:
#Search HubSpot Companies by name.
If multiple matches, #Send Direct Message with disambiguation.
Pull data in parallel:
#Get HubSpot Company Details with Activity Timeline for the base record.
#Search HubSpot Contacts by Property Filter with companyId for contact list.
#Search HubSpot Deals by Company for open and historical deals.
#Custom ZoomInfo Get Firmographics for industry, employee count, revenue, tech stack.
#Custom Gong Get Calls by Account for the last 5 calls.
#Custom Product Analytics Get Usage for product engagement (if customer).
#Web Research for recent news / press / fundraising / layoffs about the company.
Identify the champion:
From the contact list, sort by:
Engagement score (Gong talk time + email opens + meetings).
Title weight (VP/Director > Manager > IC).
Recent activity recency.
Top result = champion candidate.
Compose the brief:
Company snapshot: industry, size, HQ, revenue, tech stack.
Champion: name, title, contact info, recent engagement summary.
Other key contacts: list with titles.
Recent meetings (last 5): date, attendees, AI summary.
Product usage (if customer): MAU/WAU, key features used, trend.
Recent news: 3-5 bullets.
Open opportunities: list with stage, amount, close date.
Format as a Slack message with sections + a Google Doc link for the full version.
#Custom Generate Account Brief Doc to write the full version to Google Drive.
#Send Direct Message with the brief and doc link.
Offer follow-up: "Want to set up a call with {{champion}}?" or "Want me to enrich the contact list further?"
#Leave Internal Note capturing the brief generation.
Address & Name Change
Playbooks
/
Address & Name Change
Address & Name Change
Created by
Console Team
Published
HR
Okta
Slack
Workday
+2
Trigger
Requester asks to update their legal name (post-marriage, post-correction) or address.
Instructions
Requester asks to update their legal name (post-marriage, post-correction) or address.
Parse the change type (legal name / preferred name / address / both).
#Lookup Users on the requester.
#Trigger Form to collect:
For legal name change: new legal first/middle/last, documentation (marriage cert /
court order upload).
For address: new street, city, state, zip, country, effective date.
Whether to also update preferred name (yes/no).
Reason (helps with audit trail).
Validate the documentation:
For legal name change → custom Validate Name Change Docs (HR review
required for first-pass).
#Request Approval from HRBP for legal name change.
Execute changes on effective date (use schedule_action if future):
Custom Workday Update Worker with new fields.
#Update Okta User Profile (Custom) to update name fields, login email if
name-based.
For legal name change with new login email:
#Create User Alias (Google) for the old email to forward to the new.
Custom Update Slack Display Name.
Custom Update GitHub User Name (if applicable).
Custom Update Badge System Name.
For address change:
Custom Workday Trigger Payroll Tax Recalc.
Custom Update Badge System Address.
Custom Update Shipping Address in asset DB for any future device
shipments.
#Send Direct Message to the requester with a checklist of what changed where, and what
they need to do themselves (e.g. "Update your I-9, update your Slack avatar, update your
title at events").
#Send Channel Message to #org-changes for the legal name change announcement
(only if requester opts in).
#Leave Internal Note capturing the change, documentation, approval trail.
#Resolve Request.
Address & Name Change
Playbooks
/
Address & Name Change
Address & Name Change
Created by
Console Team
Published
HR
Okta
Slack
Workday
+2
Trigger
Requester asks to update their legal name (post-marriage, post-correction) or address.
Instructions
Requester asks to update their legal name (post-marriage, post-correction) or address.
Parse the change type (legal name / preferred name / address / both).
#Lookup Users on the requester.
#Trigger Form to collect:
For legal name change: new legal first/middle/last, documentation (marriage cert /
court order upload).
For address: new street, city, state, zip, country, effective date.
Whether to also update preferred name (yes/no).
Reason (helps with audit trail).
Validate the documentation:
For legal name change → custom Validate Name Change Docs (HR review
required for first-pass).
#Request Approval from HRBP for legal name change.
Execute changes on effective date (use schedule_action if future):
Custom Workday Update Worker with new fields.
#Update Okta User Profile (Custom) to update name fields, login email if
name-based.
For legal name change with new login email:
#Create User Alias (Google) for the old email to forward to the new.
Custom Update Slack Display Name.
Custom Update GitHub User Name (if applicable).
Custom Update Badge System Name.
For address change:
Custom Workday Trigger Payroll Tax Recalc.
Custom Update Badge System Address.
Custom Update Shipping Address in asset DB for any future device
shipments.
#Send Direct Message to the requester with a checklist of what changed where, and what
they need to do themselves (e.g. "Update your I-9, update your Slack avatar, update your
title at events").
#Send Channel Message to #org-changes for the legal name change announcement
(only if requester opts in).
#Leave Internal Note capturing the change, documentation, approval trail.
#Resolve Request.
Address & Name Change
Playbooks
/
Address & Name Change
Address & Name Change
Created by
Console Team
Published
HR
Okta
Slack
Workday
+2
Trigger
Requester asks to update their legal name (post-marriage, post-correction) or address.
Instructions
Requester asks to update their legal name (post-marriage, post-correction) or address.
Parse the change type (legal name / preferred name / address / both).
#Lookup Users on the requester.
#Trigger Form to collect:
For legal name change: new legal first/middle/last, documentation (marriage cert /
court order upload).
For address: new street, city, state, zip, country, effective date.
Whether to also update preferred name (yes/no).
Reason (helps with audit trail).
Validate the documentation:
For legal name change → custom Validate Name Change Docs (HR review
required for first-pass).
#Request Approval from HRBP for legal name change.
Execute changes on effective date (use schedule_action if future):
Custom Workday Update Worker with new fields.
#Update Okta User Profile (Custom) to update name fields, login email if
name-based.
For legal name change with new login email:
#Create User Alias (Google) for the old email to forward to the new.
Custom Update Slack Display Name.
Custom Update GitHub User Name (if applicable).
Custom Update Badge System Name.
For address change:
Custom Workday Trigger Payroll Tax Recalc.
Custom Update Badge System Address.
Custom Update Shipping Address in asset DB for any future device
shipments.
#Send Direct Message to the requester with a checklist of what changed where, and what
they need to do themselves (e.g. "Update your I-9, update your Slack avatar, update your
title at events").
#Send Channel Message to #org-changes for the legal name change announcement
(only if requester opts in).
#Leave Internal Note capturing the change, documentation, approval trail.
#Resolve Request.
Anomalous Login
Playbooks
/
Anomalous Login
Anomalous Login
Created by
Console Team
Published
Security
Okta
CrowdStrike
Vanta
+5
Trigger
Okta Event Hook — user.session.start with risk signals (impossible-travel, new-device, suspicious-IP)
Instructions
#Lookup Users on $event.userEmail with includeManager, includeGroups.
Filter false positives:
#Custom Check VPN Egress — if IP matches corporate VPN, exit.
#Custom Check Travel Authorization — if user has an active travel exemption matching the country, exit.
Pull context:
#Search Okta System Log Custom for the user's previous 5 logins (location, IP, device).
#CrowdStrike Get Device Login History for any corp device the user might be on.
Compute risk:
Impossible travel (distance > N km / time delta) → High.
New device + new country → High.
New IP from known country → Medium.
Just risk-flagged but recognizable → Low.
Branch on risk:
High:
#Custom Okta Force Step-Up MFA for the active session.
#Send Direct Message to the user: "We saw a login from {{geo}} on {{device}}. Was this you?" + #Trigger Form "Yes / No".
schedule_action wake at 10 minutes.
Medium:
#Send Direct Message with same prompt but no immediate step-up.
schedule_action wake at 30 minutes.
Low → just log, no user prompt.
On wake, check response:
Yes → log as confirmed, no further action.
No OR no response:
#Reset User Factor for any non-FIDO factors.
#Custom Okta Lock Account until manual review.
#Send Channel Message to #soc-triage with full context.
Fire Sec-11 (Compromised Credential Response) flow for the user.
#Send Direct Message to the user (after revocation): "We've locked your account as a precaution. To recover, contact security."
#Send Direct Message to the user's manager flagging the incident.
#Custom Vanta Log Anomalous Login for audit.
#Leave Internal Note capturing risk score, response, outcome.
Anomalous Login
Playbooks
/
Anomalous Login
Anomalous Login
Created by
Console Team
Published
Security
Okta
CrowdStrike
Vanta
+5
Trigger
Okta Event Hook — user.session.start with risk signals (impossible-travel, new-device, suspicious-IP)
Instructions
#Lookup Users on $event.userEmail with includeManager, includeGroups.
Filter false positives:
#Custom Check VPN Egress — if IP matches corporate VPN, exit.
#Custom Check Travel Authorization — if user has an active travel exemption matching the country, exit.
Pull context:
#Search Okta System Log Custom for the user's previous 5 logins (location, IP, device).
#CrowdStrike Get Device Login History for any corp device the user might be on.
Compute risk:
Impossible travel (distance > N km / time delta) → High.
New device + new country → High.
New IP from known country → Medium.
Just risk-flagged but recognizable → Low.
Branch on risk:
High:
#Custom Okta Force Step-Up MFA for the active session.
#Send Direct Message to the user: "We saw a login from {{geo}} on {{device}}. Was this you?" + #Trigger Form "Yes / No".
schedule_action wake at 10 minutes.
Medium:
#Send Direct Message with same prompt but no immediate step-up.
schedule_action wake at 30 minutes.
Low → just log, no user prompt.
On wake, check response:
Yes → log as confirmed, no further action.
No OR no response:
#Reset User Factor for any non-FIDO factors.
#Custom Okta Lock Account until manual review.
#Send Channel Message to #soc-triage with full context.
Fire Sec-11 (Compromised Credential Response) flow for the user.
#Send Direct Message to the user (after revocation): "We've locked your account as a precaution. To recover, contact security."
#Send Direct Message to the user's manager flagging the incident.
#Custom Vanta Log Anomalous Login for audit.
#Leave Internal Note capturing risk score, response, outcome.
Anomalous Login
Playbooks
/
Anomalous Login
Anomalous Login
Created by
Console Team
Published
Security
Okta
CrowdStrike
Vanta
+5
Trigger
Okta Event Hook — user.session.start with risk signals (impossible-travel, new-device, suspicious-IP)
Instructions
#Lookup Users on $event.userEmail with includeManager, includeGroups.
Filter false positives:
#Custom Check VPN Egress — if IP matches corporate VPN, exit.
#Custom Check Travel Authorization — if user has an active travel exemption matching the country, exit.
Pull context:
#Search Okta System Log Custom for the user's previous 5 logins (location, IP, device).
#CrowdStrike Get Device Login History for any corp device the user might be on.
Compute risk:
Impossible travel (distance > N km / time delta) → High.
New device + new country → High.
New IP from known country → Medium.
Just risk-flagged but recognizable → Low.
Branch on risk:
High:
#Custom Okta Force Step-Up MFA for the active session.
#Send Direct Message to the user: "We saw a login from {{geo}} on {{device}}. Was this you?" + #Trigger Form "Yes / No".
schedule_action wake at 10 minutes.
Medium:
#Send Direct Message with same prompt but no immediate step-up.
schedule_action wake at 30 minutes.
Low → just log, no user prompt.
On wake, check response:
Yes → log as confirmed, no further action.
No OR no response:
#Reset User Factor for any non-FIDO factors.
#Custom Okta Lock Account until manual review.
#Send Channel Message to #soc-triage with full context.
Fire Sec-11 (Compromised Credential Response) flow for the user.
#Send Direct Message to the user (after revocation): "We've locked your account as a precaution. To recover, contact security."
#Send Direct Message to the user's manager flagging the incident.
#Custom Vanta Log Anomalous Login for audit.
#Leave Internal Note capturing risk score, response, outcome.
App Registration & SSO Setup
Playbooks
/
App Registration & SSO Setup
App Registration & SSO Setup
Created by
Console Team
Published
IT
Okta
1Password
Linear
+2
Trigger
IT or admin requests onboarding a new SaaS app with SSO ("we want to onboard Linear company-wide", "set up SSO for the new Highspot tenant").
Instructions
#Trigger Form to collect:
App name and vendor URL
SSO protocol (SAML 2.0 / OIDC)
For SAML: ACS URL, entity ID, name ID format, certificate
For OIDC: redirect URI, scopes needed
SCIM endpoint + bearer token (if available)
Default user groups to provision (eng / product / design / all-company)
#Lookup Apps to confirm the app isn't already onboarded. If it exists, ask the requester whether to modify or reject.
#Request Approval from the security team for the new vendor (chain to Sec-18 if not already approved).
Create the Okta app:
For SAML → custom Okta Create SAML App with ACS URL, entity ID, attributes mapping.
For OIDC → custom Okta Create OIDC App with redirect URI and scopes.
#Create Okta Group (Custom) for default access: {{app-slug}}-users and {{app-slug}}-admins.
#Add to Group to assign the requester to {{app-slug}}-admins.
For each requested default group (eng/product/design/all-company): custom Okta Assign
Group to App to grant baseline access.
If SCIM endpoint provided: custom Okta Configure SCIM with the endpoint + token, then #Update 1Password App Username Template to set the username convention.
Generate test credentials via custom Okta Create Test User and Assign action.
#Send Direct Message to the requester with SSO sign-in URL, test creds, SCIM status, next steps.
#Create Linear Issue in the IT project for follow-up tasks: app catalog entry, access policy creation, KB doc.
#Leave Internal Note capturing the protocol, ACS URL, and groups configured.
App Registration & SSO Setup
Playbooks
/
App Registration & SSO Setup
App Registration & SSO Setup
Created by
Console Team
Published
IT
Okta
1Password
Linear
+2
Trigger
IT or admin requests onboarding a new SaaS app with SSO ("we want to onboard Linear company-wide", "set up SSO for the new Highspot tenant").
Instructions
#Trigger Form to collect:
App name and vendor URL
SSO protocol (SAML 2.0 / OIDC)
For SAML: ACS URL, entity ID, name ID format, certificate
For OIDC: redirect URI, scopes needed
SCIM endpoint + bearer token (if available)
Default user groups to provision (eng / product / design / all-company)
#Lookup Apps to confirm the app isn't already onboarded. If it exists, ask the requester whether to modify or reject.
#Request Approval from the security team for the new vendor (chain to Sec-18 if not already approved).
Create the Okta app:
For SAML → custom Okta Create SAML App with ACS URL, entity ID, attributes mapping.
For OIDC → custom Okta Create OIDC App with redirect URI and scopes.
#Create Okta Group (Custom) for default access: {{app-slug}}-users and {{app-slug}}-admins.
#Add to Group to assign the requester to {{app-slug}}-admins.
For each requested default group (eng/product/design/all-company): custom Okta Assign
Group to App to grant baseline access.
If SCIM endpoint provided: custom Okta Configure SCIM with the endpoint + token, then #Update 1Password App Username Template to set the username convention.
Generate test credentials via custom Okta Create Test User and Assign action.
#Send Direct Message to the requester with SSO sign-in URL, test creds, SCIM status, next steps.
#Create Linear Issue in the IT project for follow-up tasks: app catalog entry, access policy creation, KB doc.
#Leave Internal Note capturing the protocol, ACS URL, and groups configured.
App Registration & SSO Setup
Playbooks
/
App Registration & SSO Setup
App Registration & SSO Setup
Created by
Console Team
Published
IT
Okta
1Password
Linear
+2
Trigger
IT or admin requests onboarding a new SaaS app with SSO ("we want to onboard Linear company-wide", "set up SSO for the new Highspot tenant").
Instructions
#Trigger Form to collect:
App name and vendor URL
SSO protocol (SAML 2.0 / OIDC)
For SAML: ACS URL, entity ID, name ID format, certificate
For OIDC: redirect URI, scopes needed
SCIM endpoint + bearer token (if available)
Default user groups to provision (eng / product / design / all-company)
#Lookup Apps to confirm the app isn't already onboarded. If it exists, ask the requester whether to modify or reject.
#Request Approval from the security team for the new vendor (chain to Sec-18 if not already approved).
Create the Okta app:
For SAML → custom Okta Create SAML App with ACS URL, entity ID, attributes mapping.
For OIDC → custom Okta Create OIDC App with redirect URI and scopes.
#Create Okta Group (Custom) for default access: {{app-slug}}-users and {{app-slug}}-admins.
#Add to Group to assign the requester to {{app-slug}}-admins.
For each requested default group (eng/product/design/all-company): custom Okta Assign
Group to App to grant baseline access.
If SCIM endpoint provided: custom Okta Configure SCIM with the endpoint + token, then #Update 1Password App Username Template to set the username convention.
Generate test credentials via custom Okta Create Test User and Assign action.
#Send Direct Message to the requester with SSO sign-in URL, test creds, SCIM status, next steps.
#Create Linear Issue in the IT project for follow-up tasks: app catalog entry, access policy creation, KB doc.
#Leave Internal Note capturing the protocol, ACS URL, and groups configured.
AR Aging & Collections
Playbooks
/
AR Aging & Collections
AR Aging & Collections
Created by
Console Team
Published
Finance
HubSpot
NetSuite
+5
Trigger
Scheduled — every day at 8:00 AM America/Chicago
Instructions
#Custom NetSuite Get Open AR with aging buckets.
For each open invoice:
#Search HubSpot Companies for AE/CSM.
#Custom HubSpot Get Account Health.
Branch by bucket:
0-30: standard; flag only if historically slow.
31-60: draft collection email; #Send Email template to AR clerk for review; auto-send to billing cc AE on approval; #Create HubSpot Note on Company.
61-90: second email + DM to controller; #custom NetSuite Add to Watchlist; DM AE + CSM.
90+: DM controller + CFO; #Request Approval from CFO for continue / collections agency / write-off; on write-off custom NetSuite Write Off Invoice + Update Customer Status.
Aggregate by customer; multiple overdue → treat at worst bucket.
Weekly AR digest to #finance-ar.
Monthly bad debt review to #finance-leads.
AR Aging & Collections
Playbooks
/
AR Aging & Collections
AR Aging & Collections
Created by
Console Team
Published
Finance
HubSpot
NetSuite
+5
Trigger
Scheduled — every day at 8:00 AM America/Chicago
Instructions
#Custom NetSuite Get Open AR with aging buckets.
For each open invoice:
#Search HubSpot Companies for AE/CSM.
#Custom HubSpot Get Account Health.
Branch by bucket:
0-30: standard; flag only if historically slow.
31-60: draft collection email; #Send Email template to AR clerk for review; auto-send to billing cc AE on approval; #Create HubSpot Note on Company.
61-90: second email + DM to controller; #custom NetSuite Add to Watchlist; DM AE + CSM.
90+: DM controller + CFO; #Request Approval from CFO for continue / collections agency / write-off; on write-off custom NetSuite Write Off Invoice + Update Customer Status.
Aggregate by customer; multiple overdue → treat at worst bucket.
Weekly AR digest to #finance-ar.
Monthly bad debt review to #finance-leads.
AR Aging & Collections
Playbooks
/
AR Aging & Collections
AR Aging & Collections
Created by
Console Team
Published
Finance
HubSpot
NetSuite
+5
Trigger
Scheduled — every day at 8:00 AM America/Chicago
Instructions
#Custom NetSuite Get Open AR with aging buckets.
For each open invoice:
#Search HubSpot Companies for AE/CSM.
#Custom HubSpot Get Account Health.
Branch by bucket:
0-30: standard; flag only if historically slow.
31-60: draft collection email; #Send Email template to AR clerk for review; auto-send to billing cc AE on approval; #Create HubSpot Note on Company.
61-90: second email + DM to controller; #custom NetSuite Add to Watchlist; DM AE + CSM.
90+: DM controller + CFO; #Request Approval from CFO for continue / collections agency / write-off; on write-off custom NetSuite Write Off Invoice + Update Customer Status.
Aggregate by customer; multiple overdue → treat at worst bucket.
Weekly AR digest to #finance-ar.
Monthly bad debt review to #finance-leads.
Asset / Inventory Sync
Playbooks
/
Asset / Inventory Sync
Asset / Inventory Sync
Created by
Console Team
Published
IT
Kandji
Jira
Linear
+2
Trigger
Scheduled — daily incremental diff at 6:00 AM, full reconciliation quarterly on the 1st at 6:00 AM
Instructions
Pull all data sources in parallel:
#List Devices (Kandji) for enrolled devices.
#Custom Intune List Devices for Windows enrolled devices.
#Custom Jira Assets Query for the asset register.
#Search Graph for the HR roster from the HR ingest.
Build a unified view by serial number and assigned user.
Compute mismatches:
Lost-not-recovered: marked lost in any system but still active elsewhere.
Retired-but-active: marked retired in asset register but checking in to Kandji/Intune.
Employee-without-device: active employee in HR but no device assigned.
Device-without-owner: active device but unassigned or owner is offboarded.
Owner-mismatch: different owner in Kandji vs Jira Assets.
For each mismatch:
Determine the asset owner (IT team member responsible).
#Send Direct Message to the asset owner with the mismatch, proposed fix, and a
#Trigger Form to approve / modify / dismiss.
schedule_action wake at 7 days for each mismatch to check resolution.
On wake: if mismatch still exists, #Create Linear Issue for IT to resolve.
After full daily reconciliation:
#Send Channel Message to #it-asset-ops with totals and trend.
Quarterly run also produces a Linear summary issue with trend data via #Run Query.
Asset / Inventory Sync
Playbooks
/
Asset / Inventory Sync
Asset / Inventory Sync
Created by
Console Team
Published
IT
Kandji
Jira
Linear
+2
Trigger
Scheduled — daily incremental diff at 6:00 AM, full reconciliation quarterly on the 1st at 6:00 AM
Instructions
Pull all data sources in parallel:
#List Devices (Kandji) for enrolled devices.
#Custom Intune List Devices for Windows enrolled devices.
#Custom Jira Assets Query for the asset register.
#Search Graph for the HR roster from the HR ingest.
Build a unified view by serial number and assigned user.
Compute mismatches:
Lost-not-recovered: marked lost in any system but still active elsewhere.
Retired-but-active: marked retired in asset register but checking in to Kandji/Intune.
Employee-without-device: active employee in HR but no device assigned.
Device-without-owner: active device but unassigned or owner is offboarded.
Owner-mismatch: different owner in Kandji vs Jira Assets.
For each mismatch:
Determine the asset owner (IT team member responsible).
#Send Direct Message to the asset owner with the mismatch, proposed fix, and a
#Trigger Form to approve / modify / dismiss.
schedule_action wake at 7 days for each mismatch to check resolution.
On wake: if mismatch still exists, #Create Linear Issue for IT to resolve.
After full daily reconciliation:
#Send Channel Message to #it-asset-ops with totals and trend.
Quarterly run also produces a Linear summary issue with trend data via #Run Query.
Asset / Inventory Sync
Playbooks
/
Asset / Inventory Sync
Asset / Inventory Sync
Created by
Console Team
Published
IT
Kandji
Jira
Linear
+2
Trigger
Scheduled — daily incremental diff at 6:00 AM, full reconciliation quarterly on the 1st at 6:00 AM
Instructions
Pull all data sources in parallel:
#List Devices (Kandji) for enrolled devices.
#Custom Intune List Devices for Windows enrolled devices.
#Custom Jira Assets Query for the asset register.
#Search Graph for the HR roster from the HR ingest.
Build a unified view by serial number and assigned user.
Compute mismatches:
Lost-not-recovered: marked lost in any system but still active elsewhere.
Retired-but-active: marked retired in asset register but checking in to Kandji/Intune.
Employee-without-device: active employee in HR but no device assigned.
Device-without-owner: active device but unassigned or owner is offboarded.
Owner-mismatch: different owner in Kandji vs Jira Assets.
For each mismatch:
Determine the asset owner (IT team member responsible).
#Send Direct Message to the asset owner with the mismatch, proposed fix, and a
#Trigger Form to approve / modify / dismiss.
schedule_action wake at 7 days for each mismatch to check resolution.
On wake: if mismatch still exists, #Create Linear Issue for IT to resolve.
After full daily reconciliation:
#Send Channel Message to #it-asset-ops with totals and trend.
Quarterly run also produces a Linear summary issue with trend data via #Run Query.
AVD Assignment
Playbooks
/
AVD Assignment
AVD Assignment
Created by
Console Team
Published
IT
Azure DevOps
Entrata
+2
Trigger
Contractor in a restricted country or BYOD user needs an Azure Virtual Desktop session.
Instructions
#Lookup Users on the requester with includeManager and includeGroups.
#Search Graph in the custom HR/contractor ingest to find the engagement end-date.
#Trigger Form to collect:
Role-based image needed (eng tools / design tools / GTM tools)
Country of access
Engagement duration (auto-fill from HR ingest if available)
#Request Approval from the requester's engagement owner.
On approval, provision the AVD:
Custom Azure AVD Create Host Pool Assignment with image template and user UPN.
Custom Entra Assign User to AVD App scoped to this user only.
Custom Entra Set Conditional Access restricting sign-in to the engagement country.
Time-box the access:
schedule_action wake on the engagement end-date to call custom Azure AVD
Remove Assignment and Entra Revoke AVD App Access.
#Send Direct Message to the requester with AVD connection URL, sign-in credentials,
expiry date, support path.
#Send Channel Message to #it-contractor-access logging the provision.
#Leave Internal Note capturing image, country, end-date.
#Resolve Request.
AVD Assignment
Playbooks
/
AVD Assignment
AVD Assignment
Created by
Console Team
Published
IT
Azure DevOps
Entrata
+2
Trigger
Contractor in a restricted country or BYOD user needs an Azure Virtual Desktop session.
Instructions
#Lookup Users on the requester with includeManager and includeGroups.
#Search Graph in the custom HR/contractor ingest to find the engagement end-date.
#Trigger Form to collect:
Role-based image needed (eng tools / design tools / GTM tools)
Country of access
Engagement duration (auto-fill from HR ingest if available)
#Request Approval from the requester's engagement owner.
On approval, provision the AVD:
Custom Azure AVD Create Host Pool Assignment with image template and user UPN.
Custom Entra Assign User to AVD App scoped to this user only.
Custom Entra Set Conditional Access restricting sign-in to the engagement country.
Time-box the access:
schedule_action wake on the engagement end-date to call custom Azure AVD
Remove Assignment and Entra Revoke AVD App Access.
#Send Direct Message to the requester with AVD connection URL, sign-in credentials,
expiry date, support path.
#Send Channel Message to #it-contractor-access logging the provision.
#Leave Internal Note capturing image, country, end-date.
#Resolve Request.
AVD Assignment
Playbooks
/
AVD Assignment
AVD Assignment
Created by
Console Team
Published
IT
Azure DevOps
Entrata
+2
Trigger
Contractor in a restricted country or BYOD user needs an Azure Virtual Desktop session.
Instructions
#Lookup Users on the requester with includeManager and includeGroups.
#Search Graph in the custom HR/contractor ingest to find the engagement end-date.
#Trigger Form to collect:
Role-based image needed (eng tools / design tools / GTM tools)
Country of access
Engagement duration (auto-fill from HR ingest if available)
#Request Approval from the requester's engagement owner.
On approval, provision the AVD:
Custom Azure AVD Create Host Pool Assignment with image template and user UPN.
Custom Entra Assign User to AVD App scoped to this user only.
Custom Entra Set Conditional Access restricting sign-in to the engagement country.
Time-box the access:
schedule_action wake on the engagement end-date to call custom Azure AVD
Remove Assignment and Entra Revoke AVD App Access.
#Send Direct Message to the requester with AVD connection URL, sign-in credentials,
expiry date, support path.
#Send Channel Message to #it-contractor-access logging the provision.
#Leave Internal Note capturing image, country, end-date.
#Resolve Request.
Bill Payment Approval
Playbooks
/
Bill Payment Approval
Bill Payment Approval
Created by
Console Team
Published
Finance
Workday
NetSuite
Bill
+5
Trigger
Webhook — Bill.com bill.created or bill.submitted Variables: $bill.id, $bill.vendorId, $bill.amount, $bill.dueDate, $bill.glAccount
Instructions
#Custom NetSuite Lookup Vendor to confirm active.
#Custom Coupa Find Matching PO by vendor + amount + line items.
Validation:
PO exists for amounts above $X.
Amount matches PO within tolerance (±5% or $100).
GL coding valid for cost center.
Vendor not on payment hold.
Failures → #Send Channel Message to #ap-review and pause.
Approval tier:
<$5k → AP clerk.
$5k–$25k → controller.
$25k–$100k → controller + CFO.
>$100k → controller + CFO + CEO.
Resolve approvers (custom Get AP Clerk On Duty / Get Controller / Get CFO, cost-center owner via Workday).
#Request Approval chained per tier with: bill detail, PO match, GL coding, vendor history, terms, due-date proximity.
On full approval:
Rejection / query → #Send Channel Message to #ap-review and DM PO owner.
#Send Channel Message to #ap-log.
Bill Payment Approval
Playbooks
/
Bill Payment Approval
Bill Payment Approval
Created by
Console Team
Published
Finance
Workday
NetSuite
Bill
+5
Trigger
Webhook — Bill.com bill.created or bill.submitted Variables: $bill.id, $bill.vendorId, $bill.amount, $bill.dueDate, $bill.glAccount
Instructions
#Custom NetSuite Lookup Vendor to confirm active.
#Custom Coupa Find Matching PO by vendor + amount + line items.
Validation:
PO exists for amounts above $X.
Amount matches PO within tolerance (±5% or $100).
GL coding valid for cost center.
Vendor not on payment hold.
Failures → #Send Channel Message to #ap-review and pause.
Approval tier:
<$5k → AP clerk.
$5k–$25k → controller.
$25k–$100k → controller + CFO.
>$100k → controller + CFO + CEO.
Resolve approvers (custom Get AP Clerk On Duty / Get Controller / Get CFO, cost-center owner via Workday).
#Request Approval chained per tier with: bill detail, PO match, GL coding, vendor history, terms, due-date proximity.
On full approval:
Rejection / query → #Send Channel Message to #ap-review and DM PO owner.
#Send Channel Message to #ap-log.
Bill Payment Approval
Playbooks
/
Bill Payment Approval
Bill Payment Approval
Created by
Console Team
Published
Finance
Workday
NetSuite
Bill
+5
Trigger
Webhook — Bill.com bill.created or bill.submitted Variables: $bill.id, $bill.vendorId, $bill.amount, $bill.dueDate, $bill.glAccount
Instructions
#Custom NetSuite Lookup Vendor to confirm active.
#Custom Coupa Find Matching PO by vendor + amount + line items.
Validation:
PO exists for amounts above $X.
Amount matches PO within tolerance (±5% or $100).
GL coding valid for cost center.
Vendor not on payment hold.
Failures → #Send Channel Message to #ap-review and pause.
Approval tier:
<$5k → AP clerk.
$5k–$25k → controller.
$25k–$100k → controller + CFO.
>$100k → controller + CFO + CEO.
Resolve approvers (custom Get AP Clerk On Duty / Get Controller / Get CFO, cost-center owner via Workday).
#Request Approval chained per tier with: bill detail, PO match, GL coding, vendor history, terms, due-date proximity.
On full approval:
Rejection / query → #Send Channel Message to #ap-review and DM PO owner.
#Send Channel Message to #ap-log.
Call Recording Lookup
Playbooks
/
Call Recording Lookup
Call Recording Lookup
Created by
Console Team
Published
RevOps
Gong
HubSpot
Fathom
+5
Trigger
Requester asks for a Gong/Fathom call ("Gong from Acme last Tuesday", "Fathom call with Globex CTO", "recap from the demo I did with Initech").
Instructions
Parse:
Account/company name.
Date or relative date ("last Tuesday", "yesterday").
Participant name (if specified).
Type (demo / discovery / negotiation).
#Lookup Users on the requester (to filter to their calls by default).
Resolve the account:
#Search HubSpot Companies for the company name.
If multiple matches, #Send Direct Message with disambiguation.
Resolve the date window:
"Last Tuesday" → compute calendar date.
"Yesterday" → previous day.
"Last week" → 7-day window.
Search call recordings:
#Custom Gong Search Calls by accountId + date range.
#Get All Meetings from Fathom as fallback.
#Custom Get HubSpot Engagements (Meetings) by companyId + date.
If multiple matches, list them:
#Send Direct Message with: Title | Date | Duration | Participants | Link.
#Trigger Form to pick one.
On selection (or if single match):
#Custom Gong Get Call Transcript (or #Get Meeting Transcript from Fathom).
#Custom Gong Get Call AI Summary for the AI-generated summary.
#Custom Gong Get Call Highlights for key moments and action items.
Format the response:
TL;DR (1-3 sentence summary).
Key moments with timestamps.
Action items extracted.
Sentiment / talk ratio if relevant.
Full transcript link.
#Send Direct Message with the formatted call brief.
#Create HubSpot Note on Deal if a deal is associated, capturing the summary.
Call Recording Lookup
Playbooks
/
Call Recording Lookup
Call Recording Lookup
Created by
Console Team
Published
RevOps
Gong
HubSpot
Fathom
+5
Trigger
Requester asks for a Gong/Fathom call ("Gong from Acme last Tuesday", "Fathom call with Globex CTO", "recap from the demo I did with Initech").
Instructions
Parse:
Account/company name.
Date or relative date ("last Tuesday", "yesterday").
Participant name (if specified).
Type (demo / discovery / negotiation).
#Lookup Users on the requester (to filter to their calls by default).
Resolve the account:
#Search HubSpot Companies for the company name.
If multiple matches, #Send Direct Message with disambiguation.
Resolve the date window:
"Last Tuesday" → compute calendar date.
"Yesterday" → previous day.
"Last week" → 7-day window.
Search call recordings:
#Custom Gong Search Calls by accountId + date range.
#Get All Meetings from Fathom as fallback.
#Custom Get HubSpot Engagements (Meetings) by companyId + date.
If multiple matches, list them:
#Send Direct Message with: Title | Date | Duration | Participants | Link.
#Trigger Form to pick one.
On selection (or if single match):
#Custom Gong Get Call Transcript (or #Get Meeting Transcript from Fathom).
#Custom Gong Get Call AI Summary for the AI-generated summary.
#Custom Gong Get Call Highlights for key moments and action items.
Format the response:
TL;DR (1-3 sentence summary).
Key moments with timestamps.
Action items extracted.
Sentiment / talk ratio if relevant.
Full transcript link.
#Send Direct Message with the formatted call brief.
#Create HubSpot Note on Deal if a deal is associated, capturing the summary.
Call Recording Lookup
Playbooks
/
Call Recording Lookup
Call Recording Lookup
Created by
Console Team
Published
RevOps
Gong
HubSpot
Fathom
+5
Trigger
Requester asks for a Gong/Fathom call ("Gong from Acme last Tuesday", "Fathom call with Globex CTO", "recap from the demo I did with Initech").
Instructions
Parse:
Account/company name.
Date or relative date ("last Tuesday", "yesterday").
Participant name (if specified).
Type (demo / discovery / negotiation).
#Lookup Users on the requester (to filter to their calls by default).
Resolve the account:
#Search HubSpot Companies for the company name.
If multiple matches, #Send Direct Message with disambiguation.
Resolve the date window:
"Last Tuesday" → compute calendar date.
"Yesterday" → previous day.
"Last week" → 7-day window.
Search call recordings:
#Custom Gong Search Calls by accountId + date range.
#Get All Meetings from Fathom as fallback.
#Custom Get HubSpot Engagements (Meetings) by companyId + date.
If multiple matches, list them:
#Send Direct Message with: Title | Date | Duration | Participants | Link.
#Trigger Form to pick one.
On selection (or if single match):
#Custom Gong Get Call Transcript (or #Get Meeting Transcript from Fathom).
#Custom Gong Get Call AI Summary for the AI-generated summary.
#Custom Gong Get Call Highlights for key moments and action items.
Format the response:
TL;DR (1-3 sentence summary).
Key moments with timestamps.
Action items extracted.
Sentiment / talk ratio if relevant.
Full transcript link.
#Send Direct Message with the formatted call brief.
#Create HubSpot Note on Deal if a deal is associated, capturing the summary.
Card Lock & Lost Replacement
Playbooks
/
Card Lock & Lost Replacement
Card Lock & Lost Replacement
Created by
Console Team
Published
Finance
Ramp
+1
Trigger
Requester reports lost/stolen card.
Instructions
#Trigger Form for platform, card identifier, when lost, suspected fraud, replacement needed, shipping address.
#List Ramp Cards by User to confirm card.
Immediate containment:
#Custom Ramp Freeze Card instantly.
#Custom Ramp List Recent Transactions for post-loss activity.
Fraud suspected:
#Send Channel Message to #finance-fraud-log.
#Custom Notify Card Provider Fraud Team.
Identity verification:
#Request Approval from manager for replacement above threshold.
Replacement:
#Custom Ramp Order Replacement Card with overnight to address on file.
#Custom Ramp Set Card Limits matching previous.
For virtual: custom Ramp Issue Virtual Card immediately.
#Send Direct Message with freeze confirm, fraud case number, tracking, virtual card details, what to do if found.
#Send Channel Message to #finance-card-log.
schedule_action wake at expected delivery + 1 day to confirm receipt.
Card Lock & Lost Replacement
Playbooks
/
Card Lock & Lost Replacement
Card Lock & Lost Replacement
Created by
Console Team
Published
Finance
Ramp
+1
Trigger
Requester reports lost/stolen card.
Instructions
#Trigger Form for platform, card identifier, when lost, suspected fraud, replacement needed, shipping address.
#List Ramp Cards by User to confirm card.
Immediate containment:
#Custom Ramp Freeze Card instantly.
#Custom Ramp List Recent Transactions for post-loss activity.
Fraud suspected:
#Send Channel Message to #finance-fraud-log.
#Custom Notify Card Provider Fraud Team.
Identity verification:
#Request Approval from manager for replacement above threshold.
Replacement:
#Custom Ramp Order Replacement Card with overnight to address on file.
#Custom Ramp Set Card Limits matching previous.
For virtual: custom Ramp Issue Virtual Card immediately.
#Send Direct Message with freeze confirm, fraud case number, tracking, virtual card details, what to do if found.
#Send Channel Message to #finance-card-log.
schedule_action wake at expected delivery + 1 day to confirm receipt.
Card Lock & Lost Replacement
Playbooks
/
Card Lock & Lost Replacement
Card Lock & Lost Replacement
Created by
Console Team
Published
Finance
Ramp
+1
Trigger
Requester reports lost/stolen card.
Instructions
#Trigger Form for platform, card identifier, when lost, suspected fraud, replacement needed, shipping address.
#List Ramp Cards by User to confirm card.
Immediate containment:
#Custom Ramp Freeze Card instantly.
#Custom Ramp List Recent Transactions for post-loss activity.
Fraud suspected:
#Send Channel Message to #finance-fraud-log.
#Custom Notify Card Provider Fraud Team.
Identity verification:
#Request Approval from manager for replacement above threshold.
Replacement:
#Custom Ramp Order Replacement Card with overnight to address on file.
#Custom Ramp Set Card Limits matching previous.
For virtual: custom Ramp Issue Virtual Card immediately.
#Send Direct Message with freeze confirm, fraud case number, tracking, virtual card details, what to do if found.
#Send Channel Message to #finance-card-log.
schedule_action wake at expected delivery + 1 day to confirm receipt.
Card Spend Limit Adjustment
Playbooks
/
Card Spend Limit Adjustment
Card Spend Limit Adjustment
Created by
Console Team
Published
Finance
Ramp
+2
Trigger
Requester asks to change spend limit.
Instructions
#Trigger Form for cardholder, current limit, requested limit, permanent vs temporary (with expiry), justification, cost center.
#Lookup Users with includeManager + includeGroups.
Validate against role-based max:
Above max → cannot proceed without exception.
Approval tier:
<25% increase → manager.
25-100% → manager + finance ops.
>100% OR new limit >$25k → manager + finance ops + controller.
#Request Approval chained.
On approval:
For temporary: capture original limit + expiry.
schedule_action wake at expiry to revert.
#Send Direct Message with new limit, effective date, reversion date.
#Send Channel Message to #finance-card-log.
On reversion wake: DM cardholder + channel log.
Card Spend Limit Adjustment
Playbooks
/
Card Spend Limit Adjustment
Card Spend Limit Adjustment
Created by
Console Team
Published
Finance
Ramp
+2
Trigger
Requester asks to change spend limit.
Instructions
#Trigger Form for cardholder, current limit, requested limit, permanent vs temporary (with expiry), justification, cost center.
#Lookup Users with includeManager + includeGroups.
Validate against role-based max:
Above max → cannot proceed without exception.
Approval tier:
<25% increase → manager.
25-100% → manager + finance ops.
>100% OR new limit >$25k → manager + finance ops + controller.
#Request Approval chained.
On approval:
For temporary: capture original limit + expiry.
schedule_action wake at expiry to revert.
#Send Direct Message with new limit, effective date, reversion date.
#Send Channel Message to #finance-card-log.
On reversion wake: DM cardholder + channel log.
Card Spend Limit Adjustment
Playbooks
/
Card Spend Limit Adjustment
Card Spend Limit Adjustment
Created by
Console Team
Published
Finance
Ramp
+2
Trigger
Requester asks to change spend limit.
Instructions
#Trigger Form for cardholder, current limit, requested limit, permanent vs temporary (with expiry), justification, cost center.
#Lookup Users with includeManager + includeGroups.
Validate against role-based max:
Above max → cannot proceed without exception.
Approval tier:
<25% increase → manager.
25-100% → manager + finance ops.
>100% OR new limit >$25k → manager + finance ops + controller.
#Request Approval chained.
On approval:
For temporary: capture original limit + expiry.
schedule_action wake at expiry to revert.
#Send Direct Message with new limit, effective date, reversion date.
#Send Channel Message to #finance-card-log.
On reversion wake: DM cardholder + channel log.
Certificate Expiration Tracking
Playbooks
/
Certificate Expiration Tracking
Certificate Expiration Tracking
Created by
Console Team
Published
Security
AWS
Vanta
+5
Trigger
Scheduled — every day at 6:00 AM America/Chicago
Instructions
Pull cert inventory:
#Custom Cloudflare List Certificates for all zones.
#Custom AWS ACM List Certificates for all regions.
#Custom Let's Encrypt List Certificates if any managed externally.
For each cert, capture:
Domain(s)
Issuer
Not-after date
Days-to-expiry
Cert owner (via custom Get Cert Owner).
Determine alert tier:
30 days → first reminder.
14 days → second reminder.
3 days → urgent + create Linear ticket.
Expired → critical alert.
For each cert at an alert tier:
#Lookup Users on the cert owner.
Check if already alerted in the last 24h (avoid spam).
Send the alert:
#Send Direct Message to the owner with: domain, expiry date, days remaining, renewal runbook link, "Renew now" form.
For auto-renewable certs (LE, ACM auto-renew): just notify; system will handle.
For manual: provide step-by-step.
On "Renew now":
For LE / ACM: custom Trigger Cert Renewal action.
For manual cert sources: #Create Linear Issue in the platform project assigned to the owner.
At 3-day mark:
#Create Linear Issue regardless of prior action.
#Send Channel Message to #security with the impending expiry.
At expiry:
#Send Channel Message to #security-critical and the cert owner's team channel.
#Custom Page On-Call for production-critical certs.
Weekly summary:
#Send Channel Message to #security with: certs expiring in next 30/60/90 days, renewal status.
#Custom Vanta Upload Evidence monthly with cert inventory snapshot.
#Leave Internal Note for each cert action.
Certificate Expiration Tracking
Playbooks
/
Certificate Expiration Tracking
Certificate Expiration Tracking
Created by
Console Team
Published
Security
AWS
Vanta
+5
Trigger
Scheduled — every day at 6:00 AM America/Chicago
Instructions
Pull cert inventory:
#Custom Cloudflare List Certificates for all zones.
#Custom AWS ACM List Certificates for all regions.
#Custom Let's Encrypt List Certificates if any managed externally.
For each cert, capture:
Domain(s)
Issuer
Not-after date
Days-to-expiry
Cert owner (via custom Get Cert Owner).
Determine alert tier:
30 days → first reminder.
14 days → second reminder.
3 days → urgent + create Linear ticket.
Expired → critical alert.
For each cert at an alert tier:
#Lookup Users on the cert owner.
Check if already alerted in the last 24h (avoid spam).
Send the alert:
#Send Direct Message to the owner with: domain, expiry date, days remaining, renewal runbook link, "Renew now" form.
For auto-renewable certs (LE, ACM auto-renew): just notify; system will handle.
For manual: provide step-by-step.
On "Renew now":
For LE / ACM: custom Trigger Cert Renewal action.
For manual cert sources: #Create Linear Issue in the platform project assigned to the owner.
At 3-day mark:
#Create Linear Issue regardless of prior action.
#Send Channel Message to #security with the impending expiry.
At expiry:
#Send Channel Message to #security-critical and the cert owner's team channel.
#Custom Page On-Call for production-critical certs.
Weekly summary:
#Send Channel Message to #security with: certs expiring in next 30/60/90 days, renewal status.
#Custom Vanta Upload Evidence monthly with cert inventory snapshot.
#Leave Internal Note for each cert action.
Certificate Expiration Tracking
Playbooks
/
Certificate Expiration Tracking
Certificate Expiration Tracking
Created by
Console Team
Published
Security
AWS
Vanta
+5
Trigger
Scheduled — every day at 6:00 AM America/Chicago
Instructions
Pull cert inventory:
#Custom Cloudflare List Certificates for all zones.
#Custom AWS ACM List Certificates for all regions.
#Custom Let's Encrypt List Certificates if any managed externally.
For each cert, capture:
Domain(s)
Issuer
Not-after date
Days-to-expiry
Cert owner (via custom Get Cert Owner).
Determine alert tier:
30 days → first reminder.
14 days → second reminder.
3 days → urgent + create Linear ticket.
Expired → critical alert.
For each cert at an alert tier:
#Lookup Users on the cert owner.
Check if already alerted in the last 24h (avoid spam).
Send the alert:
#Send Direct Message to the owner with: domain, expiry date, days remaining, renewal runbook link, "Renew now" form.
For auto-renewable certs (LE, ACM auto-renew): just notify; system will handle.
For manual: provide step-by-step.
On "Renew now":
For LE / ACM: custom Trigger Cert Renewal action.
For manual cert sources: #Create Linear Issue in the platform project assigned to the owner.
At 3-day mark:
#Create Linear Issue regardless of prior action.
#Send Channel Message to #security with the impending expiry.
At expiry:
#Send Channel Message to #security-critical and the cert owner's team channel.
#Custom Page On-Call for production-critical certs.
Weekly summary:
#Send Channel Message to #security with: certs expiring in next 30/60/90 days, renewal status.
#Custom Vanta Upload Evidence monthly with cert inventory snapshot.
#Leave Internal Note for each cert action.
Closed-Lost Cascade
Playbooks
/
Closed-Lost Cascade
Closed-Lost Cascade
Created by
Console Team
Published
RevOps
HubSpot
Gong
Outreach
+2
Trigger
Webhook — deal stage transition to closed-lost Variables: $deal.id, $deal.amount, $deal.ownerId, $deal.companyId, $deal.closeDate
Instructions
#Get HubSpot Deal Details with Activity Timeline for context.
#Lookup Users on $deal.ownerId.
Capture loss reason if not already on the deal:
Check closedLostReason field — if empty, prompt the AE.
#Send Direct Message to AE with a #Trigger Form:
Primary loss reason (Price / Product fit / Competitor / Timing / No decision / Champion left / Other).
Competitor (if Competitor selected).
Decision-maker (who made the call).
Lessons learned (free text).
Win-back potential (Likely / Possible / Unlikely).
schedule_action wake at 3 days if AE hasn't responded.
On AE response:
#Update HubSpot Deal Properties with the loss data.
#Create HubSpot Note on Deal with the full loss analysis.
Schedule win-back cadence (if Likely or Possible):
#Custom Outreach Enroll Sequence with a 90-day post-close win-back sequence.
#Custom HubSpot Add Contacts to List for "lost-win-back-candidates".
Competitive intelligence:
If Competitor reason: #Send Channel Message to #competitive-intel with the deal + competitor + dynamics.
#Custom Update Competitive Tracker with the loss.
Gong tagging:
#Custom Gong Tag Deal Calls with closed-lost-{{reason}} for future training.
QBR tagging:
#Custom Tag for Loss Analysis to surface this deal in the next QBR/loss review.
AE coaching trigger:
For specific loss reasons (e.g. "Champion left", "Product fit"): suggest coaching topic to manager.
#Send Direct Message to manager with: "Three deals lost to {{reason}} this quarter. Coaching session?"
#Send Channel Message to #deal-lost-log for visibility (without amount if sensitive).
#Leave Internal Note with full cascade.
Closed-Lost Cascade
Playbooks
/
Closed-Lost Cascade
Closed-Lost Cascade
Created by
Console Team
Published
RevOps
HubSpot
Gong
Outreach
+2
Trigger
Webhook — deal stage transition to closed-lost Variables: $deal.id, $deal.amount, $deal.ownerId, $deal.companyId, $deal.closeDate
Instructions
#Get HubSpot Deal Details with Activity Timeline for context.
#Lookup Users on $deal.ownerId.
Capture loss reason if not already on the deal:
Check closedLostReason field — if empty, prompt the AE.
#Send Direct Message to AE with a #Trigger Form:
Primary loss reason (Price / Product fit / Competitor / Timing / No decision / Champion left / Other).
Competitor (if Competitor selected).
Decision-maker (who made the call).
Lessons learned (free text).
Win-back potential (Likely / Possible / Unlikely).
schedule_action wake at 3 days if AE hasn't responded.
On AE response:
#Update HubSpot Deal Properties with the loss data.
#Create HubSpot Note on Deal with the full loss analysis.
Schedule win-back cadence (if Likely or Possible):
#Custom Outreach Enroll Sequence with a 90-day post-close win-back sequence.
#Custom HubSpot Add Contacts to List for "lost-win-back-candidates".
Competitive intelligence:
If Competitor reason: #Send Channel Message to #competitive-intel with the deal + competitor + dynamics.
#Custom Update Competitive Tracker with the loss.
Gong tagging:
#Custom Gong Tag Deal Calls with closed-lost-{{reason}} for future training.
QBR tagging:
#Custom Tag for Loss Analysis to surface this deal in the next QBR/loss review.
AE coaching trigger:
For specific loss reasons (e.g. "Champion left", "Product fit"): suggest coaching topic to manager.
#Send Direct Message to manager with: "Three deals lost to {{reason}} this quarter. Coaching session?"
#Send Channel Message to #deal-lost-log for visibility (without amount if sensitive).
#Leave Internal Note with full cascade.
Closed-Lost Cascade
Playbooks
/
Closed-Lost Cascade
Closed-Lost Cascade
Created by
Console Team
Published
RevOps
HubSpot
Gong
Outreach
+2
Trigger
Webhook — deal stage transition to closed-lost Variables: $deal.id, $deal.amount, $deal.ownerId, $deal.companyId, $deal.closeDate
Instructions
#Get HubSpot Deal Details with Activity Timeline for context.
#Lookup Users on $deal.ownerId.
Capture loss reason if not already on the deal:
Check closedLostReason field — if empty, prompt the AE.
#Send Direct Message to AE with a #Trigger Form:
Primary loss reason (Price / Product fit / Competitor / Timing / No decision / Champion left / Other).
Competitor (if Competitor selected).
Decision-maker (who made the call).
Lessons learned (free text).
Win-back potential (Likely / Possible / Unlikely).
schedule_action wake at 3 days if AE hasn't responded.
On AE response:
#Update HubSpot Deal Properties with the loss data.
#Create HubSpot Note on Deal with the full loss analysis.
Schedule win-back cadence (if Likely or Possible):
#Custom Outreach Enroll Sequence with a 90-day post-close win-back sequence.
#Custom HubSpot Add Contacts to List for "lost-win-back-candidates".
Competitive intelligence:
If Competitor reason: #Send Channel Message to #competitive-intel with the deal + competitor + dynamics.
#Custom Update Competitive Tracker with the loss.
Gong tagging:
#Custom Gong Tag Deal Calls with closed-lost-{{reason}} for future training.
QBR tagging:
#Custom Tag for Loss Analysis to surface this deal in the next QBR/loss review.
AE coaching trigger:
For specific loss reasons (e.g. "Champion left", "Product fit"): suggest coaching topic to manager.
#Send Direct Message to manager with: "Three deals lost to {{reason}} this quarter. Coaching session?"
#Send Channel Message to #deal-lost-log for visibility (without amount if sensitive).
#Leave Internal Note with full cascade.
Closed-Won Cascade
Playbooks
/
Closed-Won Cascade
Closed-Won Cascade
Created by
Console Team
Published
RevOps
Google Calendar
Ramp
HubSpot
+5
Trigger
Webhook — HubSpot/Salesforce deal stage transition to closed-won Variables: $deal.id, $deal.amount, $deal.ownerId, $deal.companyId, $deal.closeDate
Instructions
#Get HubSpot Deal Details with Activity Timeline for full deal context.
#Lookup Users on $deal.ownerId (AE) and resolve the CSM via custom Get Assigned CSM from the company's CSM field.
Notify CS team:
#Send Channel Message to #cs-handoffs with: account name, ACV, contract term, products purchased, AE, CSM.
#Send Direct Message to the assigned CSM with the deal package.
Generate kickoff calendar:
Custom Google Calendar Create Event for a 60-min customer kickoff call scheduled 5-10 business days post-close.
Invite: CSM, AE (introduction), Implementation Lead, customer champion + contacts.
Exec gift:
For deals over a threshold (e.g. >$50k ACV): #Lookup Users for customer champion contact from the deal.
Custom Ramp Send Customer Gift with the champion's address.
Internal celebration:
#Send Channel Message to #wins with: AE, account, ACV, win story, product, region.
Include team-tagged shoutout for SE, SDR, CSM involved.
Financial system sync:
Custom NetSuite Create Customer Record if new customer.
Custom NetSuite Create Subscription with terms.
Custom NetSuite Generate Invoice Schedule based on payment terms.
Kick off customer onboarding playbook:
Custom Trigger Onboarding Playbook with the deal ID + customer payload (chains
to a CS onboarding playbook).
Update CRM with post-close fields:
#Update HubSpot Deal Properties with kickoffScheduled = true,
csmAssigned, onboardingTriggered.
AE celebration:
#Send Direct Message to AE with the closed-won celebration + comp impact
estimate.
#Create HubSpot Note on Deal capturing the full cascade execution.
#Leave Internal Note.
Closed-Won Cascade
Playbooks
/
Closed-Won Cascade
Closed-Won Cascade
Created by
Console Team
Published
RevOps
Google Calendar
Ramp
HubSpot
+5
Trigger
Webhook — HubSpot/Salesforce deal stage transition to closed-won Variables: $deal.id, $deal.amount, $deal.ownerId, $deal.companyId, $deal.closeDate
Instructions
#Get HubSpot Deal Details with Activity Timeline for full deal context.
#Lookup Users on $deal.ownerId (AE) and resolve the CSM via custom Get Assigned CSM from the company's CSM field.
Notify CS team:
#Send Channel Message to #cs-handoffs with: account name, ACV, contract term, products purchased, AE, CSM.
#Send Direct Message to the assigned CSM with the deal package.
Generate kickoff calendar:
Custom Google Calendar Create Event for a 60-min customer kickoff call scheduled 5-10 business days post-close.
Invite: CSM, AE (introduction), Implementation Lead, customer champion + contacts.
Exec gift:
For deals over a threshold (e.g. >$50k ACV): #Lookup Users for customer champion contact from the deal.
Custom Ramp Send Customer Gift with the champion's address.
Internal celebration:
#Send Channel Message to #wins with: AE, account, ACV, win story, product, region.
Include team-tagged shoutout for SE, SDR, CSM involved.
Financial system sync:
Custom NetSuite Create Customer Record if new customer.
Custom NetSuite Create Subscription with terms.
Custom NetSuite Generate Invoice Schedule based on payment terms.
Kick off customer onboarding playbook:
Custom Trigger Onboarding Playbook with the deal ID + customer payload (chains
to a CS onboarding playbook).
Update CRM with post-close fields:
#Update HubSpot Deal Properties with kickoffScheduled = true,
csmAssigned, onboardingTriggered.
AE celebration:
#Send Direct Message to AE with the closed-won celebration + comp impact
estimate.
#Create HubSpot Note on Deal capturing the full cascade execution.
#Leave Internal Note.
Closed-Won Cascade
Playbooks
/
Closed-Won Cascade
Closed-Won Cascade
Created by
Console Team
Published
RevOps
Google Calendar
Ramp
HubSpot
+5
Trigger
Webhook — HubSpot/Salesforce deal stage transition to closed-won Variables: $deal.id, $deal.amount, $deal.ownerId, $deal.companyId, $deal.closeDate
Instructions
#Get HubSpot Deal Details with Activity Timeline for full deal context.
#Lookup Users on $deal.ownerId (AE) and resolve the CSM via custom Get Assigned CSM from the company's CSM field.
Notify CS team:
#Send Channel Message to #cs-handoffs with: account name, ACV, contract term, products purchased, AE, CSM.
#Send Direct Message to the assigned CSM with the deal package.
Generate kickoff calendar:
Custom Google Calendar Create Event for a 60-min customer kickoff call scheduled 5-10 business days post-close.
Invite: CSM, AE (introduction), Implementation Lead, customer champion + contacts.
Exec gift:
For deals over a threshold (e.g. >$50k ACV): #Lookup Users for customer champion contact from the deal.
Custom Ramp Send Customer Gift with the champion's address.
Internal celebration:
#Send Channel Message to #wins with: AE, account, ACV, win story, product, region.
Include team-tagged shoutout for SE, SDR, CSM involved.
Financial system sync:
Custom NetSuite Create Customer Record if new customer.
Custom NetSuite Create Subscription with terms.
Custom NetSuite Generate Invoice Schedule based on payment terms.
Kick off customer onboarding playbook:
Custom Trigger Onboarding Playbook with the deal ID + customer payload (chains
to a CS onboarding playbook).
Update CRM with post-close fields:
#Update HubSpot Deal Properties with kickoffScheduled = true,
csmAssigned, onboardingTriggered.
AE celebration:
#Send Direct Message to AE with the closed-won celebration + comp impact
estimate.
#Create HubSpot Note on Deal capturing the full cascade execution.
#Leave Internal Note.
Cloud IAM Reviews
Playbooks
/
Cloud IAM Reviews
Cloud IAM Reviews
Created by
Console Team
Published
Security
AWS
Azure Blob Storage
Vanta
+5
Trigger
Scheduled — quarterly on the 1st of Jan/Apr/Jul/Oct at 7:00 AM America/Chicago
Instructions
Pull IAM inventory:
For each IAM principal, compute privilege score:
#Custom AWS Access Analyzer Query for unused permissions in the last 90 days.
#Custom GCP Policy Analyzer for overly permissive bindings.
Flag overly permissive:
Admin-equivalent (e.g.
AdministratorAccess,*:*,Owner) → always reviewed.Unused permissions ≥ 60 days → flagged.
Service accounts with human-like patterns → flagged for review.
Resolve owners:
For each flagged identity, #custom Get Service Owner by looking up:
Tags on the AWS user/role.
CODEOWNERS in associated repos.
Custom internal service-to-owner mapping.
Send attestations:
For each owner: #Send Direct Message with their IAM scope.
#Trigger Form with attest decision per identity: "Keep / Reduce / Revoke / Convert to role".
schedule_action wakes at 7, 14, 21 days for non-respondents.
At deadline + 1, execute decisions:
Reduce → #custom AWS IAM Detach Policy for unused policies; custom GCP Reduce Binding Scope.
Revoke → #custom AWS IAM Deactivate User + #custom AWS IAM Delete Access Keys.
Convert to role → #custom AWS IAM User to Role Migration.
#Custom Vanta Upload Evidence with the full review log.
#Send Channel Message to
#securitypost-cycle summary.#Create Linear Issue in Security-Audit for the quarterly cycle artifact.
#Leave Internal Note with cycle stats.
Cloud IAM Reviews
Playbooks
/
Cloud IAM Reviews
Cloud IAM Reviews
Created by
Console Team
Published
Security
AWS
Azure Blob Storage
Vanta
+5
Trigger
Scheduled — quarterly on the 1st of Jan/Apr/Jul/Oct at 7:00 AM America/Chicago
Instructions
Pull IAM inventory:
For each IAM principal, compute privilege score:
#Custom AWS Access Analyzer Query for unused permissions in the last 90 days.
#Custom GCP Policy Analyzer for overly permissive bindings.
Flag overly permissive:
Admin-equivalent (e.g.
AdministratorAccess,*:*,Owner) → always reviewed.Unused permissions ≥ 60 days → flagged.
Service accounts with human-like patterns → flagged for review.
Resolve owners:
For each flagged identity, #custom Get Service Owner by looking up:
Tags on the AWS user/role.
CODEOWNERS in associated repos.
Custom internal service-to-owner mapping.
Send attestations:
For each owner: #Send Direct Message with their IAM scope.
#Trigger Form with attest decision per identity: "Keep / Reduce / Revoke / Convert to role".
schedule_action wakes at 7, 14, 21 days for non-respondents.
At deadline + 1, execute decisions:
Reduce → #custom AWS IAM Detach Policy for unused policies; custom GCP Reduce Binding Scope.
Revoke → #custom AWS IAM Deactivate User + #custom AWS IAM Delete Access Keys.
Convert to role → #custom AWS IAM User to Role Migration.
#Custom Vanta Upload Evidence with the full review log.
#Send Channel Message to
#securitypost-cycle summary.#Create Linear Issue in Security-Audit for the quarterly cycle artifact.
#Leave Internal Note with cycle stats.
Cloud IAM Reviews
Playbooks
/
Cloud IAM Reviews
Cloud IAM Reviews
Created by
Console Team
Published
Security
AWS
Azure Blob Storage
Vanta
+5
Trigger
Scheduled — quarterly on the 1st of Jan/Apr/Jul/Oct at 7:00 AM America/Chicago
Instructions
Pull IAM inventory:
For each IAM principal, compute privilege score:
#Custom AWS Access Analyzer Query for unused permissions in the last 90 days.
#Custom GCP Policy Analyzer for overly permissive bindings.
Flag overly permissive:
Admin-equivalent (e.g.
AdministratorAccess,*:*,Owner) → always reviewed.Unused permissions ≥ 60 days → flagged.
Service accounts with human-like patterns → flagged for review.
Resolve owners:
For each flagged identity, #custom Get Service Owner by looking up:
Tags on the AWS user/role.
CODEOWNERS in associated repos.
Custom internal service-to-owner mapping.
Send attestations:
For each owner: #Send Direct Message with their IAM scope.
#Trigger Form with attest decision per identity: "Keep / Reduce / Revoke / Convert to role".
schedule_action wakes at 7, 14, 21 days for non-respondents.
At deadline + 1, execute decisions:
Reduce → #custom AWS IAM Detach Policy for unused policies; custom GCP Reduce Binding Scope.
Revoke → #custom AWS IAM Deactivate User + #custom AWS IAM Delete Access Keys.
Convert to role → #custom AWS IAM User to Role Migration.
#Custom Vanta Upload Evidence with the full review log.
#Send Channel Message to
#securitypost-cycle summary.#Create Linear Issue in Security-Audit for the quarterly cycle artifact.
#Leave Internal Note with cycle stats.
Comp & Quota Q&A
Playbooks
/
Comp & Quota Q&A
Comp & Quota Q&A
Created by
Console Team
Published
RevOps
Workday
HubSpot
+5
Trigger
Requester asks about their comp plan, attainment, commission timing, or accelerator triggers ("what's my plan", "Q3 attainment", "when does last quarter's commission pay", "am I in accelerator").
Instructions
Parse the question type:
Plan details / attainment / payment timing / accelerator / quota.
#Lookup Users on the requester with
includeManagerto confirm comp eligibility.Authentication / sensitivity check:
Comp data is personal — only the requester or their manager + ops should see.
If requester is asking about someone else: #Request Approval from that person or from ops.
Pull comp data:
#Custom CaptivateIQ Get Plan for the current plan details.
#Custom CaptivateIQ Get Attainment for current period attainment.
#Custom CaptivateIQ Get Payment Schedule for upcoming payments.
#Custom Workday Get Comp for base + variable split confirmation.
Cross-check against CRM:
#Search HubSpot Deals by Owner filtered to closed-won in the comp period for sanity.
#Custom Calculate Attainment from CRM as a sanity check vs CaptivateIQ.
If discrepancy >5% → flag for ops review.
Format the answer based on question type:
Plan → quota, OTE, base, variable, accelerator thresholds, SPIFFs.
Attainment → period, attainment %, dollars at quota, dollars at attainment.
Payment timing → next pay date, amount, prior periods status.
Accelerator → current attainment vs threshold, projected accelerator earnings.
#Send Direct Message with the formatted answer.
If discrepancy was flagged:
#Send Direct Message to ops with the user + discrepancy.
Offer follow-up: "Want me to walk you through how this is calculated?"
#Leave Internal Note capturing the query type.
Comp & Quota Q&A
Playbooks
/
Comp & Quota Q&A
Comp & Quota Q&A
Created by
Console Team
Published
RevOps
Workday
HubSpot
+5
Trigger
Requester asks about their comp plan, attainment, commission timing, or accelerator triggers ("what's my plan", "Q3 attainment", "when does last quarter's commission pay", "am I in accelerator").
Instructions
Parse the question type:
Plan details / attainment / payment timing / accelerator / quota.
#Lookup Users on the requester with
includeManagerto confirm comp eligibility.Authentication / sensitivity check:
Comp data is personal — only the requester or their manager + ops should see.
If requester is asking about someone else: #Request Approval from that person or from ops.
Pull comp data:
#Custom CaptivateIQ Get Plan for the current plan details.
#Custom CaptivateIQ Get Attainment for current period attainment.
#Custom CaptivateIQ Get Payment Schedule for upcoming payments.
#Custom Workday Get Comp for base + variable split confirmation.
Cross-check against CRM:
#Search HubSpot Deals by Owner filtered to closed-won in the comp period for sanity.
#Custom Calculate Attainment from CRM as a sanity check vs CaptivateIQ.
If discrepancy >5% → flag for ops review.
Format the answer based on question type:
Plan → quota, OTE, base, variable, accelerator thresholds, SPIFFs.
Attainment → period, attainment %, dollars at quota, dollars at attainment.
Payment timing → next pay date, amount, prior periods status.
Accelerator → current attainment vs threshold, projected accelerator earnings.
#Send Direct Message with the formatted answer.
If discrepancy was flagged:
#Send Direct Message to ops with the user + discrepancy.
Offer follow-up: "Want me to walk you through how this is calculated?"
#Leave Internal Note capturing the query type.
Comp & Quota Q&A
Playbooks
/
Comp & Quota Q&A
Comp & Quota Q&A
Created by
Console Team
Published
RevOps
Workday
HubSpot
+5
Trigger
Requester asks about their comp plan, attainment, commission timing, or accelerator triggers ("what's my plan", "Q3 attainment", "when does last quarter's commission pay", "am I in accelerator").
Instructions
Parse the question type:
Plan details / attainment / payment timing / accelerator / quota.
#Lookup Users on the requester with
includeManagerto confirm comp eligibility.Authentication / sensitivity check:
Comp data is personal — only the requester or their manager + ops should see.
If requester is asking about someone else: #Request Approval from that person or from ops.
Pull comp data:
#Custom CaptivateIQ Get Plan for the current plan details.
#Custom CaptivateIQ Get Attainment for current period attainment.
#Custom CaptivateIQ Get Payment Schedule for upcoming payments.
#Custom Workday Get Comp for base + variable split confirmation.
Cross-check against CRM:
#Search HubSpot Deals by Owner filtered to closed-won in the comp period for sanity.
#Custom Calculate Attainment from CRM as a sanity check vs CaptivateIQ.
If discrepancy >5% → flag for ops review.
Format the answer based on question type:
Plan → quota, OTE, base, variable, accelerator thresholds, SPIFFs.
Attainment → period, attainment %, dollars at quota, dollars at attainment.
Payment timing → next pay date, amount, prior periods status.
Accelerator → current attainment vs threshold, projected accelerator earnings.
#Send Direct Message with the formatted answer.
If discrepancy was flagged:
#Send Direct Message to ops with the user + discrepancy.
Offer follow-up: "Want me to walk you through how this is calculated?"
#Leave Internal Note capturing the query type.
Compensation Requests
Playbooks
/
Compensation Requests
Compensation Requests
Created by
Console Team
Published
HR
Workday
+1
Trigger
Manager submits an off-cycle merit, market adjustment, sign-on bonus, retention bonus, or promotion comp request.
Instructions
#Trigger Form to collect:
Employee being adjusted
Adjustment type (merit / market / sign-on / retention / promotion)
Current comp (auto-fill from Workday)
Proposed new comp
Justification (free text)
Market data attachment (if market adjustment)
Effective date
#Lookup Users on the employee and the requesting manager.
#Custom Workday Get Comp Band for the employee's role and level to check if the proposed comp falls within band.
#Custom Workday Get Compa-Ratio to show current and proposed compa-ratio.
Validate request:
In-band → standard approval path.
Above band → require additional VP approval.
Outside policy window (e.g. off-cycle merit when only quarterly cycles allowed) → require HRBP exception approval.
Approval chain:
#Request Approval from manager's manager (skip-level).
#Request Approval from HRBP with justification + market data attached.
#Request Approval from finance with budget impact calculation.
If above band → #Request Approval from the VP/Chief.
On full approval, on effective date:
#Custom Workday Submit Comp Change with new comp, type, effective date.
#Custom Workday Trigger Payroll Update for next pay cycle.
If sign-on or retention bonus, custom Workday Schedule Bonus Payment.
#Send Direct Message to the employee with a comp letter or update notification — composed from a template.
#Send Direct Message to the manager confirming the change and the next paystub the employee will see.
#Send Channel Message to
#hrbp-compfor tracking.#Leave Internal Note capturing approval trail, justification, market data.
Compensation Requests
Playbooks
/
Compensation Requests
Compensation Requests
Created by
Console Team
Published
HR
Workday
+1
Trigger
Manager submits an off-cycle merit, market adjustment, sign-on bonus, retention bonus, or promotion comp request.
Instructions
#Trigger Form to collect:
Employee being adjusted
Adjustment type (merit / market / sign-on / retention / promotion)
Current comp (auto-fill from Workday)
Proposed new comp
Justification (free text)
Market data attachment (if market adjustment)
Effective date
#Lookup Users on the employee and the requesting manager.
#Custom Workday Get Comp Band for the employee's role and level to check if the proposed comp falls within band.
#Custom Workday Get Compa-Ratio to show current and proposed compa-ratio.
Validate request:
In-band → standard approval path.
Above band → require additional VP approval.
Outside policy window (e.g. off-cycle merit when only quarterly cycles allowed) → require HRBP exception approval.
Approval chain:
#Request Approval from manager's manager (skip-level).
#Request Approval from HRBP with justification + market data attached.
#Request Approval from finance with budget impact calculation.
If above band → #Request Approval from the VP/Chief.
On full approval, on effective date:
#Custom Workday Submit Comp Change with new comp, type, effective date.
#Custom Workday Trigger Payroll Update for next pay cycle.
If sign-on or retention bonus, custom Workday Schedule Bonus Payment.
#Send Direct Message to the employee with a comp letter or update notification — composed from a template.
#Send Direct Message to the manager confirming the change and the next paystub the employee will see.
#Send Channel Message to
#hrbp-compfor tracking.#Leave Internal Note capturing approval trail, justification, market data.
Compensation Requests
Playbooks
/
Compensation Requests
Compensation Requests
Created by
Console Team
Published
HR
Workday
+1
Trigger
Manager submits an off-cycle merit, market adjustment, sign-on bonus, retention bonus, or promotion comp request.
Instructions
#Trigger Form to collect:
Employee being adjusted
Adjustment type (merit / market / sign-on / retention / promotion)
Current comp (auto-fill from Workday)
Proposed new comp
Justification (free text)
Market data attachment (if market adjustment)
Effective date
#Lookup Users on the employee and the requesting manager.
#Custom Workday Get Comp Band for the employee's role and level to check if the proposed comp falls within band.
#Custom Workday Get Compa-Ratio to show current and proposed compa-ratio.
Validate request:
In-band → standard approval path.
Above band → require additional VP approval.
Outside policy window (e.g. off-cycle merit when only quarterly cycles allowed) → require HRBP exception approval.
Approval chain:
#Request Approval from manager's manager (skip-level).
#Request Approval from HRBP with justification + market data attached.
#Request Approval from finance with budget impact calculation.
If above band → #Request Approval from the VP/Chief.
On full approval, on effective date:
#Custom Workday Submit Comp Change with new comp, type, effective date.
#Custom Workday Trigger Payroll Update for next pay cycle.
If sign-on or retention bonus, custom Workday Schedule Bonus Payment.
#Send Direct Message to the employee with a comp letter or update notification — composed from a template.
#Send Direct Message to the manager confirming the change and the next paystub the employee will see.
#Send Channel Message to
#hrbp-compfor tracking.#Leave Internal Note capturing approval trail, justification, market data.
Compliance Training
Playbooks
/
Compliance Training
Compliance Training
Created by
Console Team
Published
Security
Vanta
Trigger
Scheduled — daily + on hire (called from HR-1) + on cadence per framework Note: Overlaps with HR-15 but is framework-specific (SOC2, ISO, HIPAA, PCI).
Instructions
Determine required attestations per employee:
#Custom Vanta Get Required Trainings by role + framework scope.
Map to LearnUpon module IDs via custom Module Mapping.
For each employee with missing or due-for-renewal trainings:
#Lookup Users with
includeManager.#Custom LearnUpon Get Active Assignments to avoid double-assigning.
Assign modules:
#Custom LearnUpon Assign Modules with deadline (30 days standard, 14 days for new hires).
#Send Direct Message to the employee with:
List of required modules
Framework context (e.g. "Required for our SOC2 attestation")
Deadline
LearnUpon link
schedule_action wakes at 7, 14, 21, 30, 60, 90:
On each wake, custom LearnUpon Get Completion Status.
If incomplete:
Day 7-21 → #Send Direct Message reminder.
Day 30 → #Send Direct Message to manager + employee.
Day 60 → #Send Channel Message to
#compliancewith the employee.Day 90 → #Custom Vanta Flag Compliance Risk + #Send Direct Message to HRBP + CISO delegate.
On completion:
#Custom Vanta Upload Training Evidence with cert + completion date.
#Send Direct Message to employee thanking them.
Quarterly:
#Run Query for completion stats.
#Send Channel Message to
#compliancewith the org-wide report.
#Leave Internal Note per employee per training cycle.
Compliance Training
Playbooks
/
Compliance Training
Compliance Training
Created by
Console Team
Published
Security
Vanta
Trigger
Scheduled — daily + on hire (called from HR-1) + on cadence per framework Note: Overlaps with HR-15 but is framework-specific (SOC2, ISO, HIPAA, PCI).
Instructions
Determine required attestations per employee:
#Custom Vanta Get Required Trainings by role + framework scope.
Map to LearnUpon module IDs via custom Module Mapping.
For each employee with missing or due-for-renewal trainings:
#Lookup Users with
includeManager.#Custom LearnUpon Get Active Assignments to avoid double-assigning.
Assign modules:
#Custom LearnUpon Assign Modules with deadline (30 days standard, 14 days for new hires).
#Send Direct Message to the employee with:
List of required modules
Framework context (e.g. "Required for our SOC2 attestation")
Deadline
LearnUpon link
schedule_action wakes at 7, 14, 21, 30, 60, 90:
On each wake, custom LearnUpon Get Completion Status.
If incomplete:
Day 7-21 → #Send Direct Message reminder.
Day 30 → #Send Direct Message to manager + employee.
Day 60 → #Send Channel Message to
#compliancewith the employee.Day 90 → #Custom Vanta Flag Compliance Risk + #Send Direct Message to HRBP + CISO delegate.
On completion:
#Custom Vanta Upload Training Evidence with cert + completion date.
#Send Direct Message to employee thanking them.
Quarterly:
#Run Query for completion stats.
#Send Channel Message to
#compliancewith the org-wide report.
#Leave Internal Note per employee per training cycle.
Compliance Training
Playbooks
/
Compliance Training
Compliance Training
Created by
Console Team
Published
Security
Vanta
Trigger
Scheduled — daily + on hire (called from HR-1) + on cadence per framework Note: Overlaps with HR-15 but is framework-specific (SOC2, ISO, HIPAA, PCI).
Instructions
Determine required attestations per employee:
#Custom Vanta Get Required Trainings by role + framework scope.
Map to LearnUpon module IDs via custom Module Mapping.
For each employee with missing or due-for-renewal trainings:
#Lookup Users with
includeManager.#Custom LearnUpon Get Active Assignments to avoid double-assigning.
Assign modules:
#Custom LearnUpon Assign Modules with deadline (30 days standard, 14 days for new hires).
#Send Direct Message to the employee with:
List of required modules
Framework context (e.g. "Required for our SOC2 attestation")
Deadline
LearnUpon link
schedule_action wakes at 7, 14, 21, 30, 60, 90:
On each wake, custom LearnUpon Get Completion Status.
If incomplete:
Day 7-21 → #Send Direct Message reminder.
Day 30 → #Send Direct Message to manager + employee.
Day 60 → #Send Channel Message to
#compliancewith the employee.Day 90 → #Custom Vanta Flag Compliance Risk + #Send Direct Message to HRBP + CISO delegate.
On completion:
#Custom Vanta Upload Training Evidence with cert + completion date.
#Send Direct Message to employee thanking them.
Quarterly:
#Run Query for completion stats.
#Send Channel Message to
#compliancewith the org-wide report.
#Leave Internal Note per employee per training cycle.
Compromised Credential Response
Playbooks
/
Compromised Credential Response
Compromised Credential Response
Created by
Console Team
Published
Security
Okta
1Password
Vanta
+5
Trigger
Detection — webhook from HaveIBeenPwned API monitor OR Dehashed scheduled poll
Instructions
Parse the dump match:
Affected email
Source dump name + date
What was compromised (password / email / phone / other)
#Search Okta User by Email to confirm the user exists and is active.
If user doesn't exist or is already deactivated → log and exit.
#Lookup Users with
includeManager.Risk assessment:
If
passwordwas in the dump:#Custom Okta Check Password Reuse to see if the dumped password matches their current Okta password (via secure hash comparison if available).
If reuse detected → Critical.
Else → High.
If only email/phone exposed → Medium (phishing risk).
Execute response based on risk:
Critical / High (password compromised):
#Reset Password (Okta) with
sendEmail = true.#Reset User Factors (Custom) to force MFA re-enrollment.
#Custom Okta Force Password Change Next Login.
Medium (email/phone only):
#Send Direct Message with phishing-awareness reminder.
No forced reset, but heightened monitoring for 30 days.
#Send Direct Message to the user:
Explain the breach source and date (without leaking other affected services).
Confirm what was reset.
Recommend they:
Use 1Password to generate a unique password for the corporate account.
Check other accounts for password reuse via HIBP self-check link.
Enable phishing-resistant MFA (FIDO2 / passkey).
Include 1Password setup link if user isn't enrolled.
#Send Channel Message to
#security-credentialswith the response summary.schedule_action wake at 7 days to verify the user re-enrolled MFA and reset password.
On wake: if MFA not re-enrolled → #Send Direct Message reminder.
#Custom Vanta Log Credential Incident for compliance.
#Leave Internal Note capturing breach source, response actions, follow-up status.
Compromised Credential Response
Playbooks
/
Compromised Credential Response
Compromised Credential Response
Created by
Console Team
Published
Security
Okta
1Password
Vanta
+5
Trigger
Detection — webhook from HaveIBeenPwned API monitor OR Dehashed scheduled poll
Instructions
Parse the dump match:
Affected email
Source dump name + date
What was compromised (password / email / phone / other)
#Search Okta User by Email to confirm the user exists and is active.
If user doesn't exist or is already deactivated → log and exit.
#Lookup Users with
includeManager.Risk assessment:
If
passwordwas in the dump:#Custom Okta Check Password Reuse to see if the dumped password matches their current Okta password (via secure hash comparison if available).
If reuse detected → Critical.
Else → High.
If only email/phone exposed → Medium (phishing risk).
Execute response based on risk:
Critical / High (password compromised):
#Reset Password (Okta) with
sendEmail = true.#Reset User Factors (Custom) to force MFA re-enrollment.
#Custom Okta Force Password Change Next Login.
Medium (email/phone only):
#Send Direct Message with phishing-awareness reminder.
No forced reset, but heightened monitoring for 30 days.
#Send Direct Message to the user:
Explain the breach source and date (without leaking other affected services).
Confirm what was reset.
Recommend they:
Use 1Password to generate a unique password for the corporate account.
Check other accounts for password reuse via HIBP self-check link.
Enable phishing-resistant MFA (FIDO2 / passkey).
Include 1Password setup link if user isn't enrolled.
#Send Channel Message to
#security-credentialswith the response summary.schedule_action wake at 7 days to verify the user re-enrolled MFA and reset password.
On wake: if MFA not re-enrolled → #Send Direct Message reminder.
#Custom Vanta Log Credential Incident for compliance.
#Leave Internal Note capturing breach source, response actions, follow-up status.
Compromised Credential Response
Playbooks
/
Compromised Credential Response
Compromised Credential Response
Created by
Console Team
Published
Security
Okta
1Password
Vanta
+5
Trigger
Detection — webhook from HaveIBeenPwned API monitor OR Dehashed scheduled poll
Instructions
Parse the dump match:
Affected email
Source dump name + date
What was compromised (password / email / phone / other)
#Search Okta User by Email to confirm the user exists and is active.
If user doesn't exist or is already deactivated → log and exit.
#Lookup Users with
includeManager.Risk assessment:
If
passwordwas in the dump:#Custom Okta Check Password Reuse to see if the dumped password matches their current Okta password (via secure hash comparison if available).
If reuse detected → Critical.
Else → High.
If only email/phone exposed → Medium (phishing risk).
Execute response based on risk:
Critical / High (password compromised):
#Reset Password (Okta) with
sendEmail = true.#Reset User Factors (Custom) to force MFA re-enrollment.
#Custom Okta Force Password Change Next Login.
Medium (email/phone only):
#Send Direct Message with phishing-awareness reminder.
No forced reset, but heightened monitoring for 30 days.
#Send Direct Message to the user:
Explain the breach source and date (without leaking other affected services).
Confirm what was reset.
Recommend they:
Use 1Password to generate a unique password for the corporate account.
Check other accounts for password reuse via HIBP self-check link.
Enable phishing-resistant MFA (FIDO2 / passkey).
Include 1Password setup link if user isn't enrolled.
#Send Channel Message to
#security-credentialswith the response summary.schedule_action wake at 7 days to verify the user re-enrolled MFA and reset password.
On wake: if MFA not re-enrolled → #Send Direct Message reminder.
#Custom Vanta Log Credential Incident for compliance.
#Leave Internal Note capturing breach source, response actions, follow-up status.
Contract Intake & Routing
Playbooks
/
Contract Intake & Routing
Contract Intake & Routing
Created by
Console Team
Published
Legal
HubSpot
Ironclad
NetSuite
+1
Trigger
Requester reports an inbound contract.
Instructions
#Trigger Form to collect:
Contract attachment.
Counterparty name.
Contract type (vendor MSA / customer MSA / NDA / DPA / SOW / amendment / order form / other).
Associated deal (if customer-facing) or vendor (if vendor-facing).
Priority (standard / urgent / blocker).
Special considerations (regulated industry, sensitive data, unusual terms).
#Lookup Users on the requester.
Auto-parse the contract:
#Custom Parse Contract Metadata via OCR/AI to extract counterparty, type, term, value, key clauses.
Cross-check against form inputs; flag mismatches for confirmation.
Resolve associated context:
Customer-facing: #Hubspot Search Deals + #Get HubSpot Deal Details with Activity Timeline for ACV, stage, products.
Vendor-facing: custom NetSuite Lookup Vendor.
Create the Ironclad record:
#Custom Ironclad Create Workflow with:
Contract type → maps to workflow template.
Counterparty + deal context attached.
Document attached.
Priority flag.
Requester as initiator.
Route by matter type:
Customer MSA / DPA → commercial counsel.
Vendor MSA → procurement counsel.
NDA → paralegal queue.
Employment → employment counsel.
IP → IP counsel.
Regulatory → regulatory counsel.
Notify counsel:
#Lookup Users on assigned counsel.
#Send Direct Message with contract summary, Ironclad link, priority, deal context, requester.
Requester confirmation:
#Send Direct Message with workflow ID, assigned counsel, expected SLA.
#Send Channel Message to
#legal-intakefor tracking.#Leave Internal Note with workflow ID and assignment.
#Resolve Request (handoff to legal; ongoing tracking via Legal-4).
Contract Intake & Routing
Playbooks
/
Contract Intake & Routing
Contract Intake & Routing
Created by
Console Team
Published
Legal
HubSpot
Ironclad
NetSuite
+1
Trigger
Requester reports an inbound contract.
Instructions
#Trigger Form to collect:
Contract attachment.
Counterparty name.
Contract type (vendor MSA / customer MSA / NDA / DPA / SOW / amendment / order form / other).
Associated deal (if customer-facing) or vendor (if vendor-facing).
Priority (standard / urgent / blocker).
Special considerations (regulated industry, sensitive data, unusual terms).
#Lookup Users on the requester.
Auto-parse the contract:
#Custom Parse Contract Metadata via OCR/AI to extract counterparty, type, term, value, key clauses.
Cross-check against form inputs; flag mismatches for confirmation.
Resolve associated context:
Customer-facing: #Hubspot Search Deals + #Get HubSpot Deal Details with Activity Timeline for ACV, stage, products.
Vendor-facing: custom NetSuite Lookup Vendor.
Create the Ironclad record:
#Custom Ironclad Create Workflow with:
Contract type → maps to workflow template.
Counterparty + deal context attached.
Document attached.
Priority flag.
Requester as initiator.
Route by matter type:
Customer MSA / DPA → commercial counsel.
Vendor MSA → procurement counsel.
NDA → paralegal queue.
Employment → employment counsel.
IP → IP counsel.
Regulatory → regulatory counsel.
Notify counsel:
#Lookup Users on assigned counsel.
#Send Direct Message with contract summary, Ironclad link, priority, deal context, requester.
Requester confirmation:
#Send Direct Message with workflow ID, assigned counsel, expected SLA.
#Send Channel Message to
#legal-intakefor tracking.#Leave Internal Note with workflow ID and assignment.
#Resolve Request (handoff to legal; ongoing tracking via Legal-4).
Contract Intake & Routing
Playbooks
/
Contract Intake & Routing
Contract Intake & Routing
Created by
Console Team
Published
Legal
HubSpot
Ironclad
NetSuite
+1
Trigger
Requester reports an inbound contract.
Instructions
#Trigger Form to collect:
Contract attachment.
Counterparty name.
Contract type (vendor MSA / customer MSA / NDA / DPA / SOW / amendment / order form / other).
Associated deal (if customer-facing) or vendor (if vendor-facing).
Priority (standard / urgent / blocker).
Special considerations (regulated industry, sensitive data, unusual terms).
#Lookup Users on the requester.
Auto-parse the contract:
#Custom Parse Contract Metadata via OCR/AI to extract counterparty, type, term, value, key clauses.
Cross-check against form inputs; flag mismatches for confirmation.
Resolve associated context:
Customer-facing: #Hubspot Search Deals + #Get HubSpot Deal Details with Activity Timeline for ACV, stage, products.
Vendor-facing: custom NetSuite Lookup Vendor.
Create the Ironclad record:
#Custom Ironclad Create Workflow with:
Contract type → maps to workflow template.
Counterparty + deal context attached.
Document attached.
Priority flag.
Requester as initiator.
Route by matter type:
Customer MSA / DPA → commercial counsel.
Vendor MSA → procurement counsel.
NDA → paralegal queue.
Employment → employment counsel.
IP → IP counsel.
Regulatory → regulatory counsel.
Notify counsel:
#Lookup Users on assigned counsel.
#Send Direct Message with contract summary, Ironclad link, priority, deal context, requester.
Requester confirmation:
#Send Direct Message with workflow ID, assigned counsel, expected SLA.
#Send Channel Message to
#legal-intakefor tracking.#Leave Internal Note with workflow ID and assignment.
#Resolve Request (handoff to legal; ongoing tracking via Legal-4).
Contract Status Lookup
Playbooks
/
Contract Status Lookup
Contract Status Lookup
Created by
Console Team
Published
Legal
DocuSign
Ironclad
NetSuite
+1
Trigger
Requester asks contract/workflow status.
Instructions
Parse counterparty / workflow ID / doc type.
#Lookup Users on requester.
Permission check: deal owner, counsel, ops, or workflow participant.
Search in parallel:
Multiple matches → #Send Direct Message with disambiguation.
Pull detail:
Compile response: current stage, blocker, last activity, next action + owner, ETA, doc link.
#Send Direct Message with formatted response.
Offer follow-ups: nudge owner, escalate, get latest version.
Contract Status Lookup
Playbooks
/
Contract Status Lookup
Contract Status Lookup
Created by
Console Team
Published
Legal
DocuSign
Ironclad
NetSuite
+1
Trigger
Requester asks contract/workflow status.
Instructions
Parse counterparty / workflow ID / doc type.
#Lookup Users on requester.
Permission check: deal owner, counsel, ops, or workflow participant.
Search in parallel:
Multiple matches → #Send Direct Message with disambiguation.
Pull detail:
Compile response: current stage, blocker, last activity, next action + owner, ETA, doc link.
#Send Direct Message with formatted response.
Offer follow-ups: nudge owner, escalate, get latest version.
Contract Status Lookup
Playbooks
/
Contract Status Lookup
Contract Status Lookup
Created by
Console Team
Published
Legal
DocuSign
Ironclad
NetSuite
+1
Trigger
Requester asks contract/workflow status.
Instructions
Parse counterparty / workflow ID / doc type.
#Lookup Users on requester.
Permission check: deal owner, counsel, ops, or workflow participant.
Search in parallel:
Multiple matches → #Send Direct Message with disambiguation.
Pull detail:
Compile response: current stage, blocker, last activity, next action + owner, ETA, doc link.
#Send Direct Message with formatted response.
Offer follow-ups: nudge owner, escalate, get latest version.
Contractor Access Expiration
Playbooks
/
Contractor Access Expiration
Contractor Access Expiration
Created by
Console Team
Published
IT
Okta
Slack
Workday
+1
Trigger
Scheduled — every day at 8:00 AM America/Chicago
Instructions
Query the #custom Workday/HR ingest via #Search Graph for contractors with
endDatebetweentoday + 5 daysandtoday + 7 days.For each contractor, #Lookup Users on the engagement owner's email with
includeSlackId.#Send Direct Message to the engagement owner with a #Trigger Form containing options: "Extend"(collect new end-date), "Expire on schedule", "Expire immediately".
Use schedule_action to wake 5 days later to check the form response.
On wake, branch on the response:
Extend → #custom Workday Update Contractor End Date with the new date, then #Send Direct Message confirming.
Expire on schedule or no response → schedule_action wake on the contractor's
endDateto execute revocation.Expire immediately → execute revocation now.
Revocation sequence:
#Search Okta User by Email to resolve the contractor's Okta ID.
#Remove from Group (Okta) for every contractor-restricted group from the user's group list.
#Remove User from Org (GitHub) to remove outside-collab status.
#Custom Figma Revoke Member and Notion Revoke Guest actions.
For each Slack guest channel: #Remove User From Channel.
#Create Linear Issue in the IT-Audit project documenting the revocation.
#Send Channel Message to
#it-auditwith the contractor name, owner, expiry type, and revoked entitlements.
Contractor Access Expiration
Playbooks
/
Contractor Access Expiration
Contractor Access Expiration
Created by
Console Team
Published
IT
Okta
Slack
Workday
+1
Trigger
Scheduled — every day at 8:00 AM America/Chicago
Instructions
Query the #custom Workday/HR ingest via #Search Graph for contractors with
endDatebetweentoday + 5 daysandtoday + 7 days.For each contractor, #Lookup Users on the engagement owner's email with
includeSlackId.#Send Direct Message to the engagement owner with a #Trigger Form containing options: "Extend"(collect new end-date), "Expire on schedule", "Expire immediately".
Use schedule_action to wake 5 days later to check the form response.
On wake, branch on the response:
Extend → #custom Workday Update Contractor End Date with the new date, then #Send Direct Message confirming.
Expire on schedule or no response → schedule_action wake on the contractor's
endDateto execute revocation.Expire immediately → execute revocation now.
Revocation sequence:
#Search Okta User by Email to resolve the contractor's Okta ID.
#Remove from Group (Okta) for every contractor-restricted group from the user's group list.
#Remove User from Org (GitHub) to remove outside-collab status.
#Custom Figma Revoke Member and Notion Revoke Guest actions.
For each Slack guest channel: #Remove User From Channel.
#Create Linear Issue in the IT-Audit project documenting the revocation.
#Send Channel Message to
#it-auditwith the contractor name, owner, expiry type, and revoked entitlements.
Contractor Access Expiration
Playbooks
/
Contractor Access Expiration
Contractor Access Expiration
Created by
Console Team
Published
IT
Okta
Slack
Workday
+1
Trigger
Scheduled — every day at 8:00 AM America/Chicago
Instructions
Query the #custom Workday/HR ingest via #Search Graph for contractors with
endDatebetweentoday + 5 daysandtoday + 7 days.For each contractor, #Lookup Users on the engagement owner's email with
includeSlackId.#Send Direct Message to the engagement owner with a #Trigger Form containing options: "Extend"(collect new end-date), "Expire on schedule", "Expire immediately".
Use schedule_action to wake 5 days later to check the form response.
On wake, branch on the response:
Extend → #custom Workday Update Contractor End Date with the new date, then #Send Direct Message confirming.
Expire on schedule or no response → schedule_action wake on the contractor's
endDateto execute revocation.Expire immediately → execute revocation now.
Revocation sequence:
#Search Okta User by Email to resolve the contractor's Okta ID.
#Remove from Group (Okta) for every contractor-restricted group from the user's group list.
#Remove User from Org (GitHub) to remove outside-collab status.
#Custom Figma Revoke Member and Notion Revoke Guest actions.
For each Slack guest channel: #Remove User From Channel.
#Create Linear Issue in the IT-Audit project documenting the revocation.
#Send Channel Message to
#it-auditwith the contractor name, owner, expiry type, and revoked entitlements.
Corporate Actions
Playbooks
/
Corporate Actions
Corporate Actions
Created by
Console Team
Published
Legal
Vanta
DocuSign
+1
Trigger
Requester needs board consent.
Instructions
#Trigger Form to collect:
Resolution type (equity / subsidiary / officer / banking / debt / strategic / other).
Subject matter description.
Requested action.
Effective date.
Supporting documentation.
Urgency.
#Lookup Users on requester.
Permission check: only authorized officers can initiate.
Pull corporate context:
#Custom Carta Get Corporate Record for board composition.
#Custom Get Bylaws for resolution requirements (board majority / unanimous / committee).
Generate resolution doc:
#Custom Generate Board Consent From Template with subject + requested action + supporting context + recital language.
Internal review:
For material resolutions (equity pool, subsidiary, debt): also CFO.
Send to board for signature:
#Custom DocuSign Send to Board Members for unanimous written consent.
Capture envelope IDs.
Track signature:
schedule_action wakes at 3 / 7 / 14 days.
Day 3: gentle reminders to non-signers.
Day 7: GC + chairperson outreach.
Day 14: escalate.
On full signature:
Downstream actions:
Equity pool increase → custom Update Carta Plan.
New subsidiary → trigger entity formation playbook.
Officer changes → custom Update Officer Records in state filings.
Notify:
#Send Direct Message to requester with execution confirmation.
#Send Channel Message to
#legal-corp.
Corporate Actions
Playbooks
/
Corporate Actions
Corporate Actions
Created by
Console Team
Published
Legal
Vanta
DocuSign
+1
Trigger
Requester needs board consent.
Instructions
#Trigger Form to collect:
Resolution type (equity / subsidiary / officer / banking / debt / strategic / other).
Subject matter description.
Requested action.
Effective date.
Supporting documentation.
Urgency.
#Lookup Users on requester.
Permission check: only authorized officers can initiate.
Pull corporate context:
#Custom Carta Get Corporate Record for board composition.
#Custom Get Bylaws for resolution requirements (board majority / unanimous / committee).
Generate resolution doc:
#Custom Generate Board Consent From Template with subject + requested action + supporting context + recital language.
Internal review:
For material resolutions (equity pool, subsidiary, debt): also CFO.
Send to board for signature:
#Custom DocuSign Send to Board Members for unanimous written consent.
Capture envelope IDs.
Track signature:
schedule_action wakes at 3 / 7 / 14 days.
Day 3: gentle reminders to non-signers.
Day 7: GC + chairperson outreach.
Day 14: escalate.
On full signature:
Downstream actions:
Equity pool increase → custom Update Carta Plan.
New subsidiary → trigger entity formation playbook.
Officer changes → custom Update Officer Records in state filings.
Notify:
#Send Direct Message to requester with execution confirmation.
#Send Channel Message to
#legal-corp.
Corporate Actions
Playbooks
/
Corporate Actions
Corporate Actions
Created by
Console Team
Published
Legal
Vanta
DocuSign
+1
Trigger
Requester needs board consent.
Instructions
#Trigger Form to collect:
Resolution type (equity / subsidiary / officer / banking / debt / strategic / other).
Subject matter description.
Requested action.
Effective date.
Supporting documentation.
Urgency.
#Lookup Users on requester.
Permission check: only authorized officers can initiate.
Pull corporate context:
#Custom Carta Get Corporate Record for board composition.
#Custom Get Bylaws for resolution requirements (board majority / unanimous / committee).
Generate resolution doc:
#Custom Generate Board Consent From Template with subject + requested action + supporting context + recital language.
Internal review:
For material resolutions (equity pool, subsidiary, debt): also CFO.
Send to board for signature:
#Custom DocuSign Send to Board Members for unanimous written consent.
Capture envelope IDs.
Track signature:
schedule_action wakes at 3 / 7 / 14 days.
Day 3: gentle reminders to non-signers.
Day 7: GC + chairperson outreach.
Day 14: escalate.
On full signature:
Downstream actions:
Equity pool increase → custom Update Carta Plan.
New subsidiary → trigger entity formation playbook.
Officer changes → custom Update Officer Records in state filings.
Notify:
#Send Direct Message to requester with execution confirmation.
#Send Channel Message to
#legal-corp.
Corporate Card Issuance
Playbooks
/
Corporate Card Issuance
Corporate Card Issuance
Created by
Console Team
Published
Finance
Workday
Brex
NetSuite
+1
Trigger
Requester asks for a Ramp/Brex card.
Instructions
#Trigger Form to collect: card type (physical / virtual / vendor-specific), cardholder type (employee / contractor / vendor / event), cardholder name + email, shipping address, spend limit, allowed categories, justification, effective date + expiry.
#Lookup Users on requester with
includeManager,includeGroups.#Lookup Users on cardholder (if different).
Validate against policy:
#Custom Get Card Issuance Policy for cardholder type → max limit, max categories, required approvals.
#Custom Workday Get Cost Center for budget assignment.
Approval per tier:
<$2k/mo → manager.
$2k–$10k/mo → manager + finance ops.
>$10k/mo OR vendor card → manager + finance ops + controller.
#Request Approval chained.
On approval:
Employee/contractor → #Invite Ramp User (if needed) + custom Ramp Create Card with limit + categories + cost center.
Vendor card → custom Ramp Create Vendor Card with restricted MCC codes.
Physical → custom Ramp Ship Physical Card.
Virtual → returns card to cardholder via secure delivery.
For temporary lifts: schedule_action wake at expiry to custom Ramp Update Card Limit back to baseline.
#Send Direct Message to cardholder with details, policy reminders, expense instructions, expiry.
#Send Direct Message to requester confirming.
#Send Channel Message to
#finance-card-log.
Corporate Card Issuance
Playbooks
/
Corporate Card Issuance
Corporate Card Issuance
Created by
Console Team
Published
Finance
Workday
Brex
NetSuite
+1
Trigger
Requester asks for a Ramp/Brex card.
Instructions
#Trigger Form to collect: card type (physical / virtual / vendor-specific), cardholder type (employee / contractor / vendor / event), cardholder name + email, shipping address, spend limit, allowed categories, justification, effective date + expiry.
#Lookup Users on requester with
includeManager,includeGroups.#Lookup Users on cardholder (if different).
Validate against policy:
#Custom Get Card Issuance Policy for cardholder type → max limit, max categories, required approvals.
#Custom Workday Get Cost Center for budget assignment.
Approval per tier:
<$2k/mo → manager.
$2k–$10k/mo → manager + finance ops.
>$10k/mo OR vendor card → manager + finance ops + controller.
#Request Approval chained.
On approval:
Employee/contractor → #Invite Ramp User (if needed) + custom Ramp Create Card with limit + categories + cost center.
Vendor card → custom Ramp Create Vendor Card with restricted MCC codes.
Physical → custom Ramp Ship Physical Card.
Virtual → returns card to cardholder via secure delivery.
For temporary lifts: schedule_action wake at expiry to custom Ramp Update Card Limit back to baseline.
#Send Direct Message to cardholder with details, policy reminders, expense instructions, expiry.
#Send Direct Message to requester confirming.
#Send Channel Message to
#finance-card-log.
Corporate Card Issuance
Playbooks
/
Corporate Card Issuance
Corporate Card Issuance
Created by
Console Team
Published
Finance
Workday
Brex
NetSuite
+1
Trigger
Requester asks for a Ramp/Brex card.
Instructions
#Trigger Form to collect: card type (physical / virtual / vendor-specific), cardholder type (employee / contractor / vendor / event), cardholder name + email, shipping address, spend limit, allowed categories, justification, effective date + expiry.
#Lookup Users on requester with
includeManager,includeGroups.#Lookup Users on cardholder (if different).
Validate against policy:
#Custom Get Card Issuance Policy for cardholder type → max limit, max categories, required approvals.
#Custom Workday Get Cost Center for budget assignment.
Approval per tier:
<$2k/mo → manager.
$2k–$10k/mo → manager + finance ops.
>$10k/mo OR vendor card → manager + finance ops + controller.
#Request Approval chained.
On approval:
Employee/contractor → #Invite Ramp User (if needed) + custom Ramp Create Card with limit + categories + cost center.
Vendor card → custom Ramp Create Vendor Card with restricted MCC codes.
Physical → custom Ramp Ship Physical Card.
Virtual → returns card to cardholder via secure delivery.
For temporary lifts: schedule_action wake at expiry to custom Ramp Update Card Limit back to baseline.
#Send Direct Message to cardholder with details, policy reminders, expense instructions, expiry.
#Send Direct Message to requester confirming.
#Send Channel Message to
#finance-card-log.
Counterparty Redline Tracking
Playbooks
/
Counterparty Redline Tracking
Counterparty Redline Tracking
Created by
Console Team
Published
Legal
HubSpot
Ironclad
+1
Trigger
Webhook — Ironclad redline document uploaded OR email parsed Variables: $workflow.id, $document.id, $document.uploadedBy, $round.number
Instructions
#Lookup Users on workflow's assigned counsel.
Pull versions:
Compute diff:
#Custom Generate Redline Diff for clause-by-clause comparison.
Highlight: added / removed / modified clauses, key terms changed.
Tag clauses:
#Custom Categorize Clause Changes by type (indemnification, liability cap, termination, IP, etc.).
Flag against fallback positions via custom Compare to Playbook Position.
Severity:
Low: cosmetic.
Medium: within fallback positions.
High: outside fallback or affecting key commercial terms.
Update workflow:
#Custom Ironclad Update Round Number to
$round.number + 1.
Notify counsel:
#Send Direct Message with workflow link, diff summary, severity, suggested responses, round context.
High-severity:
#Send Channel Message to
#legal-redlines.#Send Direct Message to legal lead for backup review.
AE update for customer-facing:
#Send Direct Message: "New redlines from {{customer}}. Now reviewing — typical turnaround {{X}} days."
#Create HubSpot Note on Deal for customer-facing with round number and key changes.
Counterparty Redline Tracking
Playbooks
/
Counterparty Redline Tracking
Counterparty Redline Tracking
Created by
Console Team
Published
Legal
HubSpot
Ironclad
+1
Trigger
Webhook — Ironclad redline document uploaded OR email parsed Variables: $workflow.id, $document.id, $document.uploadedBy, $round.number
Instructions
#Lookup Users on workflow's assigned counsel.
Pull versions:
Compute diff:
#Custom Generate Redline Diff for clause-by-clause comparison.
Highlight: added / removed / modified clauses, key terms changed.
Tag clauses:
#Custom Categorize Clause Changes by type (indemnification, liability cap, termination, IP, etc.).
Flag against fallback positions via custom Compare to Playbook Position.
Severity:
Low: cosmetic.
Medium: within fallback positions.
High: outside fallback or affecting key commercial terms.
Update workflow:
#Custom Ironclad Update Round Number to
$round.number + 1.
Notify counsel:
#Send Direct Message with workflow link, diff summary, severity, suggested responses, round context.
High-severity:
#Send Channel Message to
#legal-redlines.#Send Direct Message to legal lead for backup review.
AE update for customer-facing:
#Send Direct Message: "New redlines from {{customer}}. Now reviewing — typical turnaround {{X}} days."
#Create HubSpot Note on Deal for customer-facing with round number and key changes.
Counterparty Redline Tracking
Playbooks
/
Counterparty Redline Tracking
Counterparty Redline Tracking
Created by
Console Team
Published
Legal
HubSpot
Ironclad
+1
Trigger
Webhook — Ironclad redline document uploaded OR email parsed Variables: $workflow.id, $document.id, $document.uploadedBy, $round.number
Instructions
#Lookup Users on workflow's assigned counsel.
Pull versions:
Compute diff:
#Custom Generate Redline Diff for clause-by-clause comparison.
Highlight: added / removed / modified clauses, key terms changed.
Tag clauses:
#Custom Categorize Clause Changes by type (indemnification, liability cap, termination, IP, etc.).
Flag against fallback positions via custom Compare to Playbook Position.
Severity:
Low: cosmetic.
Medium: within fallback positions.
High: outside fallback or affecting key commercial terms.
Update workflow:
#Custom Ironclad Update Round Number to
$round.number + 1.
Notify counsel:
#Send Direct Message with workflow link, diff summary, severity, suggested responses, round context.
High-severity:
#Send Channel Message to
#legal-redlines.#Send Direct Message to legal lead for backup review.
AE update for customer-facing:
#Send Direct Message: "New redlines from {{customer}}. Now reviewing — typical turnaround {{X}} days."
#Create HubSpot Note on Deal for customer-facing with round number and key changes.
CRM Data Hygiene & Updates
Playbooks
/
CRM Data Hygiene & Updates
CRM Data Hygiene & Updates
Created by
Console Team
Published
RevOps
HubSpot
Salesforce
+5
Trigger
Requester asks to update a CRM record ("change opp owner to Jeff", "update close date to next Friday", "mark closed-lost to competitor as Serval").
Instructions
Parse the request:
Target object (deal / opportunity / contact / company / lead).
Target identifier (deal name, ID, account name).
Field to update.
New value.
#Lookup Users on the requester with
includeGroups.Permission check:
#Custom Check CRM Permission for the requester on the target object and field.
Rep can update their own records.
Manager can update reports' records.
Ops can update any.
If permission denied → #Request Approval from the record owner.
Locate the record:
#Hubspot Search Deals (or #Search HubSpot Contacts, #Search HubSpot Companies) by name + owner.
If multiple matches, #Send Direct Message with a disambiguation list via #Trigger Form.
#Get HubSpot Deal Details with Activity Timeline (or contact/company equivalent) to confirm current state.
Validate the new value:
For owner changes: #Lookup Users to confirm the new owner exists.
For close dates: must be future or current quarter unless requester is ops.
For stage changes: must follow stage progression (route through Rev-15 if backward jump).
For status changes: require
closedLostReasonif moving to closed-lost.
Confirm with the requester via #Send Direct Message showing the diff: "Will change {{field}} from {{old}} to {{new}}. Confirm?"
On confirm: #Update HubSpot Deal Properties (or custom Salesforce update action) with the new value.
Log the change:
#Create HubSpot Note on Deal capturing who/what/when/why.
#Send Channel Message to
#revops-auditfor high-impact changes (owner change, close-lost, stage skip).
#Send Direct Message to the requester confirming, including the deal link.
If the owner changed: #Send Direct Message to the new owner with the handoff.
#Leave Internal Note capturing the change and approval trail.
CRM Data Hygiene & Updates
Playbooks
/
CRM Data Hygiene & Updates
CRM Data Hygiene & Updates
Created by
Console Team
Published
RevOps
HubSpot
Salesforce
+5
Trigger
Requester asks to update a CRM record ("change opp owner to Jeff", "update close date to next Friday", "mark closed-lost to competitor as Serval").
Instructions
Parse the request:
Target object (deal / opportunity / contact / company / lead).
Target identifier (deal name, ID, account name).
Field to update.
New value.
#Lookup Users on the requester with
includeGroups.Permission check:
#Custom Check CRM Permission for the requester on the target object and field.
Rep can update their own records.
Manager can update reports' records.
Ops can update any.
If permission denied → #Request Approval from the record owner.
Locate the record:
#Hubspot Search Deals (or #Search HubSpot Contacts, #Search HubSpot Companies) by name + owner.
If multiple matches, #Send Direct Message with a disambiguation list via #Trigger Form.
#Get HubSpot Deal Details with Activity Timeline (or contact/company equivalent) to confirm current state.
Validate the new value:
For owner changes: #Lookup Users to confirm the new owner exists.
For close dates: must be future or current quarter unless requester is ops.
For stage changes: must follow stage progression (route through Rev-15 if backward jump).
For status changes: require
closedLostReasonif moving to closed-lost.
Confirm with the requester via #Send Direct Message showing the diff: "Will change {{field}} from {{old}} to {{new}}. Confirm?"
On confirm: #Update HubSpot Deal Properties (or custom Salesforce update action) with the new value.
Log the change:
#Create HubSpot Note on Deal capturing who/what/when/why.
#Send Channel Message to
#revops-auditfor high-impact changes (owner change, close-lost, stage skip).
#Send Direct Message to the requester confirming, including the deal link.
If the owner changed: #Send Direct Message to the new owner with the handoff.
#Leave Internal Note capturing the change and approval trail.
CRM Data Hygiene & Updates
Playbooks
/
CRM Data Hygiene & Updates
CRM Data Hygiene & Updates
Created by
Console Team
Published
RevOps
HubSpot
Salesforce
+5
Trigger
Requester asks to update a CRM record ("change opp owner to Jeff", "update close date to next Friday", "mark closed-lost to competitor as Serval").
Instructions
Parse the request:
Target object (deal / opportunity / contact / company / lead).
Target identifier (deal name, ID, account name).
Field to update.
New value.
#Lookup Users on the requester with
includeGroups.Permission check:
#Custom Check CRM Permission for the requester on the target object and field.
Rep can update their own records.
Manager can update reports' records.
Ops can update any.
If permission denied → #Request Approval from the record owner.
Locate the record:
#Hubspot Search Deals (or #Search HubSpot Contacts, #Search HubSpot Companies) by name + owner.
If multiple matches, #Send Direct Message with a disambiguation list via #Trigger Form.
#Get HubSpot Deal Details with Activity Timeline (or contact/company equivalent) to confirm current state.
Validate the new value:
For owner changes: #Lookup Users to confirm the new owner exists.
For close dates: must be future or current quarter unless requester is ops.
For stage changes: must follow stage progression (route through Rev-15 if backward jump).
For status changes: require
closedLostReasonif moving to closed-lost.
Confirm with the requester via #Send Direct Message showing the diff: "Will change {{field}} from {{old}} to {{new}}. Confirm?"
On confirm: #Update HubSpot Deal Properties (or custom Salesforce update action) with the new value.
Log the change:
#Create HubSpot Note on Deal capturing who/what/when/why.
#Send Channel Message to
#revops-auditfor high-impact changes (owner change, close-lost, stage skip).
#Send Direct Message to the requester confirming, including the deal link.
If the owner changed: #Send Direct Message to the new owner with the handoff.
#Leave Internal Note capturing the change and approval trail.
Custom Pricing & CPQ Exception
Playbooks
/
Custom Pricing & CPQ Exception
Custom Pricing & CPQ Exception
Created by
Console Team
Published
RevOps
HubSpot
Salesforce
DocuSign
+5
Trigger
AE needs non-standard pricing, bundles, or SKUs.
Instructions
#Trigger Form to collect:
Deal name/ID.
Type of exception (non-standard SKU / custom bundle / non-list pricing / multi-year discount / payment terms).
Proposed pricing details.
Business justification.
Quote ID (if exists).
#Hubspot Search Deals to locate.
#Get HubSpot Deal Details with Activity Timeline for deal context.
Pull current quote/CPQ state:
#Custom Salesforce CPQ Get Quote with the quote ID.
Or for HubSpot: custom HubSpot Get Quote.
Validate the proposal:
#Custom Calculate Margin Impact for the proposed pricing.
Approval chain:
#Request Approval from pricing committee (custom Get Pricing Committee Members).
#Request Approval from CFO if margin <X% (custom threshold).
On approval:
For Salesforce CPQ: custom Salesforce CPQ Update Quote Lines with the approved pricing.
For custom SKU: custom Salesforce CPQ Create Product Override.
Custom Salesforce CPQ Regenerate Quote to produce a new PDF with the approved pricing.
#Update HubSpot Deal Properties with
customPricingApproved = true.
Notify and deliver:
#Send Direct Message to AE with the new quote PDF and approval summary.
#Custom DocuSign Send for Signature to the customer signer if AE is ready.
#Create HubSpot Note on Deal with the full pricing exception trail.
#Send Channel Message to
#cpq-exceptionsfor tracking.#Leave Internal Note with approval chain.
Custom Pricing & CPQ Exception
Playbooks
/
Custom Pricing & CPQ Exception
Custom Pricing & CPQ Exception
Created by
Console Team
Published
RevOps
HubSpot
Salesforce
DocuSign
+5
Trigger
AE needs non-standard pricing, bundles, or SKUs.
Instructions
#Trigger Form to collect:
Deal name/ID.
Type of exception (non-standard SKU / custom bundle / non-list pricing / multi-year discount / payment terms).
Proposed pricing details.
Business justification.
Quote ID (if exists).
#Hubspot Search Deals to locate.
#Get HubSpot Deal Details with Activity Timeline for deal context.
Pull current quote/CPQ state:
#Custom Salesforce CPQ Get Quote with the quote ID.
Or for HubSpot: custom HubSpot Get Quote.
Validate the proposal:
#Custom Calculate Margin Impact for the proposed pricing.
Approval chain:
#Request Approval from pricing committee (custom Get Pricing Committee Members).
#Request Approval from CFO if margin <X% (custom threshold).
On approval:
For Salesforce CPQ: custom Salesforce CPQ Update Quote Lines with the approved pricing.
For custom SKU: custom Salesforce CPQ Create Product Override.
Custom Salesforce CPQ Regenerate Quote to produce a new PDF with the approved pricing.
#Update HubSpot Deal Properties with
customPricingApproved = true.
Notify and deliver:
#Send Direct Message to AE with the new quote PDF and approval summary.
#Custom DocuSign Send for Signature to the customer signer if AE is ready.
#Create HubSpot Note on Deal with the full pricing exception trail.
#Send Channel Message to
#cpq-exceptionsfor tracking.#Leave Internal Note with approval chain.
Custom Pricing & CPQ Exception
Playbooks
/
Custom Pricing & CPQ Exception
Custom Pricing & CPQ Exception
Created by
Console Team
Published
RevOps
HubSpot
Salesforce
DocuSign
+5
Trigger
AE needs non-standard pricing, bundles, or SKUs.
Instructions
#Trigger Form to collect:
Deal name/ID.
Type of exception (non-standard SKU / custom bundle / non-list pricing / multi-year discount / payment terms).
Proposed pricing details.
Business justification.
Quote ID (if exists).
#Hubspot Search Deals to locate.
#Get HubSpot Deal Details with Activity Timeline for deal context.
Pull current quote/CPQ state:
#Custom Salesforce CPQ Get Quote with the quote ID.
Or for HubSpot: custom HubSpot Get Quote.
Validate the proposal:
#Custom Calculate Margin Impact for the proposed pricing.
Approval chain:
#Request Approval from pricing committee (custom Get Pricing Committee Members).
#Request Approval from CFO if margin <X% (custom threshold).
On approval:
For Salesforce CPQ: custom Salesforce CPQ Update Quote Lines with the approved pricing.
For custom SKU: custom Salesforce CPQ Create Product Override.
Custom Salesforce CPQ Regenerate Quote to produce a new PDF with the approved pricing.
#Update HubSpot Deal Properties with
customPricingApproved = true.
Notify and deliver:
#Send Direct Message to AE with the new quote PDF and approval summary.
#Custom DocuSign Send for Signature to the customer signer if AE is ready.
#Create HubSpot Note on Deal with the full pricing exception trail.
#Send Channel Message to
#cpq-exceptionsfor tracking.#Leave Internal Note with approval chain.
Customer Invoice & Subscription Change
Playbooks
/
Customer Invoice & Subscription Change
Customer Invoice & Subscription Change
Created by
Console Team
Published
Finance
HubSpot
NetSuite
Stripe App
+1
Trigger
Requester (AE/CSM/ops) requests a subscription change.
Instructions
#Trigger Form for customer, change type, effective date, quantity/product/pricing, pro-rate handling, reason.
#Lookup Users with
includeGroups.#Search HubSpot Companies to locate customer.
#Get HubSpot Company Details with Activity Timeline.
Pull subscription:
#Custom Stripe Get Subscription or custom NetSuite Get Subscription.
Validate:
#Custom Get Contract Terms for mid-term allowance.
Check auto-renewal / minimum commitments / opt-out windows.
Approval:
Upgrades/additions → auto if AE has authority.
Downgrades/removals → manager + finance.
On approval:
#Custom Stripe Update Subscription with line items + proration.
#Custom Stripe Generate Updated Invoice (or NetSuite Generate Invoice).
For non-prorated: custom Stripe Schedule Subscription Change.
Send invoice:
Notify:
DM CSM and AE (quota/comp impact).
#Send Channel Message to
#billing-changes.
Update CRM:
#Update HubSpot Deal Properties for associated expansion deal.
#Create HubSpot Note on Company.
For new products: custom Provision Product Access.
schedule_action wake at next billing date to confirm change.
Customer Invoice & Subscription Change
Playbooks
/
Customer Invoice & Subscription Change
Customer Invoice & Subscription Change
Created by
Console Team
Published
Finance
HubSpot
NetSuite
Stripe App
+1
Trigger
Requester (AE/CSM/ops) requests a subscription change.
Instructions
#Trigger Form for customer, change type, effective date, quantity/product/pricing, pro-rate handling, reason.
#Lookup Users with
includeGroups.#Search HubSpot Companies to locate customer.
#Get HubSpot Company Details with Activity Timeline.
Pull subscription:
#Custom Stripe Get Subscription or custom NetSuite Get Subscription.
Validate:
#Custom Get Contract Terms for mid-term allowance.
Check auto-renewal / minimum commitments / opt-out windows.
Approval:
Upgrades/additions → auto if AE has authority.
Downgrades/removals → manager + finance.
On approval:
#Custom Stripe Update Subscription with line items + proration.
#Custom Stripe Generate Updated Invoice (or NetSuite Generate Invoice).
For non-prorated: custom Stripe Schedule Subscription Change.
Send invoice:
Notify:
DM CSM and AE (quota/comp impact).
#Send Channel Message to
#billing-changes.
Update CRM:
#Update HubSpot Deal Properties for associated expansion deal.
#Create HubSpot Note on Company.
For new products: custom Provision Product Access.
schedule_action wake at next billing date to confirm change.
Customer Invoice & Subscription Change
Playbooks
/
Customer Invoice & Subscription Change
Customer Invoice & Subscription Change
Created by
Console Team
Published
Finance
HubSpot
NetSuite
Stripe App
+1
Trigger
Requester (AE/CSM/ops) requests a subscription change.
Instructions
#Trigger Form for customer, change type, effective date, quantity/product/pricing, pro-rate handling, reason.
#Lookup Users with
includeGroups.#Search HubSpot Companies to locate customer.
#Get HubSpot Company Details with Activity Timeline.
Pull subscription:
#Custom Stripe Get Subscription or custom NetSuite Get Subscription.
Validate:
#Custom Get Contract Terms for mid-term allowance.
Check auto-renewal / minimum commitments / opt-out windows.
Approval:
Upgrades/additions → auto if AE has authority.
Downgrades/removals → manager + finance.
On approval:
#Custom Stripe Update Subscription with line items + proration.
#Custom Stripe Generate Updated Invoice (or NetSuite Generate Invoice).
For non-prorated: custom Stripe Schedule Subscription Change.
Send invoice:
Notify:
DM CSM and AE (quota/comp impact).
#Send Channel Message to
#billing-changes.
Update CRM:
#Update HubSpot Deal Properties for associated expansion deal.
#Create HubSpot Note on Company.
For new products: custom Provision Product Access.
schedule_action wake at next billing date to confirm change.
Customer Security Questionnaire Support
Playbooks
/
Customer Security Questionnaire Support
Customer Security Questionnaire Support
Created by
Console Team
Published
Legal
Vanta
HubSpot
DocuSign
+5
Trigger
AE receives a customer SIG/CAIQ.
Instructions
#Trigger Form to collect:
Customer name.
Format (SIG Full / SIG Lite / CAIQ / custom).
Questionnaire upload.
Deal context.
Deadline.
Special considerations.
#Lookup Users on AE.
#Hubspot Search Deals + #Get HubSpot Deal Details with Activity Timeline for context.
Parse questionnaire:
#Custom Parse Security Questionnaire to extract questions structured.
Categorize by topic.
Auto-fill from library:
For each question: match by similarity scoring.
85% match → auto-fill.
60-85% → surface as "suggested" for human review.
<60% → flag as net-new.
Pull from KB + docs:
Aim for 80%+ auto-fill.
Route net-new:
#Send Direct Message to right SME:
Security → security on-call.
Privacy → privacy counsel.
Compliance → compliance lead.
Architecture → engineering lead.
schedule_action wakes at SME response SLAs.
Aggregate:
AE review and delivery:
#Send Direct Message to AE with completed questionnaire.
#Custom Generate Final Questionnaire PDF on approval.
#Custom DocuSign Send to Customer or attach to deal in Ironclad.
Update library:
#Custom Vanta Add to Answer Library for net-new approved answers.
#Send Channel Message to
#legal-customer-sec.
Customer Security Questionnaire Support
Playbooks
/
Customer Security Questionnaire Support
Customer Security Questionnaire Support
Created by
Console Team
Published
Legal
Vanta
HubSpot
DocuSign
+5
Trigger
AE receives a customer SIG/CAIQ.
Instructions
#Trigger Form to collect:
Customer name.
Format (SIG Full / SIG Lite / CAIQ / custom).
Questionnaire upload.
Deal context.
Deadline.
Special considerations.
#Lookup Users on AE.
#Hubspot Search Deals + #Get HubSpot Deal Details with Activity Timeline for context.
Parse questionnaire:
#Custom Parse Security Questionnaire to extract questions structured.
Categorize by topic.
Auto-fill from library:
For each question: match by similarity scoring.
85% match → auto-fill.
60-85% → surface as "suggested" for human review.
<60% → flag as net-new.
Pull from KB + docs:
Aim for 80%+ auto-fill.
Route net-new:
#Send Direct Message to right SME:
Security → security on-call.
Privacy → privacy counsel.
Compliance → compliance lead.
Architecture → engineering lead.
schedule_action wakes at SME response SLAs.
Aggregate:
AE review and delivery:
#Send Direct Message to AE with completed questionnaire.
#Custom Generate Final Questionnaire PDF on approval.
#Custom DocuSign Send to Customer or attach to deal in Ironclad.
Update library:
#Custom Vanta Add to Answer Library for net-new approved answers.
#Send Channel Message to
#legal-customer-sec.
Customer Security Questionnaire Support
Playbooks
/
Customer Security Questionnaire Support
Customer Security Questionnaire Support
Created by
Console Team
Published
Legal
Vanta
HubSpot
DocuSign
+5
Trigger
AE receives a customer SIG/CAIQ.
Instructions
#Trigger Form to collect:
Customer name.
Format (SIG Full / SIG Lite / CAIQ / custom).
Questionnaire upload.
Deal context.
Deadline.
Special considerations.
#Lookup Users on AE.
#Hubspot Search Deals + #Get HubSpot Deal Details with Activity Timeline for context.
Parse questionnaire:
#Custom Parse Security Questionnaire to extract questions structured.
Categorize by topic.
Auto-fill from library:
For each question: match by similarity scoring.
85% match → auto-fill.
60-85% → surface as "suggested" for human review.
<60% → flag as net-new.
Pull from KB + docs:
Aim for 80%+ auto-fill.
Route net-new:
#Send Direct Message to right SME:
Security → security on-call.
Privacy → privacy counsel.
Compliance → compliance lead.
Architecture → engineering lead.
schedule_action wakes at SME response SLAs.
Aggregate:
AE review and delivery:
#Send Direct Message to AE with completed questionnaire.
#Custom Generate Final Questionnaire PDF on approval.
#Custom DocuSign Send to Customer or attach to deal in Ironclad.
Update library:
#Custom Vanta Add to Answer Library for net-new approved answers.
#Send Channel Message to
#legal-customer-sec.
Data Subject Request Routing
Playbooks
/
Data Subject Request Routing
Data Subject Request Routing
Created by
Console Team
Published
Legal
Vanta
Trigger
Requester reports a DSR.
Instructions
#Trigger Form to collect:
Requester relationship (customer / employee / prospect / contractor).
Subject email / identifier.
Request type (access / portability / deletion / rectification / opt-out).
Regulatory basis (GDPR / CCPA / LGPD / other).
Verification documents.
Submitted-to-us date (starts SLA clock).
#Lookup Users on internal requester.
Verify requester identity:
#Custom Verify DSR Requester Identity per regulation.
Customer → custom Send Auth Email + verify response.
Employee → confirm internal identity.
Attorney/rep → require power of attorney.
#Request Approval from DPO for high-impact (deletion of active customer/employee).
Trigger execution:
#Custom Trigger Sec-22 DSR Execution for data inventory + execution.
Track SLA:
GDPR: 30 days (extendable to 60).
CCPA: 45 days.
schedule_action wakes at 50% / 75% / 90% of SLA.
Status updates:
#Send Direct Message to internal requester weekly.
Completion:
On Sec-22 completion → #Send Email to data subject with response.
Custom Vanta Log DSR.
#Send Channel Message to
#privacy-ops.#Resolve Request on completion within SLA.
Data Subject Request Routing
Playbooks
/
Data Subject Request Routing
Data Subject Request Routing
Created by
Console Team
Published
Legal
Vanta
Trigger
Requester reports a DSR.
Instructions
#Trigger Form to collect:
Requester relationship (customer / employee / prospect / contractor).
Subject email / identifier.
Request type (access / portability / deletion / rectification / opt-out).
Regulatory basis (GDPR / CCPA / LGPD / other).
Verification documents.
Submitted-to-us date (starts SLA clock).
#Lookup Users on internal requester.
Verify requester identity:
#Custom Verify DSR Requester Identity per regulation.
Customer → custom Send Auth Email + verify response.
Employee → confirm internal identity.
Attorney/rep → require power of attorney.
#Request Approval from DPO for high-impact (deletion of active customer/employee).
Trigger execution:
#Custom Trigger Sec-22 DSR Execution for data inventory + execution.
Track SLA:
GDPR: 30 days (extendable to 60).
CCPA: 45 days.
schedule_action wakes at 50% / 75% / 90% of SLA.
Status updates:
#Send Direct Message to internal requester weekly.
Completion:
On Sec-22 completion → #Send Email to data subject with response.
Custom Vanta Log DSR.
#Send Channel Message to
#privacy-ops.#Resolve Request on completion within SLA.
Data Subject Request Routing
Playbooks
/
Data Subject Request Routing
Data Subject Request Routing
Created by
Console Team
Published
Legal
Vanta
Trigger
Requester reports a DSR.
Instructions
#Trigger Form to collect:
Requester relationship (customer / employee / prospect / contractor).
Subject email / identifier.
Request type (access / portability / deletion / rectification / opt-out).
Regulatory basis (GDPR / CCPA / LGPD / other).
Verification documents.
Submitted-to-us date (starts SLA clock).
#Lookup Users on internal requester.
Verify requester identity:
#Custom Verify DSR Requester Identity per regulation.
Customer → custom Send Auth Email + verify response.
Employee → confirm internal identity.
Attorney/rep → require power of attorney.
#Request Approval from DPO for high-impact (deletion of active customer/employee).
Trigger execution:
#Custom Trigger Sec-22 DSR Execution for data inventory + execution.
Track SLA:
GDPR: 30 days (extendable to 60).
CCPA: 45 days.
schedule_action wakes at 50% / 75% / 90% of SLA.
Status updates:
#Send Direct Message to internal requester weekly.
Completion:
On Sec-22 completion → #Send Email to data subject with response.
Custom Vanta Log DSR.
#Send Channel Message to
#privacy-ops.#Resolve Request on completion within SLA.
Deal Stage Gate Enforcement
Playbooks
/
Deal Stage Gate Enforcement
Deal Stage Gate Enforcement
Created by
Console Team
Published
RevOps
Vanta
HubSpot
Ironclad
+2
Trigger
Webhook — deal stage change to Proposal or Negotiation Variables: $deal.id, $deal.previousStage, $deal.newStage, $deal.ownerId
Instructions
#Get HubSpot Deal Details with Activity Timeline for current state.
#Lookup Users on
$deal.ownerId.Define gates for the target stage:
Proposal: MEDDIC fields complete, mutual-action-plan signed, ROI doc shared.
Negotiation: MSA in motion, pricing approved, security review status confirmed.
Check each gate:
MSA status → custom Ironclad Get Workflow Status for the deal's MSA. Pass if
signedornegotiating.Pricing approved → check deal property
pricingApprovedor compute fromdiscountvs threshold (auto-approve if within AE-discretion).Security review → custom Vanta Get Vendor Review Status for the customer if they're SOC2-scoped customer.
MEDDIC complete → check required deal properties are all populated.
Gate evaluation:
All pass → allow stage change; #Create HubSpot Note on Deal logging the gate check pass.
Any fail → revert the stage:
#Custom HubSpot Update Stage to
$deal.previousStage.#Send Direct Message to AE: "Deal {{name}} can't move to {{newStage}} yet. Missing: {{failed gates}}. Here's how to clear each: {{instructions}}."
Offer to fire upstream playbooks: Rev-8 for pricing, Rev-9 for MSA, etc.
#Send Channel Message to
#deal-opsonly for fails (signal/noise).#Create HubSpot Note on Deal with the gate check result.
Deal Stage Gate Enforcement
Playbooks
/
Deal Stage Gate Enforcement
Deal Stage Gate Enforcement
Created by
Console Team
Published
RevOps
Vanta
HubSpot
Ironclad
+2
Trigger
Webhook — deal stage change to Proposal or Negotiation Variables: $deal.id, $deal.previousStage, $deal.newStage, $deal.ownerId
Instructions
#Get HubSpot Deal Details with Activity Timeline for current state.
#Lookup Users on
$deal.ownerId.Define gates for the target stage:
Proposal: MEDDIC fields complete, mutual-action-plan signed, ROI doc shared.
Negotiation: MSA in motion, pricing approved, security review status confirmed.
Check each gate:
MSA status → custom Ironclad Get Workflow Status for the deal's MSA. Pass if
signedornegotiating.Pricing approved → check deal property
pricingApprovedor compute fromdiscountvs threshold (auto-approve if within AE-discretion).Security review → custom Vanta Get Vendor Review Status for the customer if they're SOC2-scoped customer.
MEDDIC complete → check required deal properties are all populated.
Gate evaluation:
All pass → allow stage change; #Create HubSpot Note on Deal logging the gate check pass.
Any fail → revert the stage:
#Custom HubSpot Update Stage to
$deal.previousStage.#Send Direct Message to AE: "Deal {{name}} can't move to {{newStage}} yet. Missing: {{failed gates}}. Here's how to clear each: {{instructions}}."
Offer to fire upstream playbooks: Rev-8 for pricing, Rev-9 for MSA, etc.
#Send Channel Message to
#deal-opsonly for fails (signal/noise).#Create HubSpot Note on Deal with the gate check result.
Deal Stage Gate Enforcement
Playbooks
/
Deal Stage Gate Enforcement
Deal Stage Gate Enforcement
Created by
Console Team
Published
RevOps
Vanta
HubSpot
Ironclad
+2
Trigger
Webhook — deal stage change to Proposal or Negotiation Variables: $deal.id, $deal.previousStage, $deal.newStage, $deal.ownerId
Instructions
#Get HubSpot Deal Details with Activity Timeline for current state.
#Lookup Users on
$deal.ownerId.Define gates for the target stage:
Proposal: MEDDIC fields complete, mutual-action-plan signed, ROI doc shared.
Negotiation: MSA in motion, pricing approved, security review status confirmed.
Check each gate:
MSA status → custom Ironclad Get Workflow Status for the deal's MSA. Pass if
signedornegotiating.Pricing approved → check deal property
pricingApprovedor compute fromdiscountvs threshold (auto-approve if within AE-discretion).Security review → custom Vanta Get Vendor Review Status for the customer if they're SOC2-scoped customer.
MEDDIC complete → check required deal properties are all populated.
Gate evaluation:
All pass → allow stage change; #Create HubSpot Note on Deal logging the gate check pass.
Any fail → revert the stage:
#Custom HubSpot Update Stage to
$deal.previousStage.#Send Direct Message to AE: "Deal {{name}} can't move to {{newStage}} yet. Missing: {{failed gates}}. Here's how to clear each: {{instructions}}."
Offer to fire upstream playbooks: Rev-8 for pricing, Rev-9 for MSA, etc.
#Send Channel Message to
#deal-opsonly for fails (signal/noise).#Create HubSpot Note on Deal with the gate check result.
Deal-at-Risk Detection
Playbooks
/
Deal-at-Risk Detection
Deal-at-Risk Detection
Created by
Console Team
Published
RevOps
HubSpot
Gong
+1
Trigger
Detection — scheduled every day at 6:00 AM America/Chicago
Instructions
Pull open opps:
#Search HubSpot Deals by Owner filtered to all AEs, stages in [Proposal, Negotiation, Verbal Commit].
For each deal, compute signals in parallel:
Champion job change: #custom LinkedIn Sales Nav Get Champion Changes for the deal's primary champion.
Activity gap: #custom Get Days Since Last Activity (>14 days = risk).
Slipped close date: compare
closeDatetooriginalCloseDate; >2 slips = risk.Customer health drop: #custom Gainsight Get Health Score for existing customers (renewals/expansions).
Sentiment shift: #custom Gong Get Sentiment Trend for the deal's last 5 calls.
Competitor mention spike: #custom Gong Search Calls for Competitor in the deal's recent calls.
Score the deal:
0 signals → healthy.
1 signal → watch.
2 signals → at-risk.
3+ signals → critical.
Skip if deal was flagged in the last 7 days (avoid re-alert spam) unless score increased.
For at-risk and critical deals:
#Lookup Users on the AE with
includeManager.Compose the risk brief:
Deal name + amount + close date + stage.
Signals firing (with detail per signal).
Suggested actions per signal (e.g. champion changed → reach out to backup, no activity → schedule check-in, slipped → revisit timeline with customer).
#Send Direct Message to the AE with the risk brief.
For critical deals, also:
#Send Direct Message to the AE's manager.
#Send Channel Message to
#deals-at-risk(visible to RevOps).
Create save-play guidance:
#Search Knowledge Base for play playbooks matching the signals.
Suggest the play in the DM.
Offer follow-ups:
"Want to schedule a deal review?"
"Want me to generate a champion-departure response email?"
schedule_action wake at 7 days to re-evaluate.
#Create HubSpot Note on Deal with the risk signals captured.
Deal-at-Risk Detection
Playbooks
/
Deal-at-Risk Detection
Deal-at-Risk Detection
Created by
Console Team
Published
RevOps
HubSpot
Gong
+1
Trigger
Detection — scheduled every day at 6:00 AM America/Chicago
Instructions
Pull open opps:
#Search HubSpot Deals by Owner filtered to all AEs, stages in [Proposal, Negotiation, Verbal Commit].
For each deal, compute signals in parallel:
Champion job change: #custom LinkedIn Sales Nav Get Champion Changes for the deal's primary champion.
Activity gap: #custom Get Days Since Last Activity (>14 days = risk).
Slipped close date: compare
closeDatetooriginalCloseDate; >2 slips = risk.Customer health drop: #custom Gainsight Get Health Score for existing customers (renewals/expansions).
Sentiment shift: #custom Gong Get Sentiment Trend for the deal's last 5 calls.
Competitor mention spike: #custom Gong Search Calls for Competitor in the deal's recent calls.
Score the deal:
0 signals → healthy.
1 signal → watch.
2 signals → at-risk.
3+ signals → critical.
Skip if deal was flagged in the last 7 days (avoid re-alert spam) unless score increased.
For at-risk and critical deals:
#Lookup Users on the AE with
includeManager.Compose the risk brief:
Deal name + amount + close date + stage.
Signals firing (with detail per signal).
Suggested actions per signal (e.g. champion changed → reach out to backup, no activity → schedule check-in, slipped → revisit timeline with customer).
#Send Direct Message to the AE with the risk brief.
For critical deals, also:
#Send Direct Message to the AE's manager.
#Send Channel Message to
#deals-at-risk(visible to RevOps).
Create save-play guidance:
#Search Knowledge Base for play playbooks matching the signals.
Suggest the play in the DM.
Offer follow-ups:
"Want to schedule a deal review?"
"Want me to generate a champion-departure response email?"
schedule_action wake at 7 days to re-evaluate.
#Create HubSpot Note on Deal with the risk signals captured.
Deal-at-Risk Detection
Playbooks
/
Deal-at-Risk Detection
Deal-at-Risk Detection
Created by
Console Team
Published
RevOps
HubSpot
Gong
+1
Trigger
Detection — scheduled every day at 6:00 AM America/Chicago
Instructions
Pull open opps:
#Search HubSpot Deals by Owner filtered to all AEs, stages in [Proposal, Negotiation, Verbal Commit].
For each deal, compute signals in parallel:
Champion job change: #custom LinkedIn Sales Nav Get Champion Changes for the deal's primary champion.
Activity gap: #custom Get Days Since Last Activity (>14 days = risk).
Slipped close date: compare
closeDatetooriginalCloseDate; >2 slips = risk.Customer health drop: #custom Gainsight Get Health Score for existing customers (renewals/expansions).
Sentiment shift: #custom Gong Get Sentiment Trend for the deal's last 5 calls.
Competitor mention spike: #custom Gong Search Calls for Competitor in the deal's recent calls.
Score the deal:
0 signals → healthy.
1 signal → watch.
2 signals → at-risk.
3+ signals → critical.
Skip if deal was flagged in the last 7 days (avoid re-alert spam) unless score increased.
For at-risk and critical deals:
#Lookup Users on the AE with
includeManager.Compose the risk brief:
Deal name + amount + close date + stage.
Signals firing (with detail per signal).
Suggested actions per signal (e.g. champion changed → reach out to backup, no activity → schedule check-in, slipped → revisit timeline with customer).
#Send Direct Message to the AE with the risk brief.
For critical deals, also:
#Send Direct Message to the AE's manager.
#Send Channel Message to
#deals-at-risk(visible to RevOps).
Create save-play guidance:
#Search Knowledge Base for play playbooks matching the signals.
Suggest the play in the DM.
Offer follow-ups:
"Want to schedule a deal review?"
"Want me to generate a champion-departure response email?"
schedule_action wake at 7 days to re-evaluate.
#Create HubSpot Note on Deal with the risk signals captured.
Demo Prep & Meeting Room
Playbooks
/
Demo Prep & Meeting Room
Demo Prep & Meeting Room
Created by
Console Team
Published
RevOps
Slack
HubSpot
+1
Trigger
Webhook — meeting booked in Calendly/Chili Piper Variables: $booking.id, $booking.meetingType, $booking.startTime, $booking.attendees, $booking.hostEmail
Instructions
#Lookup Users on the host (AE/SE) with
includeSlackId.Identify the prospect:
From
$booking.attendees, parse external attendees.Get the company domain from the primary external attendee.
#Search HubSpot Companies by domain to find the account record.
Pull account context:
#Get HubSpot Company Details with Activity Timeline.
#Search HubSpot Deals by Company for open deals.
#Search HubSpot Contacts by Property Filter for known contacts.
Enrich attendees:
For each external attendee:
#Search HubSpot Contacts by email.
If not found: custom ZoomInfo Enrich Person + create the contact.
Pull title, LinkedIn, prior interactions.
Pull prior touches:
#Custom Gong Get Calls by Account for the last 3 calls.
#Custom Get Email History by Account from Outreach.
#Get HubSpot Deal Note Associations for prior notes.
Generate prep doc:
#Custom Generate Demo Prep Doc writes a Google Doc with:
Meeting time + attendees + their context.
Account snapshot (firmographics, tech stack).
Deal history + current stage.
Prior call highlights.
Suggested demo flow based on attendee titles + use case.
Open questions / discovery gaps to fill.
Create internal prep channel:
#Create Channel named
#prep-{{account}}-{{date}}.#Add Users To Channel: host (AE), SE, marketing lead if applicable, sales manager for visibility.
#Custom Slack Pin Message with the prep doc link.
Post the prep doc summary as the first message.
#Send Direct Message to host with: prep doc link, prep channel link, key call-out (e.g. "This account has 3 open competitive POCs — be aware").
schedule_action wake 1 hour before meeting to send a final reminder.
#Create HubSpot Note on Company linking the prep doc and channel.
Demo Prep & Meeting Room
Playbooks
/
Demo Prep & Meeting Room
Demo Prep & Meeting Room
Created by
Console Team
Published
RevOps
Slack
HubSpot
+1
Trigger
Webhook — meeting booked in Calendly/Chili Piper Variables: $booking.id, $booking.meetingType, $booking.startTime, $booking.attendees, $booking.hostEmail
Instructions
#Lookup Users on the host (AE/SE) with
includeSlackId.Identify the prospect:
From
$booking.attendees, parse external attendees.Get the company domain from the primary external attendee.
#Search HubSpot Companies by domain to find the account record.
Pull account context:
#Get HubSpot Company Details with Activity Timeline.
#Search HubSpot Deals by Company for open deals.
#Search HubSpot Contacts by Property Filter for known contacts.
Enrich attendees:
For each external attendee:
#Search HubSpot Contacts by email.
If not found: custom ZoomInfo Enrich Person + create the contact.
Pull title, LinkedIn, prior interactions.
Pull prior touches:
#Custom Gong Get Calls by Account for the last 3 calls.
#Custom Get Email History by Account from Outreach.
#Get HubSpot Deal Note Associations for prior notes.
Generate prep doc:
#Custom Generate Demo Prep Doc writes a Google Doc with:
Meeting time + attendees + their context.
Account snapshot (firmographics, tech stack).
Deal history + current stage.
Prior call highlights.
Suggested demo flow based on attendee titles + use case.
Open questions / discovery gaps to fill.
Create internal prep channel:
#Create Channel named
#prep-{{account}}-{{date}}.#Add Users To Channel: host (AE), SE, marketing lead if applicable, sales manager for visibility.
#Custom Slack Pin Message with the prep doc link.
Post the prep doc summary as the first message.
#Send Direct Message to host with: prep doc link, prep channel link, key call-out (e.g. "This account has 3 open competitive POCs — be aware").
schedule_action wake 1 hour before meeting to send a final reminder.
#Create HubSpot Note on Company linking the prep doc and channel.
Demo Prep & Meeting Room
Playbooks
/
Demo Prep & Meeting Room
Demo Prep & Meeting Room
Created by
Console Team
Published
RevOps
Slack
HubSpot
+1
Trigger
Webhook — meeting booked in Calendly/Chili Piper Variables: $booking.id, $booking.meetingType, $booking.startTime, $booking.attendees, $booking.hostEmail
Instructions
#Lookup Users on the host (AE/SE) with
includeSlackId.Identify the prospect:
From
$booking.attendees, parse external attendees.Get the company domain from the primary external attendee.
#Search HubSpot Companies by domain to find the account record.
Pull account context:
#Get HubSpot Company Details with Activity Timeline.
#Search HubSpot Deals by Company for open deals.
#Search HubSpot Contacts by Property Filter for known contacts.
Enrich attendees:
For each external attendee:
#Search HubSpot Contacts by email.
If not found: custom ZoomInfo Enrich Person + create the contact.
Pull title, LinkedIn, prior interactions.
Pull prior touches:
#Custom Gong Get Calls by Account for the last 3 calls.
#Custom Get Email History by Account from Outreach.
#Get HubSpot Deal Note Associations for prior notes.
Generate prep doc:
#Custom Generate Demo Prep Doc writes a Google Doc with:
Meeting time + attendees + their context.
Account snapshot (firmographics, tech stack).
Deal history + current stage.
Prior call highlights.
Suggested demo flow based on attendee titles + use case.
Open questions / discovery gaps to fill.
Create internal prep channel:
#Create Channel named
#prep-{{account}}-{{date}}.#Add Users To Channel: host (AE), SE, marketing lead if applicable, sales manager for visibility.
#Custom Slack Pin Message with the prep doc link.
Post the prep doc summary as the first message.
#Send Direct Message to host with: prep doc link, prep channel link, key call-out (e.g. "This account has 3 open competitive POCs — be aware").
schedule_action wake 1 hour before meeting to send a final reminder.
#Create HubSpot Note on Company linking the prep doc and channel.
Device Recovery / Unlock
Playbooks
/
Device Recovery / Unlock
Device Recovery / Unlock
Created by
Console Team
Published
IT
Okta
Kandji
Trigger
User reports being locked out of their laptop ("forgot FileVault password", "can't get past BitLocker", "MacBook is asking for recovery key").
Instructions
#Lookup Users on the requester with
includeManager.#List Devices (Kandji) filtered by
assignedUserEmail = requester.emailto find their device(s).If multiple devices, #Trigger Form to ask which device.
#Get Device Details (Kandji) to confirm the device is enrolled and active.
Risk check: #Search Okta System Log Custom for recent suspicious activity. If anomalous, escalate to Sec-12 flow.
Identity verification:
#Request Approval from the requester's manager confirming the user is who they say they are.
For high-risk cases (recent termination flag, device marked lost, off-hours request from new IP) → #Prompt for Handoff to security.
On approval: #Get Device FileVault Recovery Key (Kandji) for Mac, or custom Get BitLocker Recovery Key for Windows.
#Send Direct Message to the requester with:
The recovery key
Step-by-step unlock instructions (different for Mac vs Windows)
Reminder to reset their password after unlock
Wait for the requester to confirm they're back in via a follow-up message.
After confirmation, #Send Direct Message suggesting they update their password and re-enroll FileVault/BitLocker.
#Leave Internal Note capturing device serial, verification method, and outcome.
Device Recovery / Unlock
Playbooks
/
Device Recovery / Unlock
Device Recovery / Unlock
Created by
Console Team
Published
IT
Okta
Kandji
Trigger
User reports being locked out of their laptop ("forgot FileVault password", "can't get past BitLocker", "MacBook is asking for recovery key").
Instructions
#Lookup Users on the requester with
includeManager.#List Devices (Kandji) filtered by
assignedUserEmail = requester.emailto find their device(s).If multiple devices, #Trigger Form to ask which device.
#Get Device Details (Kandji) to confirm the device is enrolled and active.
Risk check: #Search Okta System Log Custom for recent suspicious activity. If anomalous, escalate to Sec-12 flow.
Identity verification:
#Request Approval from the requester's manager confirming the user is who they say they are.
For high-risk cases (recent termination flag, device marked lost, off-hours request from new IP) → #Prompt for Handoff to security.
On approval: #Get Device FileVault Recovery Key (Kandji) for Mac, or custom Get BitLocker Recovery Key for Windows.
#Send Direct Message to the requester with:
The recovery key
Step-by-step unlock instructions (different for Mac vs Windows)
Reminder to reset their password after unlock
Wait for the requester to confirm they're back in via a follow-up message.
After confirmation, #Send Direct Message suggesting they update their password and re-enroll FileVault/BitLocker.
#Leave Internal Note capturing device serial, verification method, and outcome.
Device Recovery / Unlock
Playbooks
/
Device Recovery / Unlock
Device Recovery / Unlock
Created by
Console Team
Published
IT
Okta
Kandji
Trigger
User reports being locked out of their laptop ("forgot FileVault password", "can't get past BitLocker", "MacBook is asking for recovery key").
Instructions
#Lookup Users on the requester with
includeManager.#List Devices (Kandji) filtered by
assignedUserEmail = requester.emailto find their device(s).If multiple devices, #Trigger Form to ask which device.
#Get Device Details (Kandji) to confirm the device is enrolled and active.
Risk check: #Search Okta System Log Custom for recent suspicious activity. If anomalous, escalate to Sec-12 flow.
Identity verification:
#Request Approval from the requester's manager confirming the user is who they say they are.
For high-risk cases (recent termination flag, device marked lost, off-hours request from new IP) → #Prompt for Handoff to security.
On approval: #Get Device FileVault Recovery Key (Kandji) for Mac, or custom Get BitLocker Recovery Key for Windows.
#Send Direct Message to the requester with:
The recovery key
Step-by-step unlock instructions (different for Mac vs Windows)
Reminder to reset their password after unlock
Wait for the requester to confirm they're back in via a follow-up message.
After confirmation, #Send Direct Message suggesting they update their password and re-enroll FileVault/BitLocker.
#Leave Internal Note capturing device serial, verification method, and outcome.
Discount Approval Routing
Playbooks
/
Discount Approval Routing
Discount Approval Routing
Created by
Console Team
Published
RevOps
HubSpot
Gong
Trigger
AE requests a discount on a deal.
Instructions
#Trigger Form to collect:
Deal name or ID.
Discount % requested.
Justification (free text).
Competitor (if competing).
Timeline urgency.
#Lookup Users on the requester.
#Hubspot Search Deals to locate the deal.
#Get HubSpot Deal Details with Activity Timeline to pull ACV, stage, current discount if any.
Calculate the discount tier:
0-10% → AE-discretionary, no approval needed; just log.
10-20% → manager approval.
20-30% → manager + deal desk approval.
>30% OR ACV >$500k → manager + deal desk + CFO approval.
Custom Get Discount Policy for current org thresholds (may differ from defaults).
#Search Knowledge Base for any vertical/segment-specific discount exceptions.
Attach deal context to the approval:
Pull last 3 Gong calls for the deal.
Pull engagement summary.
Pull competitive context if competitor named.
Approval chain (executed via #Request Approval):
Manager (with full deal context).
Deal desk (with discount comparison vs similar closed deals via custom Get Discount Benchmarks).
CFO (with margin impact calculation if applicable).
On approval at each tier, #Send Direct Message to AE with status.
On full approval:
#Update HubSpot Deal Properties with the approved
discountPercentandapprovedBy.#Create HubSpot Note on Deal with full approval trail.
#Send Direct Message to AE: "Approved at {{X}}%. You can update the quote."
On rejection:
#Send Direct Message to AE with the reason.
Offer alternatives (lower discount, payment terms, scope reduction).
#Send Channel Message to
#deal-desk-logfor visibility.#Leave Internal Note with the approval trail.
Discount Approval Routing
Playbooks
/
Discount Approval Routing
Discount Approval Routing
Created by
Console Team
Published
RevOps
HubSpot
Gong
Trigger
AE requests a discount on a deal.
Instructions
#Trigger Form to collect:
Deal name or ID.
Discount % requested.
Justification (free text).
Competitor (if competing).
Timeline urgency.
#Lookup Users on the requester.
#Hubspot Search Deals to locate the deal.
#Get HubSpot Deal Details with Activity Timeline to pull ACV, stage, current discount if any.
Calculate the discount tier:
0-10% → AE-discretionary, no approval needed; just log.
10-20% → manager approval.
20-30% → manager + deal desk approval.
>30% OR ACV >$500k → manager + deal desk + CFO approval.
Custom Get Discount Policy for current org thresholds (may differ from defaults).
#Search Knowledge Base for any vertical/segment-specific discount exceptions.
Attach deal context to the approval:
Pull last 3 Gong calls for the deal.
Pull engagement summary.
Pull competitive context if competitor named.
Approval chain (executed via #Request Approval):
Manager (with full deal context).
Deal desk (with discount comparison vs similar closed deals via custom Get Discount Benchmarks).
CFO (with margin impact calculation if applicable).
On approval at each tier, #Send Direct Message to AE with status.
On full approval:
#Update HubSpot Deal Properties with the approved
discountPercentandapprovedBy.#Create HubSpot Note on Deal with full approval trail.
#Send Direct Message to AE: "Approved at {{X}}%. You can update the quote."
On rejection:
#Send Direct Message to AE with the reason.
Offer alternatives (lower discount, payment terms, scope reduction).
#Send Channel Message to
#deal-desk-logfor visibility.#Leave Internal Note with the approval trail.
Discount Approval Routing
Playbooks
/
Discount Approval Routing
Discount Approval Routing
Created by
Console Team
Published
RevOps
HubSpot
Gong
Trigger
AE requests a discount on a deal.
Instructions
#Trigger Form to collect:
Deal name or ID.
Discount % requested.
Justification (free text).
Competitor (if competing).
Timeline urgency.
#Lookup Users on the requester.
#Hubspot Search Deals to locate the deal.
#Get HubSpot Deal Details with Activity Timeline to pull ACV, stage, current discount if any.
Calculate the discount tier:
0-10% → AE-discretionary, no approval needed; just log.
10-20% → manager approval.
20-30% → manager + deal desk approval.
>30% OR ACV >$500k → manager + deal desk + CFO approval.
Custom Get Discount Policy for current org thresholds (may differ from defaults).
#Search Knowledge Base for any vertical/segment-specific discount exceptions.
Attach deal context to the approval:
Pull last 3 Gong calls for the deal.
Pull engagement summary.
Pull competitive context if competitor named.
Approval chain (executed via #Request Approval):
Manager (with full deal context).
Deal desk (with discount comparison vs similar closed deals via custom Get Discount Benchmarks).
CFO (with margin impact calculation if applicable).
On approval at each tier, #Send Direct Message to AE with status.
On full approval:
#Update HubSpot Deal Properties with the approved
discountPercentandapprovedBy.#Create HubSpot Note on Deal with full approval trail.
#Send Direct Message to AE: "Approved at {{X}}%. You can update the quote."
On rejection:
#Send Direct Message to AE with the reason.
Offer alternatives (lower discount, payment terms, scope reduction).
#Send Channel Message to
#deal-desk-logfor visibility.#Leave Internal Note with the approval trail.
DocuSign Envelope Management
Playbooks
/
DocuSign Envelope Management
DocuSign Envelope Management
Created by
Console Team
Published
Legal
DocuSign
Ironclad
Trigger
Requester asks for envelope action.
Instructions
Parse action (resend / void / remind / get-status / get-signed-copy / amend) + envelope identifier.
#Lookup Users on requester.
Locate envelope:
#Custom DocuSign Search Envelopes by ID, recipient, or subject.
Multiple matches → disambiguation DM.
Permission check: sender, signer, deal team, or counsel.
Execute:
Resend → #custom DocuSign Resend Envelope to unsigned recipient.
Void → #custom DocuSign Void Envelope with reason.
Remind → #custom DocuSign Send Reminder.
Get-status → #custom DocuSign Get Envelope Status with full history.
Get-signed-copy → #custom DocuSign Download Signed Copy.
Amend → cannot amend sent envelope; offer to void and resend.
Update Ironclad if linked:
#Send Direct Message with confirmation per action type.
DocuSign Envelope Management
Playbooks
/
DocuSign Envelope Management
DocuSign Envelope Management
Created by
Console Team
Published
Legal
DocuSign
Ironclad
Trigger
Requester asks for envelope action.
Instructions
Parse action (resend / void / remind / get-status / get-signed-copy / amend) + envelope identifier.
#Lookup Users on requester.
Locate envelope:
#Custom DocuSign Search Envelopes by ID, recipient, or subject.
Multiple matches → disambiguation DM.
Permission check: sender, signer, deal team, or counsel.
Execute:
Resend → #custom DocuSign Resend Envelope to unsigned recipient.
Void → #custom DocuSign Void Envelope with reason.
Remind → #custom DocuSign Send Reminder.
Get-status → #custom DocuSign Get Envelope Status with full history.
Get-signed-copy → #custom DocuSign Download Signed Copy.
Amend → cannot amend sent envelope; offer to void and resend.
Update Ironclad if linked:
#Send Direct Message with confirmation per action type.
DocuSign Envelope Management
Playbooks
/
DocuSign Envelope Management
DocuSign Envelope Management
Created by
Console Team
Published
Legal
DocuSign
Ironclad
Trigger
Requester asks for envelope action.
Instructions
Parse action (resend / void / remind / get-status / get-signed-copy / amend) + envelope identifier.
#Lookup Users on requester.
Locate envelope:
#Custom DocuSign Search Envelopes by ID, recipient, or subject.
Multiple matches → disambiguation DM.
Permission check: sender, signer, deal team, or counsel.
Execute:
Resend → #custom DocuSign Resend Envelope to unsigned recipient.
Void → #custom DocuSign Void Envelope with reason.
Remind → #custom DocuSign Send Reminder.
Get-status → #custom DocuSign Get Envelope Status with full history.
Get-signed-copy → #custom DocuSign Download Signed Copy.
Amend → cannot amend sent envelope; offer to void and resend.
Update Ironclad if linked:
#Send Direct Message with confirmation per action type.
DPA Handling
Playbooks
/
DPA Handling
DPA Handling
Created by
Console Team
Published
Legal
Vanta
DocuSign
Ironclad
+1
Trigger
Webhook — vendor flagged as processing PII OR called from Legal-7 Variables: $vendor.id, $vendor.name, $vendor.dataTypes, $vendor.jurisdiction
Instructions
Pull vendor details:
Pick template:
#Custom Get DPA Template based on:
Data types (PII / PHI / financial).
Vendor jurisdiction (EU vendor → SCCs required, US → DPA + state-specific addenda).
Our role (controller / processor / joint-controller).
Apply vendor-specific schedules:
#Custom Ironclad Generate DPA with:
Standard contractual clauses (SCCs) if EU transfer.
Sub-processor schedule.
Data categories and processing purposes.
Retention periods.
Security measures (Annex II).
Audit rights and notification windows.
Validation:
Custom Validate DPA Generated.
Route through Ironclad:
Assign to privacy counsel for internal review.
After internal review:
#Custom DocuSign Send DPA to vendor's counsel.
Track:
schedule_action wake at 5 / 10 / 15 days for non-signature.
Reminder DMs to vendor contact and assigned counsel.
On signature:
#Custom Save DPA to Vendor Record.
#Custom Vanta Update Vendor with DPA.
#Custom Update Subprocessor List if vendor is a subprocessor.
#Send Direct Message to: privacy counsel, original requester, vendor relationship owner.
#Send Channel Message to
#legal-privacyand#privacy-compliance.If we're a controller for customer data: fire Legal-9 (Subprocessor List Management).
DPA Handling
Playbooks
/
DPA Handling
DPA Handling
Created by
Console Team
Published
Legal
Vanta
DocuSign
Ironclad
+1
Trigger
Webhook — vendor flagged as processing PII OR called from Legal-7 Variables: $vendor.id, $vendor.name, $vendor.dataTypes, $vendor.jurisdiction
Instructions
Pull vendor details:
Pick template:
#Custom Get DPA Template based on:
Data types (PII / PHI / financial).
Vendor jurisdiction (EU vendor → SCCs required, US → DPA + state-specific addenda).
Our role (controller / processor / joint-controller).
Apply vendor-specific schedules:
#Custom Ironclad Generate DPA with:
Standard contractual clauses (SCCs) if EU transfer.
Sub-processor schedule.
Data categories and processing purposes.
Retention periods.
Security measures (Annex II).
Audit rights and notification windows.
Validation:
Custom Validate DPA Generated.
Route through Ironclad:
Assign to privacy counsel for internal review.
After internal review:
#Custom DocuSign Send DPA to vendor's counsel.
Track:
schedule_action wake at 5 / 10 / 15 days for non-signature.
Reminder DMs to vendor contact and assigned counsel.
On signature:
#Custom Save DPA to Vendor Record.
#Custom Vanta Update Vendor with DPA.
#Custom Update Subprocessor List if vendor is a subprocessor.
#Send Direct Message to: privacy counsel, original requester, vendor relationship owner.
#Send Channel Message to
#legal-privacyand#privacy-compliance.If we're a controller for customer data: fire Legal-9 (Subprocessor List Management).
DPA Handling
Playbooks
/
DPA Handling
DPA Handling
Created by
Console Team
Published
Legal
Vanta
DocuSign
Ironclad
+1
Trigger
Webhook — vendor flagged as processing PII OR called from Legal-7 Variables: $vendor.id, $vendor.name, $vendor.dataTypes, $vendor.jurisdiction
Instructions
Pull vendor details:
Pick template:
#Custom Get DPA Template based on:
Data types (PII / PHI / financial).
Vendor jurisdiction (EU vendor → SCCs required, US → DPA + state-specific addenda).
Our role (controller / processor / joint-controller).
Apply vendor-specific schedules:
#Custom Ironclad Generate DPA with:
Standard contractual clauses (SCCs) if EU transfer.
Sub-processor schedule.
Data categories and processing purposes.
Retention periods.
Security measures (Annex II).
Audit rights and notification windows.
Validation:
Custom Validate DPA Generated.
Route through Ironclad:
Assign to privacy counsel for internal review.
After internal review:
#Custom DocuSign Send DPA to vendor's counsel.
Track:
schedule_action wake at 5 / 10 / 15 days for non-signature.
Reminder DMs to vendor contact and assigned counsel.
On signature:
#Custom Save DPA to Vendor Record.
#Custom Vanta Update Vendor with DPA.
#Custom Update Subprocessor List if vendor is a subprocessor.
#Send Direct Message to: privacy counsel, original requester, vendor relationship owner.
#Send Channel Message to
#legal-privacyand#privacy-compliance.If we're a controller for customer data: fire Legal-9 (Subprocessor List Management).
eDiscovery Collection
Playbooks
/
eDiscovery Collection
eDiscovery Collection
Created by
Console Team
Published
Legal
Slack
GitHub
+5
Trigger
Counsel scopes a collection.
Instructions
#Trigger Form to collect:
Matter name and ID.
Custodian email(s).
Date range.
Data systems in scope.
Keywords (optional).
Privilege screening keywords.
Delivery target (Relativity / Logikcull / etc.).
#Lookup Users on each custodian.
#Request Approval from general counsel.
Confirm legal hold is active (per Legal-10).
Execute collection in parallel per system:
Gmail: custom Google Workspace Export Mailbox.
Drive: custom Google Workspace Export Drive.
Slack DMs: custom Slack Export User DMs.
Slack channels: custom Slack Export Channel History.
GitHub: custom GitHub Export User Activity.
Hash manifests:
#Custom Compute SHA256 Manifest for each export.
Package:
#Custom Create eDiscovery Package with exports + manifest + chain-of-custody log.
#Custom Upload to Relativity with matter metadata.
Privilege screening (if requested):
#Custom Run Privilege Filter against the collection.
Surface flagged items for counsel review before platform delivery.
Notify:
#Send Direct Message to counsel with summary, file counts, manifest, platform link.
#Send Channel Message to
#legal-ediscovery.
Documentation:
#Leave Internal Note with full chain of custody.
#Resolve Request on delivery.
eDiscovery Collection
Playbooks
/
eDiscovery Collection
eDiscovery Collection
Created by
Console Team
Published
Legal
Slack
GitHub
+5
Trigger
Counsel scopes a collection.
Instructions
#Trigger Form to collect:
Matter name and ID.
Custodian email(s).
Date range.
Data systems in scope.
Keywords (optional).
Privilege screening keywords.
Delivery target (Relativity / Logikcull / etc.).
#Lookup Users on each custodian.
#Request Approval from general counsel.
Confirm legal hold is active (per Legal-10).
Execute collection in parallel per system:
Gmail: custom Google Workspace Export Mailbox.
Drive: custom Google Workspace Export Drive.
Slack DMs: custom Slack Export User DMs.
Slack channels: custom Slack Export Channel History.
GitHub: custom GitHub Export User Activity.
Hash manifests:
#Custom Compute SHA256 Manifest for each export.
Package:
#Custom Create eDiscovery Package with exports + manifest + chain-of-custody log.
#Custom Upload to Relativity with matter metadata.
Privilege screening (if requested):
#Custom Run Privilege Filter against the collection.
Surface flagged items for counsel review before platform delivery.
Notify:
#Send Direct Message to counsel with summary, file counts, manifest, platform link.
#Send Channel Message to
#legal-ediscovery.
Documentation:
#Leave Internal Note with full chain of custody.
#Resolve Request on delivery.
eDiscovery Collection
Playbooks
/
eDiscovery Collection
eDiscovery Collection
Created by
Console Team
Published
Legal
Slack
GitHub
+5
Trigger
Counsel scopes a collection.
Instructions
#Trigger Form to collect:
Matter name and ID.
Custodian email(s).
Date range.
Data systems in scope.
Keywords (optional).
Privilege screening keywords.
Delivery target (Relativity / Logikcull / etc.).
#Lookup Users on each custodian.
#Request Approval from general counsel.
Confirm legal hold is active (per Legal-10).
Execute collection in parallel per system:
Gmail: custom Google Workspace Export Mailbox.
Drive: custom Google Workspace Export Drive.
Slack DMs: custom Slack Export User DMs.
Slack channels: custom Slack Export Channel History.
GitHub: custom GitHub Export User Activity.
Hash manifests:
#Custom Compute SHA256 Manifest for each export.
Package:
#Custom Create eDiscovery Package with exports + manifest + chain-of-custody log.
#Custom Upload to Relativity with matter metadata.
Privilege screening (if requested):
#Custom Run Privilege Filter against the collection.
Surface flagged items for counsel review before platform delivery.
Notify:
#Send Direct Message to counsel with summary, file counts, manifest, platform link.
#Send Channel Message to
#legal-ediscovery.
Documentation:
#Leave Internal Note with full chain of custody.
#Resolve Request on delivery.
Employee Data Updates
Playbooks
/
Employee Data Updates
Employee Data Updates
Created by
Console Team
Published
HR
Trigger
Requester wants to update personal info (home address, emergency contact, phone number, marital status, dependents).
Instructions
Employee Data Updates
Playbooks
/
Employee Data Updates
Employee Data Updates
Created by
Console Team
Published
HR
Trigger
Requester wants to update personal info (home address, emergency contact, phone number, marital status, dependents).
Instructions
Employee Data Updates
Playbooks
/
Employee Data Updates
Employee Data Updates
Created by
Console Team
Published
HR
Trigger
Requester wants to update personal info (home address, emergency contact, phone number, marital status, dependents).
Instructions
Employee Offboarding
Playbooks
/
Employee Offboarding
Employee Offboarding
Created by
Console Team
Published
IT
Okta
Kandji
Ramp
+8
Trigger
Webhook — worker.terminated Variables: $employee.email, $employee.managerEmail, $employee.terminationDate, $employee.department
Instructions
#Lookup Users on $employee.email with includeGroups, includeApps, includeManager.
#Search Okta User by Email, then #Revoke All User Sessions, then #Deactivate User (Okta).
#Suspend Google User and #Transfer Drive Files to $employee.managerEmail.
#Out Of Office to set the auto-reply.
If department == "Engineering": #Remove User from Org (GitHub), #Disable Datadog User, custom AWS IAM detach.
If department == "Sales": revoke Salesforce/Gong/Outreach seats (custom actions).
Loop user's apps from step 1; for each Productiv-tracked SaaS, call the appropriate #Remove from Group action.
#Kandji: Force Device Check-In then #Device Lock for each assigned device.
#Update User (Ramp) to suspend the card.
Create Linear Issue in the IT-Audit project documenting the offboarding.
#Send Channel Message to #it-audit summarizing what was revoked.
Employee Offboarding
Playbooks
/
Employee Offboarding
Employee Offboarding
Created by
Console Team
Published
IT
Okta
Kandji
Ramp
+8
Trigger
Webhook — worker.terminated Variables: $employee.email, $employee.managerEmail, $employee.terminationDate, $employee.department
Instructions
#Lookup Users on $employee.email with includeGroups, includeApps, includeManager.
#Search Okta User by Email, then #Revoke All User Sessions, then #Deactivate User (Okta).
#Suspend Google User and #Transfer Drive Files to $employee.managerEmail.
#Out Of Office to set the auto-reply.
If department == "Engineering": #Remove User from Org (GitHub), #Disable Datadog User, custom AWS IAM detach.
If department == "Sales": revoke Salesforce/Gong/Outreach seats (custom actions).
Loop user's apps from step 1; for each Productiv-tracked SaaS, call the appropriate #Remove from Group action.
#Kandji: Force Device Check-In then #Device Lock for each assigned device.
#Update User (Ramp) to suspend the card.
Create Linear Issue in the IT-Audit project documenting the offboarding.
#Send Channel Message to #it-audit summarizing what was revoked.
Employee Offboarding
Playbooks
/
Employee Offboarding
Employee Offboarding
Created by
Console Team
Published
IT
Okta
Kandji
Ramp
+8
Trigger
Webhook — worker.terminated Variables: $employee.email, $employee.managerEmail, $employee.terminationDate, $employee.department
Instructions
#Lookup Users on $employee.email with includeGroups, includeApps, includeManager.
#Search Okta User by Email, then #Revoke All User Sessions, then #Deactivate User (Okta).
#Suspend Google User and #Transfer Drive Files to $employee.managerEmail.
#Out Of Office to set the auto-reply.
If department == "Engineering": #Remove User from Org (GitHub), #Disable Datadog User, custom AWS IAM detach.
If department == "Sales": revoke Salesforce/Gong/Outreach seats (custom actions).
Loop user's apps from step 1; for each Productiv-tracked SaaS, call the appropriate #Remove from Group action.
#Kandji: Force Device Check-In then #Device Lock for each assigned device.
#Update User (Ramp) to suspend the card.
Create Linear Issue in the IT-Audit project documenting the offboarding.
#Send Channel Message to #it-audit summarizing what was revoked.
Employee Offboarding
Playbooks
/
Employee Offboarding
Employee Offboarding
Created by
Console Team
Published
HR
Google Calendar
Workday
Rippling
+3
Trigger
Webhook — worker.terminated Variables: $employee.email, $employee.managerEmail, $employee.terminationDate, $employee.terminationType (voluntary / involuntary), $employee.personalEmail
Instructions
#Lookup Users on
$employee.emailwithincludeManagerandincludeGroups.Branch on
$employee.terminationType:Voluntary → run full sequence below.
Involuntary → skip exit interview, accelerate Drive transfer and document delivery to same day. Coordinate with security via #Send Channel Message to
#hr-security-sync.
Schedule exit interview:
#Custom Calendly Send Booking Link for a 45-min exit interview with HRBP, due before
$employee.terminationDate.#Send Direct Message to
$employee.emailwith the link and context.
File and calendar transition:
#Transfer Drive Files ownership to
$employee.managerEmail.#Custom Google Calendar Transfer Events for any recurring meetings owned by the employee to the manager.
#Out Of Office to set a custom auto-reply: "I'm no longer with the company. For {{team}} matters please contact {{manager.email}}."
Final paystub and payroll:
#Custom Workday/Rippling/Gusto Generate Final Paystub with last day worked and any PTO payout.
#Custom Workday Trigger Final Pay Recalc for unused PTO conversion and severance (if applicable).
#Send Email to
$employee.personalEmailwith the final paystub and benefits continuation info (COBRA).
Directory cleanup:
#Custom Update People Directory Remove to remove from the internal org chart.
#Custom Update Org Chart Reassign Reports to move any direct reports to the manager temporarily.
Separation paperwork:
#Custom DocuSign Send Separation Agreement with the appropriate template (voluntary / involuntary).
schedule_action wake at 7 days to check signature status; #Send Email reminder if unsigned.
Knowledge transfer:
#Send Direct Message to the manager: a checklist (project handoff doc, vendor relationships, ongoing commitments) with a #Trigger Form to confirm completion.
Recognition (voluntary only):
#Send Channel Message to
#farewells(or the team channel) on the termination date with a thank-you note from the manager.
#Leave Internal Note capturing all handoff details, final pay status, signature status.
#Create Linear Issue in the HR-Audit project documenting the offboarding for compliance.
Employee Offboarding
Playbooks
/
Employee Offboarding
Employee Offboarding
Created by
Console Team
Published
HR
Google Calendar
Workday
Rippling
+3
Trigger
Webhook — worker.terminated Variables: $employee.email, $employee.managerEmail, $employee.terminationDate, $employee.terminationType (voluntary / involuntary), $employee.personalEmail
Instructions
#Lookup Users on
$employee.emailwithincludeManagerandincludeGroups.Branch on
$employee.terminationType:Voluntary → run full sequence below.
Involuntary → skip exit interview, accelerate Drive transfer and document delivery to same day. Coordinate with security via #Send Channel Message to
#hr-security-sync.
Schedule exit interview:
#Custom Calendly Send Booking Link for a 45-min exit interview with HRBP, due before
$employee.terminationDate.#Send Direct Message to
$employee.emailwith the link and context.
File and calendar transition:
#Transfer Drive Files ownership to
$employee.managerEmail.#Custom Google Calendar Transfer Events for any recurring meetings owned by the employee to the manager.
#Out Of Office to set a custom auto-reply: "I'm no longer with the company. For {{team}} matters please contact {{manager.email}}."
Final paystub and payroll:
#Custom Workday/Rippling/Gusto Generate Final Paystub with last day worked and any PTO payout.
#Custom Workday Trigger Final Pay Recalc for unused PTO conversion and severance (if applicable).
#Send Email to
$employee.personalEmailwith the final paystub and benefits continuation info (COBRA).
Directory cleanup:
#Custom Update People Directory Remove to remove from the internal org chart.
#Custom Update Org Chart Reassign Reports to move any direct reports to the manager temporarily.
Separation paperwork:
#Custom DocuSign Send Separation Agreement with the appropriate template (voluntary / involuntary).
schedule_action wake at 7 days to check signature status; #Send Email reminder if unsigned.
Knowledge transfer:
#Send Direct Message to the manager: a checklist (project handoff doc, vendor relationships, ongoing commitments) with a #Trigger Form to confirm completion.
Recognition (voluntary only):
#Send Channel Message to
#farewells(or the team channel) on the termination date with a thank-you note from the manager.
#Leave Internal Note capturing all handoff details, final pay status, signature status.
#Create Linear Issue in the HR-Audit project documenting the offboarding for compliance.
Employee Offboarding
Playbooks
/
Employee Offboarding
Employee Offboarding
Created by
Console Team
Published
HR
Google Calendar
Workday
Rippling
+3
Trigger
Webhook — worker.terminated Variables: $employee.email, $employee.managerEmail, $employee.terminationDate, $employee.terminationType (voluntary / involuntary), $employee.personalEmail
Instructions
#Lookup Users on
$employee.emailwithincludeManagerandincludeGroups.Branch on
$employee.terminationType:Voluntary → run full sequence below.
Involuntary → skip exit interview, accelerate Drive transfer and document delivery to same day. Coordinate with security via #Send Channel Message to
#hr-security-sync.
Schedule exit interview:
#Custom Calendly Send Booking Link for a 45-min exit interview with HRBP, due before
$employee.terminationDate.#Send Direct Message to
$employee.emailwith the link and context.
File and calendar transition:
#Transfer Drive Files ownership to
$employee.managerEmail.#Custom Google Calendar Transfer Events for any recurring meetings owned by the employee to the manager.
#Out Of Office to set a custom auto-reply: "I'm no longer with the company. For {{team}} matters please contact {{manager.email}}."
Final paystub and payroll:
#Custom Workday/Rippling/Gusto Generate Final Paystub with last day worked and any PTO payout.
#Custom Workday Trigger Final Pay Recalc for unused PTO conversion and severance (if applicable).
#Send Email to
$employee.personalEmailwith the final paystub and benefits continuation info (COBRA).
Directory cleanup:
#Custom Update People Directory Remove to remove from the internal org chart.
#Custom Update Org Chart Reassign Reports to move any direct reports to the manager temporarily.
Separation paperwork:
#Custom DocuSign Send Separation Agreement with the appropriate template (voluntary / involuntary).
schedule_action wake at 7 days to check signature status; #Send Email reminder if unsigned.
Knowledge transfer:
#Send Direct Message to the manager: a checklist (project handoff doc, vendor relationships, ongoing commitments) with a #Trigger Form to confirm completion.
Recognition (voluntary only):
#Send Channel Message to
#farewells(or the team channel) on the termination date with a thank-you note from the manager.
#Leave Internal Note capturing all handoff details, final pay status, signature status.
#Create Linear Issue in the HR-Audit project documenting the offboarding for compliance.
Employee Offboarding
Playbooks
/
Employee Offboarding
Employee Offboarding
Created by
Console Team
Published
Security
Okta
Google Workspace Admin
Kandji
Trigger
Webhook — worker.terminated (parallel to IT-2 and HR-2) Variables: $employee.email, $employee.terminationDate, $employee.terminationType
Instructions
#Lookup Users on
$employee.emailwithincludeGroups,includeApps,includeManager.Immediate containment (executes regardless of termination type):
#Search Okta User by Email to resolve user ID.
#Reset User Factors (Custom) to invalidate device-bound factors.
#Custom Okta Suspend User (don't deactivate yet — let IT-2 handle full deactivation).
SSO-managed app revocations:
For each app in the user's
appslist that is Okta-managed: #Remove from Group for the entitlement group.
Non-SSO app coordination:
#Custom Get Non-SSO Apps for User from the SaaS inventory ingest.
For each non-SSO app: #Lookup Users for the app owner with
includeSlackId.#Send Direct Message to each app owner: "{{employee.name}} was terminated. Please revoke their access and confirm." with a #Trigger Form "Revoked / Already gone / Need help".
schedule_action wake at 24h to check app-owner responses:
For "Revoked" → log and exit.
For "Need help" → #Send Direct Message to security on-call to assist.
For no response → escalate to the app owner's manager via #Send Direct Message.
Force re-check at day 3 and day 7:
schedule_action wakes to re-query each non-SSO app's user list.
For any app where the user still appears: #Send Channel Message to
#securitywith the gap.
Mailbox sweep:
#Custom Google Workspace Forward to Manager for the employee's email for 30 days.
#Custom Google Workspace Audit Recent Activity to capture any post-termination activity (potential data exfil signal).
Device confirmation:
#List Devices (Kandji) by
assignedUserEmail.Confirm all are locked/wiped via IT-2 (custom Get Device Lock Status).
Final closure:
#Custom Generate Offboarding Audit Report with: all revoked apps, timestamps, app-owner confirmations, mailbox forwarding setup, device status.
#Custom Vanta Upload Evidence with the report.
#Send Channel Message to
#securityconfirming closure with the report link.#Create Linear Issue in the Security-Audit project with the full chain.
#Leave Internal Note capturing all actions and confirmation status.
Employee Offboarding
Playbooks
/
Employee Offboarding
Employee Offboarding
Created by
Console Team
Published
Security
Okta
Google Workspace Admin
Kandji
Trigger
Webhook — worker.terminated (parallel to IT-2 and HR-2) Variables: $employee.email, $employee.terminationDate, $employee.terminationType
Instructions
#Lookup Users on
$employee.emailwithincludeGroups,includeApps,includeManager.Immediate containment (executes regardless of termination type):
#Search Okta User by Email to resolve user ID.
#Reset User Factors (Custom) to invalidate device-bound factors.
#Custom Okta Suspend User (don't deactivate yet — let IT-2 handle full deactivation).
SSO-managed app revocations:
For each app in the user's
appslist that is Okta-managed: #Remove from Group for the entitlement group.
Non-SSO app coordination:
#Custom Get Non-SSO Apps for User from the SaaS inventory ingest.
For each non-SSO app: #Lookup Users for the app owner with
includeSlackId.#Send Direct Message to each app owner: "{{employee.name}} was terminated. Please revoke their access and confirm." with a #Trigger Form "Revoked / Already gone / Need help".
schedule_action wake at 24h to check app-owner responses:
For "Revoked" → log and exit.
For "Need help" → #Send Direct Message to security on-call to assist.
For no response → escalate to the app owner's manager via #Send Direct Message.
Force re-check at day 3 and day 7:
schedule_action wakes to re-query each non-SSO app's user list.
For any app where the user still appears: #Send Channel Message to
#securitywith the gap.
Mailbox sweep:
#Custom Google Workspace Forward to Manager for the employee's email for 30 days.
#Custom Google Workspace Audit Recent Activity to capture any post-termination activity (potential data exfil signal).
Device confirmation:
#List Devices (Kandji) by
assignedUserEmail.Confirm all are locked/wiped via IT-2 (custom Get Device Lock Status).
Final closure:
#Custom Generate Offboarding Audit Report with: all revoked apps, timestamps, app-owner confirmations, mailbox forwarding setup, device status.
#Custom Vanta Upload Evidence with the report.
#Send Channel Message to
#securityconfirming closure with the report link.#Create Linear Issue in the Security-Audit project with the full chain.
#Leave Internal Note capturing all actions and confirmation status.
Employee Offboarding
Playbooks
/
Employee Offboarding
Employee Offboarding
Created by
Console Team
Published
Security
Okta
Google Workspace Admin
Kandji
Trigger
Webhook — worker.terminated (parallel to IT-2 and HR-2) Variables: $employee.email, $employee.terminationDate, $employee.terminationType
Instructions
#Lookup Users on
$employee.emailwithincludeGroups,includeApps,includeManager.Immediate containment (executes regardless of termination type):
#Search Okta User by Email to resolve user ID.
#Reset User Factors (Custom) to invalidate device-bound factors.
#Custom Okta Suspend User (don't deactivate yet — let IT-2 handle full deactivation).
SSO-managed app revocations:
For each app in the user's
appslist that is Okta-managed: #Remove from Group for the entitlement group.
Non-SSO app coordination:
#Custom Get Non-SSO Apps for User from the SaaS inventory ingest.
For each non-SSO app: #Lookup Users for the app owner with
includeSlackId.#Send Direct Message to each app owner: "{{employee.name}} was terminated. Please revoke their access and confirm." with a #Trigger Form "Revoked / Already gone / Need help".
schedule_action wake at 24h to check app-owner responses:
For "Revoked" → log and exit.
For "Need help" → #Send Direct Message to security on-call to assist.
For no response → escalate to the app owner's manager via #Send Direct Message.
Force re-check at day 3 and day 7:
schedule_action wakes to re-query each non-SSO app's user list.
For any app where the user still appears: #Send Channel Message to
#securitywith the gap.
Mailbox sweep:
#Custom Google Workspace Forward to Manager for the employee's email for 30 days.
#Custom Google Workspace Audit Recent Activity to capture any post-termination activity (potential data exfil signal).
Device confirmation:
#List Devices (Kandji) by
assignedUserEmail.Confirm all are locked/wiped via IT-2 (custom Get Device Lock Status).
Final closure:
#Custom Generate Offboarding Audit Report with: all revoked apps, timestamps, app-owner confirmations, mailbox forwarding setup, device status.
#Custom Vanta Upload Evidence with the report.
#Send Channel Message to
#securityconfirming closure with the report link.#Create Linear Issue in the Security-Audit project with the full chain.
#Leave Internal Note capturing all actions and confirmation status.
Employment Verification
Playbooks
/
Employment Verification
Employment Verification
Created by
Console Team
Published
HR
Workday
DocuSign
Trigger
Requester needs an employment or income verification letter ("for my mortgage", "for my landlord", "for the visa lawyer").
Instructions
#Trigger Form to collect:
Purpose (mortgage / rental / visa / loan / other)
Verifying party name, email, fax
What to include (employment only / employment + salary / employment + salary + bonus)
Any specific format required by the verifier
Delivery preference (email to verifier directly, or email to requester)
#Lookup Users on the requester.
#Custom Workday Get Employment Data to pull: hire date, current title, current comp, employment status (FT/PT), location, manager.
If the request includes bonus / commission detail, #custom Workday Get YTD Compensation for the relevant breakdown.
Generate the letter:
#Custom Generate Verification Letter From Template action picks the right template based on purpose (mortgage / visa / rental).
Merge the Workday data into the template.
Route for signature:
#Custom DocuSign Send to HR Signer with the company's authorized signer (HRBP).
schedule_action wake at 24h; if unsigned, #Send Direct Message reminder to the signer.
On signature:
If delivery is "to verifier" → #custom Send Letter to Verifier action (email or fax based on form input).
If delivery is "to requester" → #Send Email to
$requester.emailwith the signed letter attached.
#Send Direct Message to the requester confirming delivery method, date sent, and verifier contact.
#Leave Internal Note capturing purpose, verifier, data included, delivery confirmation.
Employment Verification
Playbooks
/
Employment Verification
Employment Verification
Created by
Console Team
Published
HR
Workday
DocuSign
Trigger
Requester needs an employment or income verification letter ("for my mortgage", "for my landlord", "for the visa lawyer").
Instructions
#Trigger Form to collect:
Purpose (mortgage / rental / visa / loan / other)
Verifying party name, email, fax
What to include (employment only / employment + salary / employment + salary + bonus)
Any specific format required by the verifier
Delivery preference (email to verifier directly, or email to requester)
#Lookup Users on the requester.
#Custom Workday Get Employment Data to pull: hire date, current title, current comp, employment status (FT/PT), location, manager.
If the request includes bonus / commission detail, #custom Workday Get YTD Compensation for the relevant breakdown.
Generate the letter:
#Custom Generate Verification Letter From Template action picks the right template based on purpose (mortgage / visa / rental).
Merge the Workday data into the template.
Route for signature:
#Custom DocuSign Send to HR Signer with the company's authorized signer (HRBP).
schedule_action wake at 24h; if unsigned, #Send Direct Message reminder to the signer.
On signature:
If delivery is "to verifier" → #custom Send Letter to Verifier action (email or fax based on form input).
If delivery is "to requester" → #Send Email to
$requester.emailwith the signed letter attached.
#Send Direct Message to the requester confirming delivery method, date sent, and verifier contact.
#Leave Internal Note capturing purpose, verifier, data included, delivery confirmation.
Employment Verification
Playbooks
/
Employment Verification
Employment Verification
Created by
Console Team
Published
HR
Workday
DocuSign
Trigger
Requester needs an employment or income verification letter ("for my mortgage", "for my landlord", "for the visa lawyer").
Instructions
#Trigger Form to collect:
Purpose (mortgage / rental / visa / loan / other)
Verifying party name, email, fax
What to include (employment only / employment + salary / employment + salary + bonus)
Any specific format required by the verifier
Delivery preference (email to verifier directly, or email to requester)
#Lookup Users on the requester.
#Custom Workday Get Employment Data to pull: hire date, current title, current comp, employment status (FT/PT), location, manager.
If the request includes bonus / commission detail, #custom Workday Get YTD Compensation for the relevant breakdown.
Generate the letter:
#Custom Generate Verification Letter From Template action picks the right template based on purpose (mortgage / visa / rental).
Merge the Workday data into the template.
Route for signature:
#Custom DocuSign Send to HR Signer with the company's authorized signer (HRBP).
schedule_action wake at 24h; if unsigned, #Send Direct Message reminder to the signer.
On signature:
If delivery is "to verifier" → #custom Send Letter to Verifier action (email or fax based on form input).
If delivery is "to requester" → #Send Email to
$requester.emailwith the signed letter attached.
#Send Direct Message to the requester confirming delivery method, date sent, and verifier contact.
#Leave Internal Note capturing purpose, verifier, data included, delivery confirmation.
Endpoint Compliance Drift
Playbooks
/
Endpoint Compliance Drift
Endpoint Compliance Drift
Created by
Console Team
Published
Security
Okta
1Password
Kandji
+3
Trigger
Detection — scheduled scan every 6 hours
Instructions
#List Devices (Kandji) for all enrolled devices.
For each device, #Get Device Details and #Kandji Get Device Library Items Status for compliance posture.
#CrowdStrike Search Devices by serial to confirm EDR coverage.
Check compliance gates:
FileVault/BitLocker encryption enabled?
OS version within 2 releases of latest?
Required Kandji library items deployed?
CrowdStrike sensor running and healthy?
Required apps installed (e.g. 1Password, VPN)?
Last check-in within 7 days?
For each device failing one or more gates:
#Lookup Users on
device.assignedUserEmail.Skip if user is on leave or hire date < 14 days (grace period).
Check if this device was already flagged within the last 7 days (avoid spam).
Try auto-remediation first:
Encryption off → #Create Kandji Custom Script to re-enable FileVault.
OS outdated → #Create Kandji Custom Script to trigger software update with user notification.
Missing app → custom Kandji Reinstall Library Item.
EDR not running → #CrowdStrike: Init RTR Session + #CrowdStrike: RTR Run Script to restart the sensor.
Stale check-in → #Kandji Blank Push (Force Check-In).
#Send Direct Message to the user explaining what was fixed and what they need to do.
schedule_action wake at 24h to re-check compliance.
On wake, if still non-compliant:
#Send Direct Message to the user with stronger urgency.
schedule_action wake at 3 days.
On second wake (day 3), if still non-compliant:
#Send Direct Message to the user's manager.
#Create Linear Issue in the IT-Security project.
Day 7 escalation:
#Send Channel Message to
#securitywith the non-compliant device + user.#Custom Okta Conditional Access Block for non-compliant device (if policy permits).
#Custom Vanta Upload Evidence weekly with compliance stats.
#Leave Internal Note per device capturing the drift and remediation path.
Endpoint Compliance Drift
Playbooks
/
Endpoint Compliance Drift
Endpoint Compliance Drift
Created by
Console Team
Published
Security
Okta
1Password
Kandji
+3
Trigger
Detection — scheduled scan every 6 hours
Instructions
#List Devices (Kandji) for all enrolled devices.
For each device, #Get Device Details and #Kandji Get Device Library Items Status for compliance posture.
#CrowdStrike Search Devices by serial to confirm EDR coverage.
Check compliance gates:
FileVault/BitLocker encryption enabled?
OS version within 2 releases of latest?
Required Kandji library items deployed?
CrowdStrike sensor running and healthy?
Required apps installed (e.g. 1Password, VPN)?
Last check-in within 7 days?
For each device failing one or more gates:
#Lookup Users on
device.assignedUserEmail.Skip if user is on leave or hire date < 14 days (grace period).
Check if this device was already flagged within the last 7 days (avoid spam).
Try auto-remediation first:
Encryption off → #Create Kandji Custom Script to re-enable FileVault.
OS outdated → #Create Kandji Custom Script to trigger software update with user notification.
Missing app → custom Kandji Reinstall Library Item.
EDR not running → #CrowdStrike: Init RTR Session + #CrowdStrike: RTR Run Script to restart the sensor.
Stale check-in → #Kandji Blank Push (Force Check-In).
#Send Direct Message to the user explaining what was fixed and what they need to do.
schedule_action wake at 24h to re-check compliance.
On wake, if still non-compliant:
#Send Direct Message to the user with stronger urgency.
schedule_action wake at 3 days.
On second wake (day 3), if still non-compliant:
#Send Direct Message to the user's manager.
#Create Linear Issue in the IT-Security project.
Day 7 escalation:
#Send Channel Message to
#securitywith the non-compliant device + user.#Custom Okta Conditional Access Block for non-compliant device (if policy permits).
#Custom Vanta Upload Evidence weekly with compliance stats.
#Leave Internal Note per device capturing the drift and remediation path.
Endpoint Compliance Drift
Playbooks
/
Endpoint Compliance Drift
Endpoint Compliance Drift
Created by
Console Team
Published
Security
Okta
1Password
Kandji
+3
Trigger
Detection — scheduled scan every 6 hours
Instructions
#List Devices (Kandji) for all enrolled devices.
For each device, #Get Device Details and #Kandji Get Device Library Items Status for compliance posture.
#CrowdStrike Search Devices by serial to confirm EDR coverage.
Check compliance gates:
FileVault/BitLocker encryption enabled?
OS version within 2 releases of latest?
Required Kandji library items deployed?
CrowdStrike sensor running and healthy?
Required apps installed (e.g. 1Password, VPN)?
Last check-in within 7 days?
For each device failing one or more gates:
#Lookup Users on
device.assignedUserEmail.Skip if user is on leave or hire date < 14 days (grace period).
Check if this device was already flagged within the last 7 days (avoid spam).
Try auto-remediation first:
Encryption off → #Create Kandji Custom Script to re-enable FileVault.
OS outdated → #Create Kandji Custom Script to trigger software update with user notification.
Missing app → custom Kandji Reinstall Library Item.
EDR not running → #CrowdStrike: Init RTR Session + #CrowdStrike: RTR Run Script to restart the sensor.
Stale check-in → #Kandji Blank Push (Force Check-In).
#Send Direct Message to the user explaining what was fixed and what they need to do.
schedule_action wake at 24h to re-check compliance.
On wake, if still non-compliant:
#Send Direct Message to the user with stronger urgency.
schedule_action wake at 3 days.
On second wake (day 3), if still non-compliant:
#Send Direct Message to the user's manager.
#Create Linear Issue in the IT-Security project.
Day 7 escalation:
#Send Channel Message to
#securitywith the non-compliant device + user.#Custom Okta Conditional Access Block for non-compliant device (if policy permits).
#Custom Vanta Upload Evidence weekly with compliance stats.
#Leave Internal Note per device capturing the drift and remediation path.
Engagement & Pulse Surveys
Playbooks
/
Engagement & Pulse Surveys
Engagement & Pulse Surveys
Created by
Console Team
Published
HR
Workday
Trigger
Scheduled — quarterly eNPS (every 90 days) or monthly pulse (1st of each month)
Instructions
Determine survey type and target cohort:
eNPS → all employees with tenure >30 days.
Pulse → specific team or all employees with tenure >90 days.
Targeted pulse → custom criteria from a stored config.
#Custom Workday Query Workers with filters (tenure, team, location) to get the cohort.
#Custom Culture Amp Create Survey Run with the survey template and cohort.
For each cohort member:
#Send Direct Message with the survey link, time estimate, anonymity statement, deadline.
schedule_action wakes at day 3, 7, 10 (close at day 14):
#Custom Culture Amp Get Response Status to identify non-respondents.
#Send Direct Message reminder (skip those who completed).
At close:
For each manager: #Send Direct Message with their team's private results (min 5 respondents for anonymity).
For HRBP: full org cut.
Flag concerning drops:
For any team with a score drop >10% week-over-week or compared to last cycle, #Send Channel Message to
#hrbp-alertswith the team and the drop.#Custom Generate Drop Analysis with possible signals (recent changes, attrition, etc.) attached to the alert.
Post org-wide summary:
#Send Channel Message to
#peoplewith high-level trends (no team-level data) and a link to the leadership deck.
#Leave Internal Note capturing run dates, response rate, key shifts.
Engagement & Pulse Surveys
Playbooks
/
Engagement & Pulse Surveys
Engagement & Pulse Surveys
Created by
Console Team
Published
HR
Workday
Trigger
Scheduled — quarterly eNPS (every 90 days) or monthly pulse (1st of each month)
Instructions
Determine survey type and target cohort:
eNPS → all employees with tenure >30 days.
Pulse → specific team or all employees with tenure >90 days.
Targeted pulse → custom criteria from a stored config.
#Custom Workday Query Workers with filters (tenure, team, location) to get the cohort.
#Custom Culture Amp Create Survey Run with the survey template and cohort.
For each cohort member:
#Send Direct Message with the survey link, time estimate, anonymity statement, deadline.
schedule_action wakes at day 3, 7, 10 (close at day 14):
#Custom Culture Amp Get Response Status to identify non-respondents.
#Send Direct Message reminder (skip those who completed).
At close:
For each manager: #Send Direct Message with their team's private results (min 5 respondents for anonymity).
For HRBP: full org cut.
Flag concerning drops:
For any team with a score drop >10% week-over-week or compared to last cycle, #Send Channel Message to
#hrbp-alertswith the team and the drop.#Custom Generate Drop Analysis with possible signals (recent changes, attrition, etc.) attached to the alert.
Post org-wide summary:
#Send Channel Message to
#peoplewith high-level trends (no team-level data) and a link to the leadership deck.
#Leave Internal Note capturing run dates, response rate, key shifts.
Engagement & Pulse Surveys
Playbooks
/
Engagement & Pulse Surveys
Engagement & Pulse Surveys
Created by
Console Team
Published
HR
Workday
Trigger
Scheduled — quarterly eNPS (every 90 days) or monthly pulse (1st of each month)
Instructions
Determine survey type and target cohort:
eNPS → all employees with tenure >30 days.
Pulse → specific team or all employees with tenure >90 days.
Targeted pulse → custom criteria from a stored config.
#Custom Workday Query Workers with filters (tenure, team, location) to get the cohort.
#Custom Culture Amp Create Survey Run with the survey template and cohort.
For each cohort member:
#Send Direct Message with the survey link, time estimate, anonymity statement, deadline.
schedule_action wakes at day 3, 7, 10 (close at day 14):
#Custom Culture Amp Get Response Status to identify non-respondents.
#Send Direct Message reminder (skip those who completed).
At close:
For each manager: #Send Direct Message with their team's private results (min 5 respondents for anonymity).
For HRBP: full org cut.
Flag concerning drops:
For any team with a score drop >10% week-over-week or compared to last cycle, #Send Channel Message to
#hrbp-alertswith the team and the drop.#Custom Generate Drop Analysis with possible signals (recent changes, attrition, etc.) attached to the alert.
Post org-wide summary:
#Send Channel Message to
#peoplewith high-level trends (no team-level data) and a link to the leadership deck.
#Leave Internal Note capturing run dates, response rate, key shifts.
Equity & Stock Option Support
Playbooks
/
Equity & Stock Option Support
Equity & Stock Option Support
Created by
Console Team
Published
Finance
NetSuite
Trigger
Requester asks about equity.
Instructions
#Lookup Users to confirm equity eligibility.
Parse question type.
Pull from Carta:
Compute answer:
Vesting: next vest, amount, total vested, remaining.
Value: vested at current 409A.
Exercise: eligible options, exercise price, current 409A, AMT/tax notes (recommend CPA).
Tax: ISO vs NSO, AMT, 83b — encourage tax advisor.
#Send Direct Message with numbers, dates, Carta link, "consult CPA" note.
For exercise requests:
#Trigger Form for options to exercise, method, tax acknowledgement.
#Request Approval from finance ops + stock plan admin.
On approval: custom Carta Initiate Exercise.
DM with confirmation, settlement timing, 3921 timing.
Complex cases → #Prompt for Handoff to CFO/stock plan admin.
Equity & Stock Option Support
Playbooks
/
Equity & Stock Option Support
Equity & Stock Option Support
Created by
Console Team
Published
Finance
NetSuite
Trigger
Requester asks about equity.
Instructions
#Lookup Users to confirm equity eligibility.
Parse question type.
Pull from Carta:
Compute answer:
Vesting: next vest, amount, total vested, remaining.
Value: vested at current 409A.
Exercise: eligible options, exercise price, current 409A, AMT/tax notes (recommend CPA).
Tax: ISO vs NSO, AMT, 83b — encourage tax advisor.
#Send Direct Message with numbers, dates, Carta link, "consult CPA" note.
For exercise requests:
#Trigger Form for options to exercise, method, tax acknowledgement.
#Request Approval from finance ops + stock plan admin.
On approval: custom Carta Initiate Exercise.
DM with confirmation, settlement timing, 3921 timing.
Complex cases → #Prompt for Handoff to CFO/stock plan admin.
Equity & Stock Option Support
Playbooks
/
Equity & Stock Option Support
Equity & Stock Option Support
Created by
Console Team
Published
Finance
NetSuite
Trigger
Requester asks about equity.
Instructions
#Lookup Users to confirm equity eligibility.
Parse question type.
Pull from Carta:
Compute answer:
Vesting: next vest, amount, total vested, remaining.
Value: vested at current 409A.
Exercise: eligible options, exercise price, current 409A, AMT/tax notes (recommend CPA).
Tax: ISO vs NSO, AMT, 83b — encourage tax advisor.
#Send Direct Message with numbers, dates, Carta link, "consult CPA" note.
For exercise requests:
#Trigger Form for options to exercise, method, tax acknowledgement.
#Request Approval from finance ops + stock plan admin.
On approval: custom Carta Initiate Exercise.
DM with confirmation, settlement timing, 3921 timing.
Complex cases → #Prompt for Handoff to CFO/stock plan admin.
Expansion Signal Detection
Playbooks
/
Expansion Signal Detection
Expansion Signal Detection
Created by
Console Team
Published
RevOps
HubSpot
Plain
+1
Trigger
Detection — scheduled every 4 hours + webhook from product analytics
Instructions
Pull signals in parallel:
Usage threshold: #custom Product Analytics Query Usage Triggers for customers crossing key thresholds (e.g. seat utilization >90%, API calls >limit).
New champion: #custom LinkedIn Sales Nav Get New Senior Hires for existing customer accounts.
RFP keyword in support: #Search Plain Threads for
RFP,expansion,more seats,scale up,additional users.Multi-team adoption: #custom Product Analytics Get Cross-Team Adoption for customers using product across multiple departments.
Health score increase: #custom Gainsight Get Health Improvements.
For each signal:
Resolve the account: #Search HubSpot Companies by domain/name.
#Lookup Users on the assigned AE + CSM.
Skip if the account had an expansion deal closed in the last 60 days.
Compose the signal brief:
Account name + tier.
Signal type + detail (e.g. "Used 95% of 50 seats" / "VP of Engineering hired" / "RFP mentioned in ticket #123").
Recommended next step (e.g. "Schedule expansion conversation" / "Proactive seat-true-up call" / "Send case study X").
Account context (current ACV, last expansion, account health, primary use case).
#Send Direct Message to the AE + CSM with the signal brief.
Offer follow-up:
"Want to draft an outreach email to the new champion?"
"Want to generate an expansion proposal?"
"Want to log this as a customer story?"
#Create HubSpot Note on Company with the signal captured.
#Send Channel Message to
#expansion-signalsfor visibility.schedule_action wake at 7 days to check if AE/CSM acted.
On wake: if no activity, #Send Direct Message reminder.
Expansion Signal Detection
Playbooks
/
Expansion Signal Detection
Expansion Signal Detection
Created by
Console Team
Published
RevOps
HubSpot
Plain
+1
Trigger
Detection — scheduled every 4 hours + webhook from product analytics
Instructions
Pull signals in parallel:
Usage threshold: #custom Product Analytics Query Usage Triggers for customers crossing key thresholds (e.g. seat utilization >90%, API calls >limit).
New champion: #custom LinkedIn Sales Nav Get New Senior Hires for existing customer accounts.
RFP keyword in support: #Search Plain Threads for
RFP,expansion,more seats,scale up,additional users.Multi-team adoption: #custom Product Analytics Get Cross-Team Adoption for customers using product across multiple departments.
Health score increase: #custom Gainsight Get Health Improvements.
For each signal:
Resolve the account: #Search HubSpot Companies by domain/name.
#Lookup Users on the assigned AE + CSM.
Skip if the account had an expansion deal closed in the last 60 days.
Compose the signal brief:
Account name + tier.
Signal type + detail (e.g. "Used 95% of 50 seats" / "VP of Engineering hired" / "RFP mentioned in ticket #123").
Recommended next step (e.g. "Schedule expansion conversation" / "Proactive seat-true-up call" / "Send case study X").
Account context (current ACV, last expansion, account health, primary use case).
#Send Direct Message to the AE + CSM with the signal brief.
Offer follow-up:
"Want to draft an outreach email to the new champion?"
"Want to generate an expansion proposal?"
"Want to log this as a customer story?"
#Create HubSpot Note on Company with the signal captured.
#Send Channel Message to
#expansion-signalsfor visibility.schedule_action wake at 7 days to check if AE/CSM acted.
On wake: if no activity, #Send Direct Message reminder.
Expansion Signal Detection
Playbooks
/
Expansion Signal Detection
Expansion Signal Detection
Created by
Console Team
Published
RevOps
HubSpot
Plain
+1
Trigger
Detection — scheduled every 4 hours + webhook from product analytics
Instructions
Pull signals in parallel:
Usage threshold: #custom Product Analytics Query Usage Triggers for customers crossing key thresholds (e.g. seat utilization >90%, API calls >limit).
New champion: #custom LinkedIn Sales Nav Get New Senior Hires for existing customer accounts.
RFP keyword in support: #Search Plain Threads for
RFP,expansion,more seats,scale up,additional users.Multi-team adoption: #custom Product Analytics Get Cross-Team Adoption for customers using product across multiple departments.
Health score increase: #custom Gainsight Get Health Improvements.
For each signal:
Resolve the account: #Search HubSpot Companies by domain/name.
#Lookup Users on the assigned AE + CSM.
Skip if the account had an expansion deal closed in the last 60 days.
Compose the signal brief:
Account name + tier.
Signal type + detail (e.g. "Used 95% of 50 seats" / "VP of Engineering hired" / "RFP mentioned in ticket #123").
Recommended next step (e.g. "Schedule expansion conversation" / "Proactive seat-true-up call" / "Send case study X").
Account context (current ACV, last expansion, account health, primary use case).
#Send Direct Message to the AE + CSM with the signal brief.
Offer follow-up:
"Want to draft an outreach email to the new champion?"
"Want to generate an expansion proposal?"
"Want to log this as a customer story?"
#Create HubSpot Note on Company with the signal captured.
#Send Channel Message to
#expansion-signalsfor visibility.schedule_action wake at 7 days to check if AE/CSM acted.
On wake: if no activity, #Send Direct Message reminder.
Expense Submission & Approval
Playbooks
/
Expense Submission & Approval
Expense Submission & Approval
Created by
Console Team
Published
Finance
Ramp
NetSuite
Trigger
Requester submits expenses.
Instructions
#Trigger Form for expense type, receipts (upload), amount, date(s), cost center, business purpose, attendees if meal.
#Lookup Users with
includeManager.Parse receipts:
#Custom Ramp Parse Receipt for OCR.
Validate against form inputs; ask requester to confirm mismatches.
Policy validation:
#Search Knowledge Base for T&E policy.
#Custom Validate Against T&E Policy with amount, category, attendees, location.
Checks: per-meal limits, alcohol policy, mileage, per diems, home office caps.
Violations → #Send Direct Message with options (revise / submit with override request).
Approval path:
Auto-approve under $X if compliant.
Manager approval otherwise.
Finance approval over $5k or any flag.
On approval:
#Custom NetSuite Create Expense Report with line items + GL coding + cost center.
Card matches existing Ramp transaction; out-of-pocket queues for reimbursement.
#Send Direct Message to requester with status, expected reimbursement, NetSuite link.
Expense Submission & Approval
Playbooks
/
Expense Submission & Approval
Expense Submission & Approval
Created by
Console Team
Published
Finance
Ramp
NetSuite
Trigger
Requester submits expenses.
Instructions
#Trigger Form for expense type, receipts (upload), amount, date(s), cost center, business purpose, attendees if meal.
#Lookup Users with
includeManager.Parse receipts:
#Custom Ramp Parse Receipt for OCR.
Validate against form inputs; ask requester to confirm mismatches.
Policy validation:
#Search Knowledge Base for T&E policy.
#Custom Validate Against T&E Policy with amount, category, attendees, location.
Checks: per-meal limits, alcohol policy, mileage, per diems, home office caps.
Violations → #Send Direct Message with options (revise / submit with override request).
Approval path:
Auto-approve under $X if compliant.
Manager approval otherwise.
Finance approval over $5k or any flag.
On approval:
#Custom NetSuite Create Expense Report with line items + GL coding + cost center.
Card matches existing Ramp transaction; out-of-pocket queues for reimbursement.
#Send Direct Message to requester with status, expected reimbursement, NetSuite link.
Expense Submission & Approval
Playbooks
/
Expense Submission & Approval
Expense Submission & Approval
Created by
Console Team
Published
Finance
Ramp
NetSuite
Trigger
Requester submits expenses.
Instructions
#Trigger Form for expense type, receipts (upload), amount, date(s), cost center, business purpose, attendees if meal.
#Lookup Users with
includeManager.Parse receipts:
#Custom Ramp Parse Receipt for OCR.
Validate against form inputs; ask requester to confirm mismatches.
Policy validation:
#Search Knowledge Base for T&E policy.
#Custom Validate Against T&E Policy with amount, category, attendees, location.
Checks: per-meal limits, alcohol policy, mileage, per diems, home office caps.
Violations → #Send Direct Message with options (revise / submit with override request).
Approval path:
Auto-approve under $X if compliant.
Manager approval otherwise.
Finance approval over $5k or any flag.
On approval:
#Custom NetSuite Create Expense Report with line items + GL coding + cost center.
Card matches existing Ramp transaction; out-of-pocket queues for reimbursement.
#Send Direct Message to requester with status, expected reimbursement, NetSuite link.
GitHub Outside-Collaborator Review
Playbooks
/
GitHub Outside-Collaborator Review
GitHub Outside-Collaborator Review
Created by
Console Team
Published
Security
GitHub
Vanta
Trigger
Scheduled — every Monday at 9:00 AM America/Chicago
Instructions
#Custom GitHub List Outside Collaborators at org level to get all non-employee accounts with repo access.
For each outside collaborator:
Capture: GitHub login, email (if visible), repos with access, permission level, last activity.
Cross-reference against employees:
#Lookup Users for each outside collaborator's email.
If matches an active employee → flag as "should be inside collaborator" and skip ownership review.
For confirmed outside collaborators:
#List Repositories to get repo metadata.
#Custom GitHub Get Repo Owner via CODEOWNERS file or repo settings.
Group findings by repo owner.
For each repo owner, #Lookup Users with
includeSlackId.#Send Direct Message to each owner with their list:
"{{collaborator}}: {{repos}}, last active {{date}}"
#Trigger Form per collaborator: "Keep" / "Revoke" / "Convert to inside (employee)".
schedule_action wake at 5 days for response.
On wake, execute decisions:
Keep → log and exit; capture justification.
Revoke → #Remove User from Repo for each repo, or #Remove User from Org if all repos revoked.
Convert → #custom GitHub Add Org Member + remove outside-collab status.
No response → escalate at day 7 to repo owner's manager; revoke at day 10 if still no response.
#Custom Vanta Log Access Review with the outside-collab decisions.
#Send Channel Message to
#securityweekly summary: total reviewed, kept, revoked, escalated.#Leave Internal Note capturing the cycle.
GitHub Outside-Collaborator Review
Playbooks
/
GitHub Outside-Collaborator Review
GitHub Outside-Collaborator Review
Created by
Console Team
Published
Security
GitHub
Vanta
Trigger
Scheduled — every Monday at 9:00 AM America/Chicago
Instructions
#Custom GitHub List Outside Collaborators at org level to get all non-employee accounts with repo access.
For each outside collaborator:
Capture: GitHub login, email (if visible), repos with access, permission level, last activity.
Cross-reference against employees:
#Lookup Users for each outside collaborator's email.
If matches an active employee → flag as "should be inside collaborator" and skip ownership review.
For confirmed outside collaborators:
#List Repositories to get repo metadata.
#Custom GitHub Get Repo Owner via CODEOWNERS file or repo settings.
Group findings by repo owner.
For each repo owner, #Lookup Users with
includeSlackId.#Send Direct Message to each owner with their list:
"{{collaborator}}: {{repos}}, last active {{date}}"
#Trigger Form per collaborator: "Keep" / "Revoke" / "Convert to inside (employee)".
schedule_action wake at 5 days for response.
On wake, execute decisions:
Keep → log and exit; capture justification.
Revoke → #Remove User from Repo for each repo, or #Remove User from Org if all repos revoked.
Convert → #custom GitHub Add Org Member + remove outside-collab status.
No response → escalate at day 7 to repo owner's manager; revoke at day 10 if still no response.
#Custom Vanta Log Access Review with the outside-collab decisions.
#Send Channel Message to
#securityweekly summary: total reviewed, kept, revoked, escalated.#Leave Internal Note capturing the cycle.
GitHub Outside-Collaborator Review
Playbooks
/
GitHub Outside-Collaborator Review
GitHub Outside-Collaborator Review
Created by
Console Team
Published
Security
GitHub
Vanta
Trigger
Scheduled — every Monday at 9:00 AM America/Chicago
Instructions
#Custom GitHub List Outside Collaborators at org level to get all non-employee accounts with repo access.
For each outside collaborator:
Capture: GitHub login, email (if visible), repos with access, permission level, last activity.
Cross-reference against employees:
#Lookup Users for each outside collaborator's email.
If matches an active employee → flag as "should be inside collaborator" and skip ownership review.
For confirmed outside collaborators:
#List Repositories to get repo metadata.
#Custom GitHub Get Repo Owner via CODEOWNERS file or repo settings.
Group findings by repo owner.
For each repo owner, #Lookup Users with
includeSlackId.#Send Direct Message to each owner with their list:
"{{collaborator}}: {{repos}}, last active {{date}}"
#Trigger Form per collaborator: "Keep" / "Revoke" / "Convert to inside (employee)".
schedule_action wake at 5 days for response.
On wake, execute decisions:
Keep → log and exit; capture justification.
Revoke → #Remove User from Repo for each repo, or #Remove User from Org if all repos revoked.
Convert → #custom GitHub Add Org Member + remove outside-collab status.
No response → escalate at day 7 to repo owner's manager; revoke at day 10 if still no response.
#Custom Vanta Log Access Review with the outside-collab decisions.
#Send Channel Message to
#securityweekly summary: total reviewed, kept, revoked, escalated.#Leave Internal Note capturing the cycle.
Hardware Troubleshooting
Playbooks
/
Hardware Troubleshooting
Hardware Troubleshooting
Created by
Console Team
Published
IT
Kandji
Trigger
User reports a hardware issue (external monitor not detecting, Bluetooth keyboard won't pair, Zoom is choppy, audio drops).
Instructions
#Lookup Users on the requester to identify the user.
#List Devices (Kandji) filtered by
assignedUserEmailto find their device(s).#Trigger Form to collect:
Symptom (peripheral / display / audio / network / performance)
When it started
What they've already tried
#Get Device Details (Kandji) and #Get Device Parameters to pull current state.
#Kandji Get Device Library Items Status to confirm required drivers/profiles are installed.
#Search Knowledge Base for the symptom + device model for any known internal fixes.
If no KB hit: #Web Research vendor docs (apple.com, Microsoft Learn, Dell, Logitech) for the specific symptom.
Walk the user through fixes step-by-step via #Send Direct Message:
For peripherals → reset / re-pair / reinstall driver
For display → NVRAM reset, check cable, try alternate port
For audio/video → reset Core Audio / Windows audio service via Kandji script
For performance → free up RAM, check Activity Monitor / Task Manager
After each step, ask "did that fix it?" via #Send Direct Message.
If fixed → #Resolve Request.
If hardware-failure signature detected → kick off IT-15 RMA & Repair flow.
If still unresolved after exhausting steps → #Escalate Request to a human IT technician.
#Leave Internal Note capturing the diagnosis trail and resolution path.
Hardware Troubleshooting
Playbooks
/
Hardware Troubleshooting
Hardware Troubleshooting
Created by
Console Team
Published
IT
Kandji
Trigger
User reports a hardware issue (external monitor not detecting, Bluetooth keyboard won't pair, Zoom is choppy, audio drops).
Instructions
#Lookup Users on the requester to identify the user.
#List Devices (Kandji) filtered by
assignedUserEmailto find their device(s).#Trigger Form to collect:
Symptom (peripheral / display / audio / network / performance)
When it started
What they've already tried
#Get Device Details (Kandji) and #Get Device Parameters to pull current state.
#Kandji Get Device Library Items Status to confirm required drivers/profiles are installed.
#Search Knowledge Base for the symptom + device model for any known internal fixes.
If no KB hit: #Web Research vendor docs (apple.com, Microsoft Learn, Dell, Logitech) for the specific symptom.
Walk the user through fixes step-by-step via #Send Direct Message:
For peripherals → reset / re-pair / reinstall driver
For display → NVRAM reset, check cable, try alternate port
For audio/video → reset Core Audio / Windows audio service via Kandji script
For performance → free up RAM, check Activity Monitor / Task Manager
After each step, ask "did that fix it?" via #Send Direct Message.
If fixed → #Resolve Request.
If hardware-failure signature detected → kick off IT-15 RMA & Repair flow.
If still unresolved after exhausting steps → #Escalate Request to a human IT technician.
#Leave Internal Note capturing the diagnosis trail and resolution path.
Hardware Troubleshooting
Playbooks
/
Hardware Troubleshooting
Hardware Troubleshooting
Created by
Console Team
Published
IT
Kandji
Trigger
User reports a hardware issue (external monitor not detecting, Bluetooth keyboard won't pair, Zoom is choppy, audio drops).
Instructions
#Lookup Users on the requester to identify the user.
#List Devices (Kandji) filtered by
assignedUserEmailto find their device(s).#Trigger Form to collect:
Symptom (peripheral / display / audio / network / performance)
When it started
What they've already tried
#Get Device Details (Kandji) and #Get Device Parameters to pull current state.
#Kandji Get Device Library Items Status to confirm required drivers/profiles are installed.
#Search Knowledge Base for the symptom + device model for any known internal fixes.
If no KB hit: #Web Research vendor docs (apple.com, Microsoft Learn, Dell, Logitech) for the specific symptom.
Walk the user through fixes step-by-step via #Send Direct Message:
For peripherals → reset / re-pair / reinstall driver
For display → NVRAM reset, check cable, try alternate port
For audio/video → reset Core Audio / Windows audio service via Kandji script
For performance → free up RAM, check Activity Monitor / Task Manager
After each step, ask "did that fix it?" via #Send Direct Message.
If fixed → #Resolve Request.
If hardware-failure signature detected → kick off IT-15 RMA & Repair flow.
If still unresolved after exhausting steps → #Escalate Request to a human IT technician.
#Leave Internal Note capturing the diagnosis trail and resolution path.
HR Policy & Benefits Q&A
Playbooks
/
HR Policy & Benefits Q&A
HR Policy & Benefits Q&A
Created by
Console Team
Published
HR
Trigger
Requester asks a benefits / handbook / leave / pay / policy question.
Instructions
#Lookup Users on the requester to get
location(for region-specific policies),department, andtenure.#Search Knowledge Base with the user's question as the query.
For multi-region benefits content (parental leave, holidays, healthcare), filter to the requester's
location. If multiple regions match, surface labeled variants.#Expand Knowledge Base Article for the top hit if more depth is needed.
Compose the answer in #Send Direct Message:
Direct answer first (e.g. "You accrue 1.66 PTO days per month.")
Personalized context if available (e.g. "Based on your tenure, you're eligible for...").
Quoted source paragraph from the KB.
Source link to the policy doc.
Ask if the answer resolved their question via a follow-up message.
If user confirms → #Resolve Request.
If user has follow-up questions or the policy is ambiguous:
For simple clarifications, loop back to step 2.
For complex / personal cases, #Prompt for Handoff to the benefits coordinator or HRBP based on topic.
If no relevant KB hit at all:
#Send Direct Message explaining the limitation and #Prompt for Handoff to HR.
#Leave Internal Note capturing the KB articles surfaced and resolution path.
HR Policy & Benefits Q&A
Playbooks
/
HR Policy & Benefits Q&A
HR Policy & Benefits Q&A
Created by
Console Team
Published
HR
Trigger
Requester asks a benefits / handbook / leave / pay / policy question.
Instructions
#Lookup Users on the requester to get
location(for region-specific policies),department, andtenure.#Search Knowledge Base with the user's question as the query.
For multi-region benefits content (parental leave, holidays, healthcare), filter to the requester's
location. If multiple regions match, surface labeled variants.#Expand Knowledge Base Article for the top hit if more depth is needed.
Compose the answer in #Send Direct Message:
Direct answer first (e.g. "You accrue 1.66 PTO days per month.")
Personalized context if available (e.g. "Based on your tenure, you're eligible for...").
Quoted source paragraph from the KB.
Source link to the policy doc.
Ask if the answer resolved their question via a follow-up message.
If user confirms → #Resolve Request.
If user has follow-up questions or the policy is ambiguous:
For simple clarifications, loop back to step 2.
For complex / personal cases, #Prompt for Handoff to the benefits coordinator or HRBP based on topic.
If no relevant KB hit at all:
#Send Direct Message explaining the limitation and #Prompt for Handoff to HR.
#Leave Internal Note capturing the KB articles surfaced and resolution path.
HR Policy & Benefits Q&A
Playbooks
/
HR Policy & Benefits Q&A
HR Policy & Benefits Q&A
Created by
Console Team
Published
HR
Trigger
Requester asks a benefits / handbook / leave / pay / policy question.
Instructions
#Lookup Users on the requester to get
location(for region-specific policies),department, andtenure.#Search Knowledge Base with the user's question as the query.
For multi-region benefits content (parental leave, holidays, healthcare), filter to the requester's
location. If multiple regions match, surface labeled variants.#Expand Knowledge Base Article for the top hit if more depth is needed.
Compose the answer in #Send Direct Message:
Direct answer first (e.g. "You accrue 1.66 PTO days per month.")
Personalized context if available (e.g. "Based on your tenure, you're eligible for...").
Quoted source paragraph from the KB.
Source link to the policy doc.
Ask if the answer resolved their question via a follow-up message.
If user confirms → #Resolve Request.
If user has follow-up questions or the policy is ambiguous:
For simple clarifications, loop back to step 2.
For complex / personal cases, #Prompt for Handoff to the benefits coordinator or HRBP based on topic.
If no relevant KB hit at all:
#Send Direct Message explaining the limitation and #Prompt for Handoff to HR.
#Leave Internal Note capturing the KB articles surfaced and resolution path.
I-9 / Right-to-Work
Playbooks
/
I-9 / Right-to-Work
I-9 / Right-to-Work
Created by
Console Team
Published
HR
Workday
Vanta
Linear
+1
Trigger
Scheduled — every day at 9:00 AM America/Chicago
Instructions
#Custom Workday Query New Hires for hires at exactly day 1, day 2, and day 3 from their start date, in US locations.
For each new hire:
#Custom Workday Get I-9 Status to check if I-9 is verified.
Skip if already verified.
Day 1:
#Send Direct Message to the new hire with: I-9 deadline explanation (day 3 federal requirement), DocuSign upload link, what documents are acceptable, where to find the doc list.
#Custom DocuSign Send I-9 Section 1 if not yet sent.
Day 2:
If still unverified, #Send Direct Message with a more urgent reminder.
#Send Direct Message to the new hire's manager flagging the upcoming deadline.
Day 3 (deadline day):
If still unverified:
#Send Channel Message to
#hrbpwith employee name, manager, and deadline status.#Send Direct Message to HRBP for direct intervention.
#Custom DocuSign Send I-9 Section 2 to HRBP for in-person verification scheduling.
On completion:
#Custom Workday Mark I-9 Verified with the docs reviewed and dates.
#Custom Vanta Upload Evidence for compliance audit trail.
#Send Direct Message to the new hire confirming.
If not completed by day 3:
#Create Linear Issue in the HR-Compliance project with severity High for HRBP to handle.
#Send Channel Message to
#hr-complianceflagging the audit risk.
#Leave Internal Note capturing dates, escalation path, completion.
I-9 / Right-to-Work
Playbooks
/
I-9 / Right-to-Work
I-9 / Right-to-Work
Created by
Console Team
Published
HR
Workday
Vanta
Linear
+1
Trigger
Scheduled — every day at 9:00 AM America/Chicago
Instructions
#Custom Workday Query New Hires for hires at exactly day 1, day 2, and day 3 from their start date, in US locations.
For each new hire:
#Custom Workday Get I-9 Status to check if I-9 is verified.
Skip if already verified.
Day 1:
#Send Direct Message to the new hire with: I-9 deadline explanation (day 3 federal requirement), DocuSign upload link, what documents are acceptable, where to find the doc list.
#Custom DocuSign Send I-9 Section 1 if not yet sent.
Day 2:
If still unverified, #Send Direct Message with a more urgent reminder.
#Send Direct Message to the new hire's manager flagging the upcoming deadline.
Day 3 (deadline day):
If still unverified:
#Send Channel Message to
#hrbpwith employee name, manager, and deadline status.#Send Direct Message to HRBP for direct intervention.
#Custom DocuSign Send I-9 Section 2 to HRBP for in-person verification scheduling.
On completion:
#Custom Workday Mark I-9 Verified with the docs reviewed and dates.
#Custom Vanta Upload Evidence for compliance audit trail.
#Send Direct Message to the new hire confirming.
If not completed by day 3:
#Create Linear Issue in the HR-Compliance project with severity High for HRBP to handle.
#Send Channel Message to
#hr-complianceflagging the audit risk.
#Leave Internal Note capturing dates, escalation path, completion.
I-9 / Right-to-Work
Playbooks
/
I-9 / Right-to-Work
I-9 / Right-to-Work
Created by
Console Team
Published
HR
Workday
Vanta
Linear
+1
Trigger
Scheduled — every day at 9:00 AM America/Chicago
Instructions
#Custom Workday Query New Hires for hires at exactly day 1, day 2, and day 3 from their start date, in US locations.
For each new hire:
#Custom Workday Get I-9 Status to check if I-9 is verified.
Skip if already verified.
Day 1:
#Send Direct Message to the new hire with: I-9 deadline explanation (day 3 federal requirement), DocuSign upload link, what documents are acceptable, where to find the doc list.
#Custom DocuSign Send I-9 Section 1 if not yet sent.
Day 2:
If still unverified, #Send Direct Message with a more urgent reminder.
#Send Direct Message to the new hire's manager flagging the upcoming deadline.
Day 3 (deadline day):
If still unverified:
#Send Channel Message to
#hrbpwith employee name, manager, and deadline status.#Send Direct Message to HRBP for direct intervention.
#Custom DocuSign Send I-9 Section 2 to HRBP for in-person verification scheduling.
On completion:
#Custom Workday Mark I-9 Verified with the docs reviewed and dates.
#Custom Vanta Upload Evidence for compliance audit trail.
#Send Direct Message to the new hire confirming.
If not completed by day 3:
#Create Linear Issue in the HR-Compliance project with severity High for HRBP to handle.
#Send Channel Message to
#hr-complianceflagging the audit risk.
#Leave Internal Note capturing dates, escalation path, completion.
Identity Group Management
Playbooks
/
Identity Group Management
Identity Group Management
Created by
Console Team
Published
IT
Okta
Slack
Trigger
Requester asks to create, modify membership, or change ownership of an Okta/Google/Slack group (e.g. "create Okta group for brand campaign team", "remove Sarah from eng-leadership", "add this week's new hires to #all-eng").
Instructions
Parse the action type (create / add members / remove members / delete / change owner), target group name, downstream systems (Okta / Google / Slack / all), and member list.
Validate group name against naming convention (
^[a-z][a-z0-9-]+$, max 40 chars). If invalid:#Send Direct Message explaining the rule and ask for a corrected name.
#Lookup Users on the requester with
includeGroups.Check authorization:
Create → requester must be in the
group-creatorsOkta group or an IT admin.Modify/Delete → requester must be the group owner OR an admin. Use #custom Get Group Owner action.
If unauthorized → #Request Approval from an IT admin.
For Create:
#Create Okta Group (Custom) with the name and description.
#Create Group (Google) with the equivalent name (
{{group}}@company.com).#Create Usergroup (Slack) with the handle
@{{group}}.Set the requester as owner via custom Set Group Owner action.
For Add members:
#Lookup Users for each member to resolve their IDs.
For each: #Add to Group (Okta), #Add to Group (Google), #Add Usergroup Users (Slack).
For Remove members:
For Delete: confirm with the requester via #Trigger Form ("This will delete the group across all systems — confirm?"), then call custom delete actions for Okta + Google + Slack.
For role/manager-based sync (e.g. "add this week's new hires"): query the HR ingest via #Search Graph for matching users, then loop step 6.
#Send Direct Message to the requester with a summary of changes.
#Leave Internal Note capturing the action and downstream sync.
Identity Group Management
Playbooks
/
Identity Group Management
Identity Group Management
Created by
Console Team
Published
IT
Okta
Slack
Trigger
Requester asks to create, modify membership, or change ownership of an Okta/Google/Slack group (e.g. "create Okta group for brand campaign team", "remove Sarah from eng-leadership", "add this week's new hires to #all-eng").
Instructions
Parse the action type (create / add members / remove members / delete / change owner), target group name, downstream systems (Okta / Google / Slack / all), and member list.
Validate group name against naming convention (
^[a-z][a-z0-9-]+$, max 40 chars). If invalid:#Send Direct Message explaining the rule and ask for a corrected name.
#Lookup Users on the requester with
includeGroups.Check authorization:
Create → requester must be in the
group-creatorsOkta group or an IT admin.Modify/Delete → requester must be the group owner OR an admin. Use #custom Get Group Owner action.
If unauthorized → #Request Approval from an IT admin.
For Create:
#Create Okta Group (Custom) with the name and description.
#Create Group (Google) with the equivalent name (
{{group}}@company.com).#Create Usergroup (Slack) with the handle
@{{group}}.Set the requester as owner via custom Set Group Owner action.
For Add members:
#Lookup Users for each member to resolve their IDs.
For each: #Add to Group (Okta), #Add to Group (Google), #Add Usergroup Users (Slack).
For Remove members:
For Delete: confirm with the requester via #Trigger Form ("This will delete the group across all systems — confirm?"), then call custom delete actions for Okta + Google + Slack.
For role/manager-based sync (e.g. "add this week's new hires"): query the HR ingest via #Search Graph for matching users, then loop step 6.
#Send Direct Message to the requester with a summary of changes.
#Leave Internal Note capturing the action and downstream sync.
Identity Group Management
Playbooks
/
Identity Group Management
Identity Group Management
Created by
Console Team
Published
IT
Okta
Slack
Trigger
Requester asks to create, modify membership, or change ownership of an Okta/Google/Slack group (e.g. "create Okta group for brand campaign team", "remove Sarah from eng-leadership", "add this week's new hires to #all-eng").
Instructions
Parse the action type (create / add members / remove members / delete / change owner), target group name, downstream systems (Okta / Google / Slack / all), and member list.
Validate group name against naming convention (
^[a-z][a-z0-9-]+$, max 40 chars). If invalid:#Send Direct Message explaining the rule and ask for a corrected name.
#Lookup Users on the requester with
includeGroups.Check authorization:
Create → requester must be in the
group-creatorsOkta group or an IT admin.Modify/Delete → requester must be the group owner OR an admin. Use #custom Get Group Owner action.
If unauthorized → #Request Approval from an IT admin.
For Create:
#Create Okta Group (Custom) with the name and description.
#Create Group (Google) with the equivalent name (
{{group}}@company.com).#Create Usergroup (Slack) with the handle
@{{group}}.Set the requester as owner via custom Set Group Owner action.
For Add members:
#Lookup Users for each member to resolve their IDs.
For each: #Add to Group (Okta), #Add to Group (Google), #Add Usergroup Users (Slack).
For Remove members:
For Delete: confirm with the requester via #Trigger Form ("This will delete the group across all systems — confirm?"), then call custom delete actions for Okta + Google + Slack.
For role/manager-based sync (e.g. "add this week's new hires"): query the HR ingest via #Search Graph for matching users, then loop step 6.
#Send Direct Message to the requester with a summary of changes.
#Leave Internal Note capturing the action and downstream sync.
Inbound Lead Enrichment & Routing
Playbooks
/
Inbound Lead Enrichment & Routing
Inbound Lead Enrichment & Routing
Created by
Console Team
Published
RevOps
HubSpot
Salesforce
Apollo
+3
Trigger
Webhook — new lead created in HubSpot/Salesforce or marketing platform Variables: $lead.id, $lead.email, $lead.companyDomain, $lead.source, $lead.formData
Instructions
Pull lead details:
#Get HubSpot Contact by ID for basic data.
#Custom Marketing Form Get Submission for the full form payload if applicable.
Enrichment:
#Apollo Search Companies by Technology and Employee Range for the company domain.
#Custom ZoomInfo Enrich Contact for the lead's title, seniority, location.
#Custom Clearbit Enrich as fallback.
ICP scoring:
#Custom Calculate ICP Score based on:
Employee count.
Industry.
Tech stack.
Geographic region.
Title seniority (CXO/VP/Director > Manager > IC).
Score buckets: A (90-100), B (70-89), C (50-69), D (<50).
Branch on score:
A: Route immediately to AE; SDR sequence is high-priority.
B: Route to SDR with priority queue.
C: Route to SDR with standard queue.
D: Auto-nurture; do not assign to SDR.
Territory and rep assignment:
#Custom Get Territory based on country + employee count + industry.
#Custom Get Assigned SDR for the territory.
#Custom Get Assigned AE for high-tier leads.
Update CRM:
#Update HubSpot Contact Properties with enrichment + ICP score + assigned rep.
#Create HubSpot Association between contact and company (create company if doesn't exist).
For score A: #custom HubSpot Create Deal at "Inbound" stage.
Notify the SDR:
#Lookup Users on the assigned SDR with
includeSlackId.#Send Direct Message with the lead brief: company, contact, title, ICP score, form data, enrichment, suggested first email, deal link.
For score A, also notify AE:
#Send Direct Message to the AE with: "High-fit inbound: {{company}} ({{title}}). SDR {{sdr}} working it."
SLA enforcement:
schedule_action wake at lead-response SLA (e.g. 5 min for A, 15 min for B, 60 min for C).
On wake, check if SDR/AE has touched the lead via #custom Check Lead Activity.
If untouched: #Send Direct Message to the rep + manager.
#Create HubSpot Note on Contact with enrichment + scoring + routing.
Inbound Lead Enrichment & Routing
Playbooks
/
Inbound Lead Enrichment & Routing
Inbound Lead Enrichment & Routing
Created by
Console Team
Published
RevOps
HubSpot
Salesforce
Apollo
+3
Trigger
Webhook — new lead created in HubSpot/Salesforce or marketing platform Variables: $lead.id, $lead.email, $lead.companyDomain, $lead.source, $lead.formData
Instructions
Pull lead details:
#Get HubSpot Contact by ID for basic data.
#Custom Marketing Form Get Submission for the full form payload if applicable.
Enrichment:
#Apollo Search Companies by Technology and Employee Range for the company domain.
#Custom ZoomInfo Enrich Contact for the lead's title, seniority, location.
#Custom Clearbit Enrich as fallback.
ICP scoring:
#Custom Calculate ICP Score based on:
Employee count.
Industry.
Tech stack.
Geographic region.
Title seniority (CXO/VP/Director > Manager > IC).
Score buckets: A (90-100), B (70-89), C (50-69), D (<50).
Branch on score:
A: Route immediately to AE; SDR sequence is high-priority.
B: Route to SDR with priority queue.
C: Route to SDR with standard queue.
D: Auto-nurture; do not assign to SDR.
Territory and rep assignment:
#Custom Get Territory based on country + employee count + industry.
#Custom Get Assigned SDR for the territory.
#Custom Get Assigned AE for high-tier leads.
Update CRM:
#Update HubSpot Contact Properties with enrichment + ICP score + assigned rep.
#Create HubSpot Association between contact and company (create company if doesn't exist).
For score A: #custom HubSpot Create Deal at "Inbound" stage.
Notify the SDR:
#Lookup Users on the assigned SDR with
includeSlackId.#Send Direct Message with the lead brief: company, contact, title, ICP score, form data, enrichment, suggested first email, deal link.
For score A, also notify AE:
#Send Direct Message to the AE with: "High-fit inbound: {{company}} ({{title}}). SDR {{sdr}} working it."
SLA enforcement:
schedule_action wake at lead-response SLA (e.g. 5 min for A, 15 min for B, 60 min for C).
On wake, check if SDR/AE has touched the lead via #custom Check Lead Activity.
If untouched: #Send Direct Message to the rep + manager.
#Create HubSpot Note on Contact with enrichment + scoring + routing.
Inbound Lead Enrichment & Routing
Playbooks
/
Inbound Lead Enrichment & Routing
Inbound Lead Enrichment & Routing
Created by
Console Team
Published
RevOps
HubSpot
Salesforce
Apollo
+3
Trigger
Webhook — new lead created in HubSpot/Salesforce or marketing platform Variables: $lead.id, $lead.email, $lead.companyDomain, $lead.source, $lead.formData
Instructions
Pull lead details:
#Get HubSpot Contact by ID for basic data.
#Custom Marketing Form Get Submission for the full form payload if applicable.
Enrichment:
#Apollo Search Companies by Technology and Employee Range for the company domain.
#Custom ZoomInfo Enrich Contact for the lead's title, seniority, location.
#Custom Clearbit Enrich as fallback.
ICP scoring:
#Custom Calculate ICP Score based on:
Employee count.
Industry.
Tech stack.
Geographic region.
Title seniority (CXO/VP/Director > Manager > IC).
Score buckets: A (90-100), B (70-89), C (50-69), D (<50).
Branch on score:
A: Route immediately to AE; SDR sequence is high-priority.
B: Route to SDR with priority queue.
C: Route to SDR with standard queue.
D: Auto-nurture; do not assign to SDR.
Territory and rep assignment:
#Custom Get Territory based on country + employee count + industry.
#Custom Get Assigned SDR for the territory.
#Custom Get Assigned AE for high-tier leads.
Update CRM:
#Update HubSpot Contact Properties with enrichment + ICP score + assigned rep.
#Create HubSpot Association between contact and company (create company if doesn't exist).
For score A: #custom HubSpot Create Deal at "Inbound" stage.
Notify the SDR:
#Lookup Users on the assigned SDR with
includeSlackId.#Send Direct Message with the lead brief: company, contact, title, ICP score, form data, enrichment, suggested first email, deal link.
For score A, also notify AE:
#Send Direct Message to the AE with: "High-fit inbound: {{company}} ({{title}}). SDR {{sdr}} working it."
SLA enforcement:
schedule_action wake at lead-response SLA (e.g. 5 min for A, 15 min for B, 60 min for C).
On wake, check if SDR/AE has touched the lead via #custom Check Lead Activity.
If untouched: #Send Direct Message to the rep + manager.
#Create HubSpot Note on Contact with enrichment + scoring + routing.
Incident Response Orchestration
Playbooks
/
Incident Response Orchestration
Incident Response Orchestration
Created by
Console Team
Published
Security
Okta
Slack
+5
Trigger
Integration Webhook — CrowdStrike high-severity event OR manual escalation from Sec-4 Variables: $incident.id, $incident.severity, $incident.deviceId, $incident.userEmail, $incident.type
Instructions
Immediate containment (parallel actions):
#Custom CrowdStrike Network Contain Host for
$incident.deviceIdto isolate it from the network.#Revoke All User Sessions (Okta) for
$incident.userEmail.#Reset User Factors (Custom) if credential compromise is suspected.
#Device Lock (Kandji) as a secondary containment.
Create incident war room:
#Create Channel (Slack) named
#ir-{{incident.id}}-{{shortType}}.Add Users To Channel:
Security on-call (from PagerDuty).
Security lead.
The affected user's manager (read-only / observer).
On-call IT engineer (for device-related actions).
Page on-call:
#Custom PagerDuty Page with severity, incident summary, war-room channel link.
Post initial status:
#Send Channel Message to the war-room channel with the full enriched payload from Sec-4 (re-run enrichment if not already done).
#Send Channel Message to
#securitywith a brief notice and war-room link.
Run containment runbook:
#Search Knowledge Base for the runbook matching
$incident.type(e.g. "ransomware", "phishing-success", "lateral-movement").For each runbook step:
Present in the war-room channel via #Send Channel Message with the step number and required action.
For automatable steps (e.g. "block hash on EDR" → #Blocklist SHA256 Hash), execute and post outcome.
For human-required steps, wait for the analyst to acknowledge via thread reply.
Evidence collection:
#Custom CrowdStrike RTR Get Forensic Bundle for the affected host.
#Search Okta System Log Custom for a wider window (last 7 days) for the affected user.
#Custom Google Workspace Export Mailbox for the user (if mailbox compromise suspected).
Store all artifacts in a custom Upload to Evidence S3 bucket.
Stakeholder updates:
schedule_action wakes every 30 minutes during active incident.
On each wake, #Send Channel Message status update to
#securityand (if Sev1) to the executive Slack channel.
Resolution:
When the war room declares resolved (via custom IR Mark Resolved form):
#Send Channel Message to all stakeholder channels with the all-clear.
#Send Direct Message to the affected user (if applicable) with the resolution and next steps.
Post-incident:
#Create Linear Issue in the Security-IR project for the retro.
#Custom Generate Incident Timeline action that builds a chronological doc from all war-room messages and actions taken.
#Custom Vanta Upload Incident Evidence for compliance.
#Leave Internal Note capturing the full timeline and decisions.
Incident Response Orchestration
Playbooks
/
Incident Response Orchestration
Incident Response Orchestration
Created by
Console Team
Published
Security
Okta
Slack
+5
Trigger
Integration Webhook — CrowdStrike high-severity event OR manual escalation from Sec-4 Variables: $incident.id, $incident.severity, $incident.deviceId, $incident.userEmail, $incident.type
Instructions
Immediate containment (parallel actions):
#Custom CrowdStrike Network Contain Host for
$incident.deviceIdto isolate it from the network.#Revoke All User Sessions (Okta) for
$incident.userEmail.#Reset User Factors (Custom) if credential compromise is suspected.
#Device Lock (Kandji) as a secondary containment.
Create incident war room:
#Create Channel (Slack) named
#ir-{{incident.id}}-{{shortType}}.Add Users To Channel:
Security on-call (from PagerDuty).
Security lead.
The affected user's manager (read-only / observer).
On-call IT engineer (for device-related actions).
Page on-call:
#Custom PagerDuty Page with severity, incident summary, war-room channel link.
Post initial status:
#Send Channel Message to the war-room channel with the full enriched payload from Sec-4 (re-run enrichment if not already done).
#Send Channel Message to
#securitywith a brief notice and war-room link.
Run containment runbook:
#Search Knowledge Base for the runbook matching
$incident.type(e.g. "ransomware", "phishing-success", "lateral-movement").For each runbook step:
Present in the war-room channel via #Send Channel Message with the step number and required action.
For automatable steps (e.g. "block hash on EDR" → #Blocklist SHA256 Hash), execute and post outcome.
For human-required steps, wait for the analyst to acknowledge via thread reply.
Evidence collection:
#Custom CrowdStrike RTR Get Forensic Bundle for the affected host.
#Search Okta System Log Custom for a wider window (last 7 days) for the affected user.
#Custom Google Workspace Export Mailbox for the user (if mailbox compromise suspected).
Store all artifacts in a custom Upload to Evidence S3 bucket.
Stakeholder updates:
schedule_action wakes every 30 minutes during active incident.
On each wake, #Send Channel Message status update to
#securityand (if Sev1) to the executive Slack channel.
Resolution:
When the war room declares resolved (via custom IR Mark Resolved form):
#Send Channel Message to all stakeholder channels with the all-clear.
#Send Direct Message to the affected user (if applicable) with the resolution and next steps.
Post-incident:
#Create Linear Issue in the Security-IR project for the retro.
#Custom Generate Incident Timeline action that builds a chronological doc from all war-room messages and actions taken.
#Custom Vanta Upload Incident Evidence for compliance.
#Leave Internal Note capturing the full timeline and decisions.
Incident Response Orchestration
Playbooks
/
Incident Response Orchestration
Incident Response Orchestration
Created by
Console Team
Published
Security
Okta
Slack
+5
Trigger
Integration Webhook — CrowdStrike high-severity event OR manual escalation from Sec-4 Variables: $incident.id, $incident.severity, $incident.deviceId, $incident.userEmail, $incident.type
Instructions
Immediate containment (parallel actions):
#Custom CrowdStrike Network Contain Host for
$incident.deviceIdto isolate it from the network.#Revoke All User Sessions (Okta) for
$incident.userEmail.#Reset User Factors (Custom) if credential compromise is suspected.
#Device Lock (Kandji) as a secondary containment.
Create incident war room:
#Create Channel (Slack) named
#ir-{{incident.id}}-{{shortType}}.Add Users To Channel:
Security on-call (from PagerDuty).
Security lead.
The affected user's manager (read-only / observer).
On-call IT engineer (for device-related actions).
Page on-call:
#Custom PagerDuty Page with severity, incident summary, war-room channel link.
Post initial status:
#Send Channel Message to the war-room channel with the full enriched payload from Sec-4 (re-run enrichment if not already done).
#Send Channel Message to
#securitywith a brief notice and war-room link.
Run containment runbook:
#Search Knowledge Base for the runbook matching
$incident.type(e.g. "ransomware", "phishing-success", "lateral-movement").For each runbook step:
Present in the war-room channel via #Send Channel Message with the step number and required action.
For automatable steps (e.g. "block hash on EDR" → #Blocklist SHA256 Hash), execute and post outcome.
For human-required steps, wait for the analyst to acknowledge via thread reply.
Evidence collection:
#Custom CrowdStrike RTR Get Forensic Bundle for the affected host.
#Search Okta System Log Custom for a wider window (last 7 days) for the affected user.
#Custom Google Workspace Export Mailbox for the user (if mailbox compromise suspected).
Store all artifacts in a custom Upload to Evidence S3 bucket.
Stakeholder updates:
schedule_action wakes every 30 minutes during active incident.
On each wake, #Send Channel Message status update to
#securityand (if Sev1) to the executive Slack channel.
Resolution:
When the war room declares resolved (via custom IR Mark Resolved form):
#Send Channel Message to all stakeholder channels with the all-clear.
#Send Direct Message to the affected user (if applicable) with the resolution and next steps.
Post-incident:
#Create Linear Issue in the Security-IR project for the retro.
#Custom Generate Incident Timeline action that builds a chronological doc from all war-room messages and actions taken.
#Custom Vanta Upload Incident Evidence for compliance.
#Leave Internal Note capturing the full timeline and decisions.
IOC Enrichment & Lookup
Playbooks
/
IOC Enrichment & Lookup
IOC Enrichment & Lookup
Created by
Console Team
Published
Security
Okta
Slack
+6
Trigger
Analyst pastes a file hash, IP address, domain, or URL in Slack or a request.
Instructions
Parse the input:
Auto-detect IOC type via regex (MD5/SHA1/SHA256 hash, IPv4/IPv6, domain, URL).
If ambiguous, #Send Direct Message asking for clarification.
#Lookup Users on the requester to confirm analyst role (in
security-analystsOkta group).Run lookups in parallel based on IOC type:
Hash → #custom VirusTotal Hash Lookup, custom abuse.ch MalwareBazaar Lookup, #custom Recorded Future Hash Lookup, #CrowdStrike Query Quarantined Files to check if seen internally.
IP → custom VirusTotal IP Lookup, custom abuse.ch ThreatFox Lookup, custom Recorded Future IP Lookup, custom GreyNoise Lookup, #CrowdStrike: Intel Indicator Lookup.
Domain → custom VirusTotal Domain Lookup, custom WHOIS Lookup, custom Get Domain Age, custom Recorded Future Domain Lookup, #CrowdStrike: Intel Indicator Lookup.
URL → custom VirusTotal URL Lookup, custom URLscan Submit, custom Phishtank Lookup.
Compile a unified verdict:
Count engines flagging as malicious / suspicious / clean.
Pull first-seen / last-seen dates.
Pull associated malware families if any.
Pull related IOCs (e.g. domains hosted on the same IP).
Internal correlation:
#Search Okta System Log Custom for the IP/domain in recent logins (if IP/domain).
#Custom Google Workspace Audit Log Search for the IOC in email senders/URLs.
#CrowdStrike Search Hosts by Hostname or custom CrowdStrike Search by IOC.
#Send Direct Message (or reply in thread) to the analyst with a formatted response:
IOC + type
Verdict (Malicious / Suspicious / Clean / Unknown)
Engine counts and notable findings
Associated families / IOCs
Internal correlation hits
Source links to each enrichment provider
Suggested next action (block / monitor / dismiss)
If verdict is Malicious AND analyst confirms via follow-up:
Offer to fire response actions: #Add SHA256 Hash to CrowdStrike Allowlist or #Blocklist SHA256 Hash, #Search and Purge Email for the URL/domain.
#Leave Internal Note in the request capturing the IOC and verdict.
IOC Enrichment & Lookup
Playbooks
/
IOC Enrichment & Lookup
IOC Enrichment & Lookup
Created by
Console Team
Published
Security
Okta
Slack
+6
Trigger
Analyst pastes a file hash, IP address, domain, or URL in Slack or a request.
Instructions
Parse the input:
Auto-detect IOC type via regex (MD5/SHA1/SHA256 hash, IPv4/IPv6, domain, URL).
If ambiguous, #Send Direct Message asking for clarification.
#Lookup Users on the requester to confirm analyst role (in
security-analystsOkta group).Run lookups in parallel based on IOC type:
Hash → #custom VirusTotal Hash Lookup, custom abuse.ch MalwareBazaar Lookup, #custom Recorded Future Hash Lookup, #CrowdStrike Query Quarantined Files to check if seen internally.
IP → custom VirusTotal IP Lookup, custom abuse.ch ThreatFox Lookup, custom Recorded Future IP Lookup, custom GreyNoise Lookup, #CrowdStrike: Intel Indicator Lookup.
Domain → custom VirusTotal Domain Lookup, custom WHOIS Lookup, custom Get Domain Age, custom Recorded Future Domain Lookup, #CrowdStrike: Intel Indicator Lookup.
URL → custom VirusTotal URL Lookup, custom URLscan Submit, custom Phishtank Lookup.
Compile a unified verdict:
Count engines flagging as malicious / suspicious / clean.
Pull first-seen / last-seen dates.
Pull associated malware families if any.
Pull related IOCs (e.g. domains hosted on the same IP).
Internal correlation:
#Search Okta System Log Custom for the IP/domain in recent logins (if IP/domain).
#Custom Google Workspace Audit Log Search for the IOC in email senders/URLs.
#CrowdStrike Search Hosts by Hostname or custom CrowdStrike Search by IOC.
#Send Direct Message (or reply in thread) to the analyst with a formatted response:
IOC + type
Verdict (Malicious / Suspicious / Clean / Unknown)
Engine counts and notable findings
Associated families / IOCs
Internal correlation hits
Source links to each enrichment provider
Suggested next action (block / monitor / dismiss)
If verdict is Malicious AND analyst confirms via follow-up:
Offer to fire response actions: #Add SHA256 Hash to CrowdStrike Allowlist or #Blocklist SHA256 Hash, #Search and Purge Email for the URL/domain.
#Leave Internal Note in the request capturing the IOC and verdict.
IOC Enrichment & Lookup
Playbooks
/
IOC Enrichment & Lookup
IOC Enrichment & Lookup
Created by
Console Team
Published
Security
Okta
Slack
+6
Trigger
Analyst pastes a file hash, IP address, domain, or URL in Slack or a request.
Instructions
Parse the input:
Auto-detect IOC type via regex (MD5/SHA1/SHA256 hash, IPv4/IPv6, domain, URL).
If ambiguous, #Send Direct Message asking for clarification.
#Lookup Users on the requester to confirm analyst role (in
security-analystsOkta group).Run lookups in parallel based on IOC type:
Hash → #custom VirusTotal Hash Lookup, custom abuse.ch MalwareBazaar Lookup, #custom Recorded Future Hash Lookup, #CrowdStrike Query Quarantined Files to check if seen internally.
IP → custom VirusTotal IP Lookup, custom abuse.ch ThreatFox Lookup, custom Recorded Future IP Lookup, custom GreyNoise Lookup, #CrowdStrike: Intel Indicator Lookup.
Domain → custom VirusTotal Domain Lookup, custom WHOIS Lookup, custom Get Domain Age, custom Recorded Future Domain Lookup, #CrowdStrike: Intel Indicator Lookup.
URL → custom VirusTotal URL Lookup, custom URLscan Submit, custom Phishtank Lookup.
Compile a unified verdict:
Count engines flagging as malicious / suspicious / clean.
Pull first-seen / last-seen dates.
Pull associated malware families if any.
Pull related IOCs (e.g. domains hosted on the same IP).
Internal correlation:
#Search Okta System Log Custom for the IP/domain in recent logins (if IP/domain).
#Custom Google Workspace Audit Log Search for the IOC in email senders/URLs.
#CrowdStrike Search Hosts by Hostname or custom CrowdStrike Search by IOC.
#Send Direct Message (or reply in thread) to the analyst with a formatted response:
IOC + type
Verdict (Malicious / Suspicious / Clean / Unknown)
Engine counts and notable findings
Associated families / IOCs
Internal correlation hits
Source links to each enrichment provider
Suggested next action (block / monitor / dismiss)
If verdict is Malicious AND analyst confirms via follow-up:
Offer to fire response actions: #Add SHA256 Hash to CrowdStrike Allowlist or #Blocklist SHA256 Hash, #Search and Purge Email for the URL/domain.
#Leave Internal Note in the request capturing the IOC and verdict.
IP Assignment for New Hires
Playbooks
/
IP Assignment for New Hires
IP Assignment for New Hires
Created by
Console Team
Published
Legal
Workday
Vanta
DocuSign
Trigger
Webhook — Workday worker.hired Variables: $employee.email, $employee.startDate, $employee.location
Instructions
#Lookup Users on new hire.
Determine PIIA template:
#Custom Get PIIA Template based on
$employee.location(US / UK / EU / India variants).
Pre-fill: employee name, address, start date, employment terms reference.
Send on day 1:
#Send Direct Message to new hire on day 1 with context and expected sign by week 1.
schedule_action wakes at 3 / 7 / 14:
Day 3: gentle DM reminder.
Day 7: escalation DM + cc manager.
Day 14: #Send Channel Message to
#legal-complianceand#hrbp; employment risk if unsigned.
On signature:
For IP-sensitive roles: custom Send Inventor Notification for patent / disclosure obligations.
#Resolve Request on signature.
IP Assignment for New Hires
Playbooks
/
IP Assignment for New Hires
IP Assignment for New Hires
Created by
Console Team
Published
Legal
Workday
Vanta
DocuSign
Trigger
Webhook — Workday worker.hired Variables: $employee.email, $employee.startDate, $employee.location
Instructions
#Lookup Users on new hire.
Determine PIIA template:
#Custom Get PIIA Template based on
$employee.location(US / UK / EU / India variants).
Pre-fill: employee name, address, start date, employment terms reference.
Send on day 1:
#Send Direct Message to new hire on day 1 with context and expected sign by week 1.
schedule_action wakes at 3 / 7 / 14:
Day 3: gentle DM reminder.
Day 7: escalation DM + cc manager.
Day 14: #Send Channel Message to
#legal-complianceand#hrbp; employment risk if unsigned.
On signature:
For IP-sensitive roles: custom Send Inventor Notification for patent / disclosure obligations.
#Resolve Request on signature.
IP Assignment for New Hires
Playbooks
/
IP Assignment for New Hires
IP Assignment for New Hires
Created by
Console Team
Published
Legal
Workday
Vanta
DocuSign
Trigger
Webhook — Workday worker.hired Variables: $employee.email, $employee.startDate, $employee.location
Instructions
#Lookup Users on new hire.
Determine PIIA template:
#Custom Get PIIA Template based on
$employee.location(US / UK / EU / India variants).
Pre-fill: employee name, address, start date, employment terms reference.
Send on day 1:
#Send Direct Message to new hire on day 1 with context and expected sign by week 1.
schedule_action wakes at 3 / 7 / 14:
Day 3: gentle DM reminder.
Day 7: escalation DM + cc manager.
Day 14: #Send Channel Message to
#legal-complianceand#hrbp; employment risk if unsigned.
On signature:
For IP-sensitive roles: custom Send Inventor Notification for patent / disclosure obligations.
#Resolve Request on signature.
Just-In-Time (JIT) Access
Playbooks
/
Just-In-Time (JIT) Access
Just-In-Time (JIT) Access
Created by
Console Team
Published
Security
Okta
AWS
Snowflake
+1
Trigger
Requester asks for time-bound privileged access (AWS root, prod DB, financial systems, admin console).
Instructions
Parse target system, role/entitlement, duration, and justification from the request.
#Lookup Users on the requester with
includeManagerandincludeGroups.#Trigger Form to collect:
Target system (dropdown of JIT-eligible systems)
Specific role or scope (e.g. "AWS prod read-only", "Snowflake admin")
Duration (max 8 hours, max 24 hours, max 7 days based on system tier)
Business justification (free text, min 50 chars)
Ticket/incident reference if responding to an incident
Validate the request:
Requester is eligible for this system via custom Check JIT Eligibility.
Duration is within max allowed for the system tier.
Not already holding active JIT access for the same system.
Approval chain:
#Request Approval from system owner (custom Get System Owner).
#Request Approval from security on-call (custom Get Security Oncall).
For top-tier systems (AWS root, prod DB): also #Request Approval from CISO or delegate.
On full approval:
For Okta-managed → #Add to Group for the JIT entitlement group.
For AWS → #custom AWS IAM Attach Policy with the specified role and a duration tag.
For Snowflake → #custom Snowflake Grant Role with the role and the user.
For app-specific → call the app's JIT grant action.
schedule_action wake at the TTL to execute revocation:
Reverse of step 6 (Remove from Group / Detach Policy / Revoke Role).
#Send Direct Message to the requester with: access details, expiry timestamp, system access URL, what they can/cannot do.
#Send Channel Message to
#security-jitlogging the grant with: requester, system, role, duration, justification, ticket reference.#Custom Vanta Log JIT Event with the full audit trail.
On revocation wake: #Send Direct Message to the requester confirming auto-expire; #Send Channel Message to
#security-jitconfirming revoke.#Leave Internal Note capturing approval trail and grant/revoke timestamps.
Just-In-Time (JIT) Access
Playbooks
/
Just-In-Time (JIT) Access
Just-In-Time (JIT) Access
Created by
Console Team
Published
Security
Okta
AWS
Snowflake
+1
Trigger
Requester asks for time-bound privileged access (AWS root, prod DB, financial systems, admin console).
Instructions
Parse target system, role/entitlement, duration, and justification from the request.
#Lookup Users on the requester with
includeManagerandincludeGroups.#Trigger Form to collect:
Target system (dropdown of JIT-eligible systems)
Specific role or scope (e.g. "AWS prod read-only", "Snowflake admin")
Duration (max 8 hours, max 24 hours, max 7 days based on system tier)
Business justification (free text, min 50 chars)
Ticket/incident reference if responding to an incident
Validate the request:
Requester is eligible for this system via custom Check JIT Eligibility.
Duration is within max allowed for the system tier.
Not already holding active JIT access for the same system.
Approval chain:
#Request Approval from system owner (custom Get System Owner).
#Request Approval from security on-call (custom Get Security Oncall).
For top-tier systems (AWS root, prod DB): also #Request Approval from CISO or delegate.
On full approval:
For Okta-managed → #Add to Group for the JIT entitlement group.
For AWS → #custom AWS IAM Attach Policy with the specified role and a duration tag.
For Snowflake → #custom Snowflake Grant Role with the role and the user.
For app-specific → call the app's JIT grant action.
schedule_action wake at the TTL to execute revocation:
Reverse of step 6 (Remove from Group / Detach Policy / Revoke Role).
#Send Direct Message to the requester with: access details, expiry timestamp, system access URL, what they can/cannot do.
#Send Channel Message to
#security-jitlogging the grant with: requester, system, role, duration, justification, ticket reference.#Custom Vanta Log JIT Event with the full audit trail.
On revocation wake: #Send Direct Message to the requester confirming auto-expire; #Send Channel Message to
#security-jitconfirming revoke.#Leave Internal Note capturing approval trail and grant/revoke timestamps.
Just-In-Time (JIT) Access
Playbooks
/
Just-In-Time (JIT) Access
Just-In-Time (JIT) Access
Created by
Console Team
Published
Security
Okta
AWS
Snowflake
+1
Trigger
Requester asks for time-bound privileged access (AWS root, prod DB, financial systems, admin console).
Instructions
Parse target system, role/entitlement, duration, and justification from the request.
#Lookup Users on the requester with
includeManagerandincludeGroups.#Trigger Form to collect:
Target system (dropdown of JIT-eligible systems)
Specific role or scope (e.g. "AWS prod read-only", "Snowflake admin")
Duration (max 8 hours, max 24 hours, max 7 days based on system tier)
Business justification (free text, min 50 chars)
Ticket/incident reference if responding to an incident
Validate the request:
Requester is eligible for this system via custom Check JIT Eligibility.
Duration is within max allowed for the system tier.
Not already holding active JIT access for the same system.
Approval chain:
#Request Approval from system owner (custom Get System Owner).
#Request Approval from security on-call (custom Get Security Oncall).
For top-tier systems (AWS root, prod DB): also #Request Approval from CISO or delegate.
On full approval:
For Okta-managed → #Add to Group for the JIT entitlement group.
For AWS → #custom AWS IAM Attach Policy with the specified role and a duration tag.
For Snowflake → #custom Snowflake Grant Role with the role and the user.
For app-specific → call the app's JIT grant action.
schedule_action wake at the TTL to execute revocation:
Reverse of step 6 (Remove from Group / Detach Policy / Revoke Role).
#Send Direct Message to the requester with: access details, expiry timestamp, system access URL, what they can/cannot do.
#Send Channel Message to
#security-jitlogging the grant with: requester, system, role, duration, justification, ticket reference.#Custom Vanta Log JIT Event with the full audit trail.
On revocation wake: #Send Direct Message to the requester confirming auto-expire; #Send Channel Message to
#security-jitconfirming revoke.#Leave Internal Note capturing approval trail and grant/revoke timestamps.
Legal Hold / Litigation Hold
Playbooks
/
Legal Hold / Litigation Hold
Legal Hold / Litigation Hold
Created by
Console Team
Published
Legal
Okta
Slack
+2
Trigger
Counsel issues litigation hold on a custodian.
Instructions
#Trigger Form to collect:
Matter name and ID.
Custodian email(s).
Hold scope (subjects / date range / all communications).
Data systems in scope (Gmail / Drive / Slack / GitHub / etc.).
Effective date.
Anticipated duration.
Outside counsel contact.
#Lookup Users on each custodian with
includeManager.#Request Approval from general counsel.
Execute hold:
#Custom Google Workspace Apply Litigation Hold for mailbox and Drive.
#Custom Slack Apply Custom Retention for user's DMs and channels.
#Custom GitHub Apply Repo Hold for owned/contributed repos.
#Custom Apply System-Specific Hold for other systems.
Send hold notice:
#Custom DocuSign Send Hold Notice for acknowledgement.
#Send Direct Message: hold context + acknowledgement ask.
schedule_action wake at 3 days for acknowledgement:
Not acknowledged → DM custodian + manager.
At 7 days → escalate to counsel.
Documentation:
#Custom Generate Hold Inventory of preserved systems and date range.
#Custom Store Hold Documentation in matter folder.
Periodic verification:
schedule_action wake every 90 days to confirm hold still active in each system.
#Send Channel Message to
#legal-holds.On hold release (separate request): reverse system-specific holds, DM custodian with release notice, log in Vanta.
#Resolve Request on acknowledgement (hold remains active separately).
Legal Hold / Litigation Hold
Playbooks
/
Legal Hold / Litigation Hold
Legal Hold / Litigation Hold
Created by
Console Team
Published
Legal
Okta
Slack
+2
Trigger
Counsel issues litigation hold on a custodian.
Instructions
#Trigger Form to collect:
Matter name and ID.
Custodian email(s).
Hold scope (subjects / date range / all communications).
Data systems in scope (Gmail / Drive / Slack / GitHub / etc.).
Effective date.
Anticipated duration.
Outside counsel contact.
#Lookup Users on each custodian with
includeManager.#Request Approval from general counsel.
Execute hold:
#Custom Google Workspace Apply Litigation Hold for mailbox and Drive.
#Custom Slack Apply Custom Retention for user's DMs and channels.
#Custom GitHub Apply Repo Hold for owned/contributed repos.
#Custom Apply System-Specific Hold for other systems.
Send hold notice:
#Custom DocuSign Send Hold Notice for acknowledgement.
#Send Direct Message: hold context + acknowledgement ask.
schedule_action wake at 3 days for acknowledgement:
Not acknowledged → DM custodian + manager.
At 7 days → escalate to counsel.
Documentation:
#Custom Generate Hold Inventory of preserved systems and date range.
#Custom Store Hold Documentation in matter folder.
Periodic verification:
schedule_action wake every 90 days to confirm hold still active in each system.
#Send Channel Message to
#legal-holds.On hold release (separate request): reverse system-specific holds, DM custodian with release notice, log in Vanta.
#Resolve Request on acknowledgement (hold remains active separately).
Legal Hold / Litigation Hold
Playbooks
/
Legal Hold / Litigation Hold
Legal Hold / Litigation Hold
Created by
Console Team
Published
Legal
Okta
Slack
+2
Trigger
Counsel issues litigation hold on a custodian.
Instructions
#Trigger Form to collect:
Matter name and ID.
Custodian email(s).
Hold scope (subjects / date range / all communications).
Data systems in scope (Gmail / Drive / Slack / GitHub / etc.).
Effective date.
Anticipated duration.
Outside counsel contact.
#Lookup Users on each custodian with
includeManager.#Request Approval from general counsel.
Execute hold:
#Custom Google Workspace Apply Litigation Hold for mailbox and Drive.
#Custom Slack Apply Custom Retention for user's DMs and channels.
#Custom GitHub Apply Repo Hold for owned/contributed repos.
#Custom Apply System-Specific Hold for other systems.
Send hold notice:
#Custom DocuSign Send Hold Notice for acknowledgement.
#Send Direct Message: hold context + acknowledgement ask.
schedule_action wake at 3 days for acknowledgement:
Not acknowledged → DM custodian + manager.
At 7 days → escalate to counsel.
Documentation:
#Custom Generate Hold Inventory of preserved systems and date range.
#Custom Store Hold Documentation in matter folder.
Periodic verification:
schedule_action wake every 90 days to confirm hold still active in each system.
#Send Channel Message to
#legal-holds.On hold release (separate request): reverse system-specific holds, DM custodian with release notice, log in Vanta.
#Resolve Request on acknowledgement (hold remains active separately).
Legal Policy & Compliance Q&A
Playbooks
/
Legal Policy & Compliance Q&A
Legal Policy & Compliance Q&A
Created by
Console Team
Published
Legal
Vanta
Trigger
Requester asks a legal / compliance / policy question.
Instructions
#Lookup Users on requester with
department.#Search Knowledge Base for legal policy KB.
Categorize question:
External sharing / NDA need → policy + Legal-2 if NDA needed.
Open-source contribution → OSS policy + approval flow if novel.
Competitive intelligence → comp intel policy.
Anti-bribery / FCPA → ethics policy.
Insider trading → securities policy.
Privacy → privacy policy.
#Expand Knowledge Base Article on top hit.
Branch on confidence:
High → direct answer.
Medium → answer with caveat + offer counsel review.
Low / novel → #Prompt for Handoff to counsel.
Compose answer: direct answer + quoted section + source link + "when in doubt" guidance.
#Send Direct Message with formatted answer.
#Custom Vanta Log Policy Inquiry for repetitive-question detection (helps update KB).
Legal Policy & Compliance Q&A
Playbooks
/
Legal Policy & Compliance Q&A
Legal Policy & Compliance Q&A
Created by
Console Team
Published
Legal
Vanta
Trigger
Requester asks a legal / compliance / policy question.
Instructions
#Lookup Users on requester with
department.#Search Knowledge Base for legal policy KB.
Categorize question:
External sharing / NDA need → policy + Legal-2 if NDA needed.
Open-source contribution → OSS policy + approval flow if novel.
Competitive intelligence → comp intel policy.
Anti-bribery / FCPA → ethics policy.
Insider trading → securities policy.
Privacy → privacy policy.
#Expand Knowledge Base Article on top hit.
Branch on confidence:
High → direct answer.
Medium → answer with caveat + offer counsel review.
Low / novel → #Prompt for Handoff to counsel.
Compose answer: direct answer + quoted section + source link + "when in doubt" guidance.
#Send Direct Message with formatted answer.
#Custom Vanta Log Policy Inquiry for repetitive-question detection (helps update KB).
Legal Policy & Compliance Q&A
Playbooks
/
Legal Policy & Compliance Q&A
Legal Policy & Compliance Q&A
Created by
Console Team
Published
Legal
Vanta
Trigger
Requester asks a legal / compliance / policy question.
Instructions
#Lookup Users on requester with
department.#Search Knowledge Base for legal policy KB.
Categorize question:
External sharing / NDA need → policy + Legal-2 if NDA needed.
Open-source contribution → OSS policy + approval flow if novel.
Competitive intelligence → comp intel policy.
Anti-bribery / FCPA → ethics policy.
Insider trading → securities policy.
Privacy → privacy policy.
#Expand Knowledge Base Article on top hit.
Branch on confidence:
High → direct answer.
Medium → answer with caveat + offer counsel review.
Low / novel → #Prompt for Handoff to counsel.
Compose answer: direct answer + quoted section + source link + "when in doubt" guidance.
#Send Direct Message with formatted answer.
#Custom Vanta Log Policy Inquiry for repetitive-question detection (helps update KB).
License Cost & Renewal Tracking
Playbooks
/
License Cost & Renewal Tracking
License Cost & Renewal Tracking
Created by
Console Team
Published
Finance
NetSuite
+2
Trigger
Scheduled — every day at 7:00 AM America/Chicago
Instructions
License Cost & Renewal Tracking
Playbooks
/
License Cost & Renewal Tracking
License Cost & Renewal Tracking
Created by
Console Team
Published
Finance
NetSuite
+2
Trigger
Scheduled — every day at 7:00 AM America/Chicago
Instructions
License Cost & Renewal Tracking
Playbooks
/
License Cost & Renewal Tracking
License Cost & Renewal Tracking
Created by
Console Team
Published
Finance
NetSuite
+2
Trigger
Scheduled — every day at 7:00 AM America/Chicago
Instructions
License Reclamation
Playbooks
/
License Reclamation
License Reclamation
Created by
Console Team
Published
IT
Okta
Lattice
Linear
+2
Trigger
Scheduled — every day at 9:00 AM America/Chicago
Instructions
Query the custom Productiv ingest via #Search Graph for seats with no logins in 60+ days across Outreach, Gong, Lattice, Figma.
For each stale seat:
#Lookup Users on the seat owner with
includeManagerandincludeSlackId.Skip if user was hired in the last 30 days (grace period) or has an active PTO/leave entry in HR ingest.
#Send Direct Message to the user (cc manager in a separate DM): "You haven't logged into {{app}} in 60 days. Still need it? Confirm in 7 days or it gets reclaimed." with a #Trigger Form containing "Keep" / "Reclaim".
schedule_action wake 7 days later to check the form response.
On wake, branch on response:
Keep → log to internal note, #Send Direct Message confirming, no further action.
Reclaim or no response → execute reclamation:
For Okta-managed app → #Remove from Group for the entitlement group.
For app with native API → call the custom {{App}} Remove Seat action.
#Send Direct Message to the user confirming reclamation with re-request instructions if needed.
#Send Channel Message to
#it-licenseswith: user, app, seat reclaimed, savings estimate.#Create Linear Issue weekly summarizing total seats reclaimed and dollar savings.
License Reclamation
Playbooks
/
License Reclamation
License Reclamation
Created by
Console Team
Published
IT
Okta
Lattice
Linear
+2
Trigger
Scheduled — every day at 9:00 AM America/Chicago
Instructions
Query the custom Productiv ingest via #Search Graph for seats with no logins in 60+ days across Outreach, Gong, Lattice, Figma.
For each stale seat:
#Lookup Users on the seat owner with
includeManagerandincludeSlackId.Skip if user was hired in the last 30 days (grace period) or has an active PTO/leave entry in HR ingest.
#Send Direct Message to the user (cc manager in a separate DM): "You haven't logged into {{app}} in 60 days. Still need it? Confirm in 7 days or it gets reclaimed." with a #Trigger Form containing "Keep" / "Reclaim".
schedule_action wake 7 days later to check the form response.
On wake, branch on response:
Keep → log to internal note, #Send Direct Message confirming, no further action.
Reclaim or no response → execute reclamation:
For Okta-managed app → #Remove from Group for the entitlement group.
For app with native API → call the custom {{App}} Remove Seat action.
#Send Direct Message to the user confirming reclamation with re-request instructions if needed.
#Send Channel Message to
#it-licenseswith: user, app, seat reclaimed, savings estimate.#Create Linear Issue weekly summarizing total seats reclaimed and dollar savings.
License Reclamation
Playbooks
/
License Reclamation
License Reclamation
Created by
Console Team
Published
IT
Okta
Lattice
Linear
+2
Trigger
Scheduled — every day at 9:00 AM America/Chicago
Instructions
Query the custom Productiv ingest via #Search Graph for seats with no logins in 60+ days across Outreach, Gong, Lattice, Figma.
For each stale seat:
#Lookup Users on the seat owner with
includeManagerandincludeSlackId.Skip if user was hired in the last 30 days (grace period) or has an active PTO/leave entry in HR ingest.
#Send Direct Message to the user (cc manager in a separate DM): "You haven't logged into {{app}} in 60 days. Still need it? Confirm in 7 days or it gets reclaimed." with a #Trigger Form containing "Keep" / "Reclaim".
schedule_action wake 7 days later to check the form response.
On wake, branch on response:
Keep → log to internal note, #Send Direct Message confirming, no further action.
Reclaim or no response → execute reclamation:
For Okta-managed app → #Remove from Group for the entitlement group.
For app with native API → call the custom {{App}} Remove Seat action.
#Send Direct Message to the user confirming reclamation with re-request instructions if needed.
#Send Channel Message to
#it-licenseswith: user, app, seat reclaimed, savings estimate.#Create Linear Issue weekly summarizing total seats reclaimed and dollar savings.
Lost Device → Remote Lock
Playbooks
/
Lost Device → Remote Lock
Lost Device → Remote Lock
Created by
Console Team
Published
IT
Okta
Kandji
Linear
Trigger
User reports a lost or stolen device ("left MacBook at airport", "phone with corporate apps stolen").
Instructions
#Lookup Users on the requester with
includeManager.#List Devices (Kandji) filtered by
assignedUserEmailto find their device(s).#Trigger Form to collect:
Which device
Where it was last seen
When
Whether it might be recoverable or is confirmed lost/stolen
Whether they want a replacement
#Get Device Details to confirm device state.
Execute immediate containment in parallel:
#Enable Lost Mode (Kandji) with a custom message and contact phone.
#Play Lost Mode Sound (Kandji) to help recovery attempts.
#Device Lock (Kandji) with a 6-digit PIN.
#Revoke All User Sessions (Okta) to invalidate any active sessions.
If the user indicated the device is confirmed stolen:
#Custom Kandji Remote Wipe action with selective wipe.
#Reset User Factors (Custom) to invalidate any device-bound factors.
#Create Linear Issue in the security project with severity High, including device serial, last-seen location, user, timestamp.
#Send Channel Message to
#securitywith the incident summary and Linear link.#Send Channel Message to
#it-alertswith the device + user.If replacement requested → trigger IT-14 New Device Order by creating a follow-up request.
#Send Direct Message to the requester with:
Confirmation of containment actions taken
Replacement order status (if applicable)
Police report instructions (if stolen)
Insurance claim instructions
schedule_action wake at 7 days to check if the device was recovered.
#Leave Internal Note capturing all actions and timestamps.
Lost Device → Remote Lock
Playbooks
/
Lost Device → Remote Lock
Lost Device → Remote Lock
Created by
Console Team
Published
IT
Okta
Kandji
Linear
Trigger
User reports a lost or stolen device ("left MacBook at airport", "phone with corporate apps stolen").
Instructions
#Lookup Users on the requester with
includeManager.#List Devices (Kandji) filtered by
assignedUserEmailto find their device(s).#Trigger Form to collect:
Which device
Where it was last seen
When
Whether it might be recoverable or is confirmed lost/stolen
Whether they want a replacement
#Get Device Details to confirm device state.
Execute immediate containment in parallel:
#Enable Lost Mode (Kandji) with a custom message and contact phone.
#Play Lost Mode Sound (Kandji) to help recovery attempts.
#Device Lock (Kandji) with a 6-digit PIN.
#Revoke All User Sessions (Okta) to invalidate any active sessions.
If the user indicated the device is confirmed stolen:
#Custom Kandji Remote Wipe action with selective wipe.
#Reset User Factors (Custom) to invalidate any device-bound factors.
#Create Linear Issue in the security project with severity High, including device serial, last-seen location, user, timestamp.
#Send Channel Message to
#securitywith the incident summary and Linear link.#Send Channel Message to
#it-alertswith the device + user.If replacement requested → trigger IT-14 New Device Order by creating a follow-up request.
#Send Direct Message to the requester with:
Confirmation of containment actions taken
Replacement order status (if applicable)
Police report instructions (if stolen)
Insurance claim instructions
schedule_action wake at 7 days to check if the device was recovered.
#Leave Internal Note capturing all actions and timestamps.
Lost Device → Remote Lock
Playbooks
/
Lost Device → Remote Lock
Lost Device → Remote Lock
Created by
Console Team
Published
IT
Okta
Kandji
Linear
Trigger
User reports a lost or stolen device ("left MacBook at airport", "phone with corporate apps stolen").
Instructions
#Lookup Users on the requester with
includeManager.#List Devices (Kandji) filtered by
assignedUserEmailto find their device(s).#Trigger Form to collect:
Which device
Where it was last seen
When
Whether it might be recoverable or is confirmed lost/stolen
Whether they want a replacement
#Get Device Details to confirm device state.
Execute immediate containment in parallel:
#Enable Lost Mode (Kandji) with a custom message and contact phone.
#Play Lost Mode Sound (Kandji) to help recovery attempts.
#Device Lock (Kandji) with a 6-digit PIN.
#Revoke All User Sessions (Okta) to invalidate any active sessions.
If the user indicated the device is confirmed stolen:
#Custom Kandji Remote Wipe action with selective wipe.
#Reset User Factors (Custom) to invalidate any device-bound factors.
#Create Linear Issue in the security project with severity High, including device serial, last-seen location, user, timestamp.
#Send Channel Message to
#securitywith the incident summary and Linear link.#Send Channel Message to
#it-alertswith the device + user.If replacement requested → trigger IT-14 New Device Order by creating a follow-up request.
#Send Direct Message to the requester with:
Confirmation of containment actions taken
Replacement order status (if applicable)
Police report instructions (if stolen)
Insurance claim instructions
schedule_action wake at 7 days to check if the device was recovered.
#Leave Internal Note capturing all actions and timestamps.
Manager Change Cascade
Playbooks
/
Manager Change Cascade
Manager Change Cascade
Created by
Console Team
Published
HR
Okta
Google Calendar
Slack
+1
Trigger
Webhook — worker.manager_changed from HRIS Variables: $employee.email, $oldManagerEmail, $newManagerEmail, $effectiveDate
Instructions
#Lookup Users on the employee, old manager, and new manager with
includeGroups.If
$effectiveDateis in the future, schedule_action wake on that date and exit; otherwise proceed.Update identity systems:
#Update Okta User Profile (Custom) to set
managerto$newManagerEmail.#Custom HRIS Confirm Manager Update (idempotent confirmation that the webhook reflected).
Slack usergroup sync:
For each Slack usergroup the old manager owns that the employee is in: #Remove Usergroup Users if it's a direct-reports-only group.
#Update Usergroup to add the employee to the new manager's direct-reports usergroup.
Access policy cascade:
#Custom List Policies Where Manager Is Approver for the employee.
For each: #custom Update Policy Approver to point at the new manager going forward (existing pending approvals keep old approver unless re-routed).
Calendar / 1:1 cascade:
#Custom Google Calendar Find Recurring 1:1 between employee and old manager.
#Send Direct Message to both managers suggesting the new 1:1 cadence; offer to auto-create the new 1:1 via custom Google Calendar Create Recurring.
Org chart update via custom Update People Directory Manager.
#Send Direct Message to the employee, old manager, and new manager with a transition summary (when the change took effect, what got rerouted, what 1:1s changed).
#Send Channel Message to
#org-changeswith the change.#Leave Internal Note capturing all downstream syncs.
Manager Change Cascade
Playbooks
/
Manager Change Cascade
Manager Change Cascade
Created by
Console Team
Published
HR
Okta
Google Calendar
Slack
+1
Trigger
Webhook — worker.manager_changed from HRIS Variables: $employee.email, $oldManagerEmail, $newManagerEmail, $effectiveDate
Instructions
#Lookup Users on the employee, old manager, and new manager with
includeGroups.If
$effectiveDateis in the future, schedule_action wake on that date and exit; otherwise proceed.Update identity systems:
#Update Okta User Profile (Custom) to set
managerto$newManagerEmail.#Custom HRIS Confirm Manager Update (idempotent confirmation that the webhook reflected).
Slack usergroup sync:
For each Slack usergroup the old manager owns that the employee is in: #Remove Usergroup Users if it's a direct-reports-only group.
#Update Usergroup to add the employee to the new manager's direct-reports usergroup.
Access policy cascade:
#Custom List Policies Where Manager Is Approver for the employee.
For each: #custom Update Policy Approver to point at the new manager going forward (existing pending approvals keep old approver unless re-routed).
Calendar / 1:1 cascade:
#Custom Google Calendar Find Recurring 1:1 between employee and old manager.
#Send Direct Message to both managers suggesting the new 1:1 cadence; offer to auto-create the new 1:1 via custom Google Calendar Create Recurring.
Org chart update via custom Update People Directory Manager.
#Send Direct Message to the employee, old manager, and new manager with a transition summary (when the change took effect, what got rerouted, what 1:1s changed).
#Send Channel Message to
#org-changeswith the change.#Leave Internal Note capturing all downstream syncs.
Manager Change Cascade
Playbooks
/
Manager Change Cascade
Manager Change Cascade
Created by
Console Team
Published
HR
Okta
Google Calendar
Slack
+1
Trigger
Webhook — worker.manager_changed from HRIS Variables: $employee.email, $oldManagerEmail, $newManagerEmail, $effectiveDate
Instructions
#Lookup Users on the employee, old manager, and new manager with
includeGroups.If
$effectiveDateis in the future, schedule_action wake on that date and exit; otherwise proceed.Update identity systems:
#Update Okta User Profile (Custom) to set
managerto$newManagerEmail.#Custom HRIS Confirm Manager Update (idempotent confirmation that the webhook reflected).
Slack usergroup sync:
For each Slack usergroup the old manager owns that the employee is in: #Remove Usergroup Users if it's a direct-reports-only group.
#Update Usergroup to add the employee to the new manager's direct-reports usergroup.
Access policy cascade:
#Custom List Policies Where Manager Is Approver for the employee.
For each: #custom Update Policy Approver to point at the new manager going forward (existing pending approvals keep old approver unless re-routed).
Calendar / 1:1 cascade:
#Custom Google Calendar Find Recurring 1:1 between employee and old manager.
#Send Direct Message to both managers suggesting the new 1:1 cadence; offer to auto-create the new 1:1 via custom Google Calendar Create Recurring.
Org chart update via custom Update People Directory Manager.
#Send Direct Message to the employee, old manager, and new manager with a transition summary (when the change took effect, what got rerouted, what 1:1s changed).
#Send Channel Message to
#org-changeswith the change.#Leave Internal Note capturing all downstream syncs.
Mandatory Training Assignment
Playbooks
/
Mandatory Training Assignment
Mandatory Training Assignment
Created by
Console Team
Published
HR
Workday
Vanta
Trigger
Scheduled — every day at 10:00 AM America/Chicago (also triggered from HR-1 for new hires)
Instructions
Determine which employees need assignment:
For new hires: passed in from HR-1.
For cadence-based: #Custom Workday Query Workers with
last_training_completion < {{cadence}}(annual / biannual).For role changes: from HR-6.
For each employee:
#Lookup Users with
includeManageranddepartment.Determine required modules based on role:
All employees → security awareness, harassment prevention, code of conduct, GDPR awareness.
Engineering → secure coding, OWASP top 10.
Finance → SOX awareness, anti-fraud.
Sales → MAP-compliant selling, customer data handling.
Managers → manager training, performance feedback, anti-harassment leader training.
#Custom LearnUpon Assign Modules with the matching module IDs and a 30-day completion deadline.
#Send Direct Message to the employee with: list of assigned modules, total estimated time, deadline, LearnUpon link.
schedule_action wakes at day 7, 14, 21, 30, 60, 90:
On each wake, #custom LearnUpon Get Completion Status for the employee.
If incomplete:
Day 7, 14, 21 → #Send Direct Message reminder.
Day 30 → #Send Direct Message to manager + employee: "Overdue."
Day 60 → #Send Channel Message to
#hrbpwith the employee.Day 90 → #Send Direct Message to HRBP + employee's skip-level manager; flag in HRIS.
On completion:
#Custom Vanta Upload Evidence with the completion certificate.
#Send Direct Message to the employee with a thank-you.
#Leave Internal Note capturing module completion dates.
Quarterly: #Send Channel Message to
#compliancewith org-wide completion stats via #Run Query.
Mandatory Training Assignment
Playbooks
/
Mandatory Training Assignment
Mandatory Training Assignment
Created by
Console Team
Published
HR
Workday
Vanta
Trigger
Scheduled — every day at 10:00 AM America/Chicago (also triggered from HR-1 for new hires)
Instructions
Determine which employees need assignment:
For new hires: passed in from HR-1.
For cadence-based: #Custom Workday Query Workers with
last_training_completion < {{cadence}}(annual / biannual).For role changes: from HR-6.
For each employee:
#Lookup Users with
includeManageranddepartment.Determine required modules based on role:
All employees → security awareness, harassment prevention, code of conduct, GDPR awareness.
Engineering → secure coding, OWASP top 10.
Finance → SOX awareness, anti-fraud.
Sales → MAP-compliant selling, customer data handling.
Managers → manager training, performance feedback, anti-harassment leader training.
#Custom LearnUpon Assign Modules with the matching module IDs and a 30-day completion deadline.
#Send Direct Message to the employee with: list of assigned modules, total estimated time, deadline, LearnUpon link.
schedule_action wakes at day 7, 14, 21, 30, 60, 90:
On each wake, #custom LearnUpon Get Completion Status for the employee.
If incomplete:
Day 7, 14, 21 → #Send Direct Message reminder.
Day 30 → #Send Direct Message to manager + employee: "Overdue."
Day 60 → #Send Channel Message to
#hrbpwith the employee.Day 90 → #Send Direct Message to HRBP + employee's skip-level manager; flag in HRIS.
On completion:
#Custom Vanta Upload Evidence with the completion certificate.
#Send Direct Message to the employee with a thank-you.
#Leave Internal Note capturing module completion dates.
Quarterly: #Send Channel Message to
#compliancewith org-wide completion stats via #Run Query.
Mandatory Training Assignment
Playbooks
/
Mandatory Training Assignment
Mandatory Training Assignment
Created by
Console Team
Published
HR
Workday
Vanta
Trigger
Scheduled — every day at 10:00 AM America/Chicago (also triggered from HR-1 for new hires)
Instructions
Determine which employees need assignment:
For new hires: passed in from HR-1.
For cadence-based: #Custom Workday Query Workers with
last_training_completion < {{cadence}}(annual / biannual).For role changes: from HR-6.
For each employee:
#Lookup Users with
includeManageranddepartment.Determine required modules based on role:
All employees → security awareness, harassment prevention, code of conduct, GDPR awareness.
Engineering → secure coding, OWASP top 10.
Finance → SOX awareness, anti-fraud.
Sales → MAP-compliant selling, customer data handling.
Managers → manager training, performance feedback, anti-harassment leader training.
#Custom LearnUpon Assign Modules with the matching module IDs and a 30-day completion deadline.
#Send Direct Message to the employee with: list of assigned modules, total estimated time, deadline, LearnUpon link.
schedule_action wakes at day 7, 14, 21, 30, 60, 90:
On each wake, #custom LearnUpon Get Completion Status for the employee.
If incomplete:
Day 7, 14, 21 → #Send Direct Message reminder.
Day 30 → #Send Direct Message to manager + employee: "Overdue."
Day 60 → #Send Channel Message to
#hrbpwith the employee.Day 90 → #Send Direct Message to HRBP + employee's skip-level manager; flag in HRIS.
On completion:
#Custom Vanta Upload Evidence with the completion certificate.
#Send Direct Message to the employee with a thank-you.
#Leave Internal Note capturing module completion dates.
Quarterly: #Send Channel Message to
#compliancewith org-wide completion stats via #Run Query.
Milestone Moments
Playbooks
/
Milestone Moments
Milestone Moments
Created by
Console Team
Published
HR
Workday
Ramp
Trigger
Scheduled — every day at 8:00 AM America/Chicago
Instructions
#Custom Workday Query Today's Anniversaries for tenure anniversaries today (1/3/5/10 year).
#Custom Workday Query Today's Birthdays for birthdays today.
#Custom Workday Query Today's Major Milestones for promotions, parental return, etc.
For each anniversary:
#Lookup Users with
includeManager.Pick a personalized message template (1-year vs 5-year vs 10-year).
#Send Channel Message to
#anniversarieswith a celebration message including tenure, role evolution (if available from Workday history).
For tenure milestones (1/3/5/10 year):
#Custom Bonusly Send Tenure Recognition with the matching point amount.
For 5+ year tenure, #custom Send Tenure Gift via Ramp.
#Send Direct Message to each manager nudging recognition: "{{report.name}} hits {{tenure}} years today — drop a note in {{team-channel}}?"
For birthdays:
#Send Direct Message to the employee (private) with a birthday greeting.
If the employee has opted in to public birthdays (check HRIS field): #Send Channel Message to their team channel.
For major milestones (e.g. parental return, promotion announcement):
#Custom Get Milestone Detail to compose the right message.
#Send Channel Message to the appropriate channel.
#Leave Internal Note for audit.
Milestone Moments
Playbooks
/
Milestone Moments
Milestone Moments
Created by
Console Team
Published
HR
Workday
Ramp
Trigger
Scheduled — every day at 8:00 AM America/Chicago
Instructions
#Custom Workday Query Today's Anniversaries for tenure anniversaries today (1/3/5/10 year).
#Custom Workday Query Today's Birthdays for birthdays today.
#Custom Workday Query Today's Major Milestones for promotions, parental return, etc.
For each anniversary:
#Lookup Users with
includeManager.Pick a personalized message template (1-year vs 5-year vs 10-year).
#Send Channel Message to
#anniversarieswith a celebration message including tenure, role evolution (if available from Workday history).
For tenure milestones (1/3/5/10 year):
#Custom Bonusly Send Tenure Recognition with the matching point amount.
For 5+ year tenure, #custom Send Tenure Gift via Ramp.
#Send Direct Message to each manager nudging recognition: "{{report.name}} hits {{tenure}} years today — drop a note in {{team-channel}}?"
For birthdays:
#Send Direct Message to the employee (private) with a birthday greeting.
If the employee has opted in to public birthdays (check HRIS field): #Send Channel Message to their team channel.
For major milestones (e.g. parental return, promotion announcement):
#Custom Get Milestone Detail to compose the right message.
#Send Channel Message to the appropriate channel.
#Leave Internal Note for audit.
Milestone Moments
Playbooks
/
Milestone Moments
Milestone Moments
Created by
Console Team
Published
HR
Workday
Ramp
Trigger
Scheduled — every day at 8:00 AM America/Chicago
Instructions
#Custom Workday Query Today's Anniversaries for tenure anniversaries today (1/3/5/10 year).
#Custom Workday Query Today's Birthdays for birthdays today.
#Custom Workday Query Today's Major Milestones for promotions, parental return, etc.
For each anniversary:
#Lookup Users with
includeManager.Pick a personalized message template (1-year vs 5-year vs 10-year).
#Send Channel Message to
#anniversarieswith a celebration message including tenure, role evolution (if available from Workday history).
For tenure milestones (1/3/5/10 year):
#Custom Bonusly Send Tenure Recognition with the matching point amount.
For 5+ year tenure, #custom Send Tenure Gift via Ramp.
#Send Direct Message to each manager nudging recognition: "{{report.name}} hits {{tenure}} years today — drop a note in {{team-channel}}?"
For birthdays:
#Send Direct Message to the employee (private) with a birthday greeting.
If the employee has opted in to public birthdays (check HRIS field): #Send Channel Message to their team channel.
For major milestones (e.g. parental return, promotion announcement):
#Custom Get Milestone Detail to compose the right message.
#Send Channel Message to the appropriate channel.
#Leave Internal Note for audit.
Month-End Close Coordination
Playbooks
/
Month-End Close Coordination
Month-End Close Coordination
Created by
Console Team
Published
Finance
Linear
Trigger
Scheduled — 3 business days before month end at 8:00 AM America/Chicago
Instructions
$Custom Get Close Checklist for standard items by team (rev cutoff, accruals, JEs, bank rec, AP cutoff, AR cutoff, sub rollforward, intercompany rec, tax accruals).
For each item:
#Create Linear Issue in Close project.
Day -3:
DM each owner with items + deadlines.
#Send Channel Message to
#finance-closewith kickoff + pinned status board.
Day -3 through +5:
schedule_action daily wakes at 4:00 PM:
DM overdue owners.
24h overdue → cc manager.
48h overdue blocking → #Send Channel Message to
#finance-close.
Daily status at EOD: completed / in-progress / blockers / due-tomorrow.
Day +5 (target close):
All closed → #Send Channel Message to
#finance-leadsdeclaring complete.Items remain → escalate to controller + CFO.
Post-close:
Month-End Close Coordination
Playbooks
/
Month-End Close Coordination
Month-End Close Coordination
Created by
Console Team
Published
Finance
Linear
Trigger
Scheduled — 3 business days before month end at 8:00 AM America/Chicago
Instructions
$Custom Get Close Checklist for standard items by team (rev cutoff, accruals, JEs, bank rec, AP cutoff, AR cutoff, sub rollforward, intercompany rec, tax accruals).
For each item:
#Create Linear Issue in Close project.
Day -3:
DM each owner with items + deadlines.
#Send Channel Message to
#finance-closewith kickoff + pinned status board.
Day -3 through +5:
schedule_action daily wakes at 4:00 PM:
DM overdue owners.
24h overdue → cc manager.
48h overdue blocking → #Send Channel Message to
#finance-close.
Daily status at EOD: completed / in-progress / blockers / due-tomorrow.
Day +5 (target close):
All closed → #Send Channel Message to
#finance-leadsdeclaring complete.Items remain → escalate to controller + CFO.
Post-close:
Month-End Close Coordination
Playbooks
/
Month-End Close Coordination
Month-End Close Coordination
Created by
Console Team
Published
Finance
Linear
Trigger
Scheduled — 3 business days before month end at 8:00 AM America/Chicago
Instructions
$Custom Get Close Checklist for standard items by team (rev cutoff, accruals, JEs, bank rec, AP cutoff, AR cutoff, sub rollforward, intercompany rec, tax accruals).
For each item:
#Create Linear Issue in Close project.
Day -3:
DM each owner with items + deadlines.
#Send Channel Message to
#finance-closewith kickoff + pinned status board.
Day -3 through +5:
schedule_action daily wakes at 4:00 PM:
DM overdue owners.
24h overdue → cc manager.
48h overdue blocking → #Send Channel Message to
#finance-close.
Daily status at EOD: completed / in-progress / blockers / due-tomorrow.
Day +5 (target close):
All closed → #Send Channel Message to
#finance-leadsdeclaring complete.Items remain → escalate to controller + CFO.
Post-close:
MSA & SOW From Templates
Playbooks
/
MSA & SOW From Templates
MSA & SOW From Templates
Created by
Console Team
Published
Legal
HubSpot
Salesforce
DocuSign
Trigger
Webhook — HubSpot/Salesforce deal stage transition to Proposal Variables: $deal.id, $deal.amount, $deal.ownerId, $deal.companyId, $deal.products, $deal.term
Instructions
#Get HubSpot Deal Details with Activity Timeline.
#Lookup Users on
$deal.ownerId(AE).Determine doc type:
Existing signed MSA → SOW only.
Else → MSA + SOW (or MSA only if not service-based).
#Custom Ironclad Check Existing MSA for counterparty.
Identify template:
#Custom Ironclad Get MSA Template based on customer type, region, product line, data sensitivity.
Generate first draft:
#Custom Ironclad Generate From Template with parties (legal entities), effective date, term, pricing (from deal amount + product mix), products, payment terms, special provisions from deal notes.
Validation:
#Custom Validate Generated Contract for merge fields + template errors.
Save to Ironclad:
#Custom Ironclad Create Workflow with type "Customer MSA First Draft".
Notify legal:
#Send Direct Message to commercial counsel with deal context.
AE notification:
#Send Direct Message: "MSA first draft generated for {{customer}}. Now in legal review."
schedule_action wake at 3 days; if legal hasn't moved → #Send Direct Message to legal lead.
On legal sign-off, #Send Direct Message to AE with the approved doc and DocuSign instructions.
#Create HubSpot Note on Deal with draft + workflow ID.
#Send Channel Message to
#legal-drafts.
MSA & SOW From Templates
Playbooks
/
MSA & SOW From Templates
MSA & SOW From Templates
Created by
Console Team
Published
Legal
HubSpot
Salesforce
DocuSign
Trigger
Webhook — HubSpot/Salesforce deal stage transition to Proposal Variables: $deal.id, $deal.amount, $deal.ownerId, $deal.companyId, $deal.products, $deal.term
Instructions
#Get HubSpot Deal Details with Activity Timeline.
#Lookup Users on
$deal.ownerId(AE).Determine doc type:
Existing signed MSA → SOW only.
Else → MSA + SOW (or MSA only if not service-based).
#Custom Ironclad Check Existing MSA for counterparty.
Identify template:
#Custom Ironclad Get MSA Template based on customer type, region, product line, data sensitivity.
Generate first draft:
#Custom Ironclad Generate From Template with parties (legal entities), effective date, term, pricing (from deal amount + product mix), products, payment terms, special provisions from deal notes.
Validation:
#Custom Validate Generated Contract for merge fields + template errors.
Save to Ironclad:
#Custom Ironclad Create Workflow with type "Customer MSA First Draft".
Notify legal:
#Send Direct Message to commercial counsel with deal context.
AE notification:
#Send Direct Message: "MSA first draft generated for {{customer}}. Now in legal review."
schedule_action wake at 3 days; if legal hasn't moved → #Send Direct Message to legal lead.
On legal sign-off, #Send Direct Message to AE with the approved doc and DocuSign instructions.
#Create HubSpot Note on Deal with draft + workflow ID.
#Send Channel Message to
#legal-drafts.
MSA & SOW From Templates
Playbooks
/
MSA & SOW From Templates
MSA & SOW From Templates
Created by
Console Team
Published
Legal
HubSpot
Salesforce
DocuSign
Trigger
Webhook — HubSpot/Salesforce deal stage transition to Proposal Variables: $deal.id, $deal.amount, $deal.ownerId, $deal.companyId, $deal.products, $deal.term
Instructions
#Get HubSpot Deal Details with Activity Timeline.
#Lookup Users on
$deal.ownerId(AE).Determine doc type:
Existing signed MSA → SOW only.
Else → MSA + SOW (or MSA only if not service-based).
#Custom Ironclad Check Existing MSA for counterparty.
Identify template:
#Custom Ironclad Get MSA Template based on customer type, region, product line, data sensitivity.
Generate first draft:
#Custom Ironclad Generate From Template with parties (legal entities), effective date, term, pricing (from deal amount + product mix), products, payment terms, special provisions from deal notes.
Validation:
#Custom Validate Generated Contract for merge fields + template errors.
Save to Ironclad:
#Custom Ironclad Create Workflow with type "Customer MSA First Draft".
Notify legal:
#Send Direct Message to commercial counsel with deal context.
AE notification:
#Send Direct Message: "MSA first draft generated for {{customer}}. Now in legal review."
schedule_action wake at 3 days; if legal hasn't moved → #Send Direct Message to legal lead.
On legal sign-off, #Send Direct Message to AE with the approved doc and DocuSign instructions.
#Create HubSpot Note on Deal with draft + workflow ID.
#Send Channel Message to
#legal-drafts.
NDA Generation
Playbooks
/
NDA Generation
NDA Generation
Created by
Console Team
Published
Legal
DocuSign
Ironclad
+1
Trigger
Requester asks for an NDA.
Instructions
#Trigger Form to collect:
NDA type (mutual / unilateral one-way / reciprocal).
Counterparty type (vendor / customer / partner / candidate / investor / acquisition target).
Counterparty legal name + contact email.
Counterparty jurisdiction.
Purpose (what's being discussed).
Term (1 year / 2 year / 5 year / perpetual).
Special provisions (mutual non-solicit, residual knowledge, etc.).
#Lookup Users on the requester.
Pick template:
#Custom Ironclad Get NDA Template based on type + jurisdiction.
For acquisition / investor → enhanced NDA with fact-of-discussions confidentiality.
Prefill:
Counterparty details, effective date (today), term, purpose, special provisions.
Validate:
#Custom Validate NDA Filled to catch missed merge fields.
Non-standard provisions → route through counsel.
Branch:
Standard NDA → no legal review; AE sends.
Non-standard → #Request Approval from counsel.
Send for signature:
#Custom DocuSign Send NDA to counterparty + requester (or designated signer).
Capture envelope ID.
#Send Direct Message to requester with DocuSign link, signature window, follow-up guidance.
schedule_action wake at 3 days; if unsigned, #Send Direct Message reminder.
On signature:
#Custom Ironclad Update Status to "Fully Executed".
#Custom Save Signed NDA to Vault.
#Send Direct Message confirming.
#Send Channel Message to
#legal-ndas.
NDA Generation
Playbooks
/
NDA Generation
NDA Generation
Created by
Console Team
Published
Legal
DocuSign
Ironclad
+1
Trigger
Requester asks for an NDA.
Instructions
#Trigger Form to collect:
NDA type (mutual / unilateral one-way / reciprocal).
Counterparty type (vendor / customer / partner / candidate / investor / acquisition target).
Counterparty legal name + contact email.
Counterparty jurisdiction.
Purpose (what's being discussed).
Term (1 year / 2 year / 5 year / perpetual).
Special provisions (mutual non-solicit, residual knowledge, etc.).
#Lookup Users on the requester.
Pick template:
#Custom Ironclad Get NDA Template based on type + jurisdiction.
For acquisition / investor → enhanced NDA with fact-of-discussions confidentiality.
Prefill:
Counterparty details, effective date (today), term, purpose, special provisions.
Validate:
#Custom Validate NDA Filled to catch missed merge fields.
Non-standard provisions → route through counsel.
Branch:
Standard NDA → no legal review; AE sends.
Non-standard → #Request Approval from counsel.
Send for signature:
#Custom DocuSign Send NDA to counterparty + requester (or designated signer).
Capture envelope ID.
#Send Direct Message to requester with DocuSign link, signature window, follow-up guidance.
schedule_action wake at 3 days; if unsigned, #Send Direct Message reminder.
On signature:
#Custom Ironclad Update Status to "Fully Executed".
#Custom Save Signed NDA to Vault.
#Send Direct Message confirming.
#Send Channel Message to
#legal-ndas.
NDA Generation
Playbooks
/
NDA Generation
NDA Generation
Created by
Console Team
Published
Legal
DocuSign
Ironclad
+1
Trigger
Requester asks for an NDA.
Instructions
#Trigger Form to collect:
NDA type (mutual / unilateral one-way / reciprocal).
Counterparty type (vendor / customer / partner / candidate / investor / acquisition target).
Counterparty legal name + contact email.
Counterparty jurisdiction.
Purpose (what's being discussed).
Term (1 year / 2 year / 5 year / perpetual).
Special provisions (mutual non-solicit, residual knowledge, etc.).
#Lookup Users on the requester.
Pick template:
#Custom Ironclad Get NDA Template based on type + jurisdiction.
For acquisition / investor → enhanced NDA with fact-of-discussions confidentiality.
Prefill:
Counterparty details, effective date (today), term, purpose, special provisions.
Validate:
#Custom Validate NDA Filled to catch missed merge fields.
Non-standard provisions → route through counsel.
Branch:
Standard NDA → no legal review; AE sends.
Non-standard → #Request Approval from counsel.
Send for signature:
#Custom DocuSign Send NDA to counterparty + requester (or designated signer).
Capture envelope ID.
#Send Direct Message to requester with DocuSign link, signature window, follow-up guidance.
schedule_action wake at 3 days; if unsigned, #Send Direct Message reminder.
On signature:
#Custom Ironclad Update Status to "Fully Executed".
#Custom Save Signed NDA to Vault.
#Send Direct Message confirming.
#Send Channel Message to
#legal-ndas.
Network Troubleshooting
Playbooks
/
Network Troubleshooting
Network Troubleshooting
Created by
Console Team
Published
IT
Okta
Kandji
Linear
+1
Trigger
Requester reports WiFi/VPN/connectivity issues ("VPN keeps dropping every 20 min", "can't reach internal DNS", "Berlin office connectivity slow").
Instructions
#Lookup Users on the requester with
includeManagerto get location.#List Devices (Kandji) to identify their device(s).
#Trigger Form to collect:
Symptom (drops / slow / can't connect / DNS / VPN)
Office or remote
When it started
Frequency
Check upstream first:
#List Meter Networks for the user's office.
#Get Meter ISP Connectivity to confirm WAN is healthy.
#Diagnose Meter Access Point for the AP they're connected to.
If WAN or AP issue → escalate to networking (skip to step 9).
Check user-side:
#Get Meter Client by MAC Address to see if the user's device is associated and healthy.
#Search Okta System Log Custom for VPN/SSO failures in the last hour.
#Get Device Details for Kandji-reported network config.
Attempt remediation:
VPN drops → custom Re-establish VPN Tunnel action.
DNS → #Create Kandji Custom Script to flush DNS cache and reset network interfaces.
Slow → run iperf script via Kandji and compare to baseline.
Ask via #Send Direct Message if it's resolved after each remediation.
If resolved → #Resolve Request.
If unresolved or upstream issue: #Create Linear Issue in the networking project with the diagnostic bundle.
#Send Channel Message to
#network-opsfor upstream issues.#Send Direct Message to the user with escalation and expected timeline.
#Leave Internal Note with full diagnostic trail.
Network Troubleshooting
Playbooks
/
Network Troubleshooting
Network Troubleshooting
Created by
Console Team
Published
IT
Okta
Kandji
Linear
+1
Trigger
Requester reports WiFi/VPN/connectivity issues ("VPN keeps dropping every 20 min", "can't reach internal DNS", "Berlin office connectivity slow").
Instructions
#Lookup Users on the requester with
includeManagerto get location.#List Devices (Kandji) to identify their device(s).
#Trigger Form to collect:
Symptom (drops / slow / can't connect / DNS / VPN)
Office or remote
When it started
Frequency
Check upstream first:
#List Meter Networks for the user's office.
#Get Meter ISP Connectivity to confirm WAN is healthy.
#Diagnose Meter Access Point for the AP they're connected to.
If WAN or AP issue → escalate to networking (skip to step 9).
Check user-side:
#Get Meter Client by MAC Address to see if the user's device is associated and healthy.
#Search Okta System Log Custom for VPN/SSO failures in the last hour.
#Get Device Details for Kandji-reported network config.
Attempt remediation:
VPN drops → custom Re-establish VPN Tunnel action.
DNS → #Create Kandji Custom Script to flush DNS cache and reset network interfaces.
Slow → run iperf script via Kandji and compare to baseline.
Ask via #Send Direct Message if it's resolved after each remediation.
If resolved → #Resolve Request.
If unresolved or upstream issue: #Create Linear Issue in the networking project with the diagnostic bundle.
#Send Channel Message to
#network-opsfor upstream issues.#Send Direct Message to the user with escalation and expected timeline.
#Leave Internal Note with full diagnostic trail.
Network Troubleshooting
Playbooks
/
Network Troubleshooting
Network Troubleshooting
Created by
Console Team
Published
IT
Okta
Kandji
Linear
+1
Trigger
Requester reports WiFi/VPN/connectivity issues ("VPN keeps dropping every 20 min", "can't reach internal DNS", "Berlin office connectivity slow").
Instructions
#Lookup Users on the requester with
includeManagerto get location.#List Devices (Kandji) to identify their device(s).
#Trigger Form to collect:
Symptom (drops / slow / can't connect / DNS / VPN)
Office or remote
When it started
Frequency
Check upstream first:
#List Meter Networks for the user's office.
#Get Meter ISP Connectivity to confirm WAN is healthy.
#Diagnose Meter Access Point for the AP they're connected to.
If WAN or AP issue → escalate to networking (skip to step 9).
Check user-side:
#Get Meter Client by MAC Address to see if the user's device is associated and healthy.
#Search Okta System Log Custom for VPN/SSO failures in the last hour.
#Get Device Details for Kandji-reported network config.
Attempt remediation:
VPN drops → custom Re-establish VPN Tunnel action.
DNS → #Create Kandji Custom Script to flush DNS cache and reset network interfaces.
Slow → run iperf script via Kandji and compare to baseline.
Ask via #Send Direct Message if it's resolved after each remediation.
If resolved → #Resolve Request.
If unresolved or upstream issue: #Create Linear Issue in the networking project with the diagnostic bundle.
#Send Channel Message to
#network-opsfor upstream issues.#Send Direct Message to the user with escalation and expected timeline.
#Leave Internal Note with full diagnostic trail.
New Cost Center & GL Setup
Playbooks
/
New Cost Center & GL Setup
New Cost Center & GL Setup
Created by
Console Team
Published
Finance
Workday
Ramp
NetSuite
+3
Trigger
Requester asks for new cost center or GL account.
Instructions
#Trigger Form for type, name + code, parent rollup, owner, budget allocation, purpose, effective date.
#Lookup Users on requester + owner.
Validate naming:
#Custom Validate Cost Center Code against standards.
Check duplicates:
#Request Approval from controller.
For new cost center with budget: also CFO.
On approval:
Downstream:
#Send Direct Message to requester with code; DM owner with responsibilities.
#Send Channel Message to
#finance-ops.
New Cost Center & GL Setup
Playbooks
/
New Cost Center & GL Setup
New Cost Center & GL Setup
Created by
Console Team
Published
Finance
Workday
Ramp
NetSuite
+3
Trigger
Requester asks for new cost center or GL account.
Instructions
#Trigger Form for type, name + code, parent rollup, owner, budget allocation, purpose, effective date.
#Lookup Users on requester + owner.
Validate naming:
#Custom Validate Cost Center Code against standards.
Check duplicates:
#Request Approval from controller.
For new cost center with budget: also CFO.
On approval:
Downstream:
#Send Direct Message to requester with code; DM owner with responsibilities.
#Send Channel Message to
#finance-ops.
New Cost Center & GL Setup
Playbooks
/
New Cost Center & GL Setup
New Cost Center & GL Setup
Created by
Console Team
Published
Finance
Workday
Ramp
NetSuite
+3
Trigger
Requester asks for new cost center or GL account.
Instructions
#Trigger Form for type, name + code, parent rollup, owner, budget allocation, purpose, effective date.
#Lookup Users on requester + owner.
Validate naming:
#Custom Validate Cost Center Code against standards.
Check duplicates:
#Request Approval from controller.
For new cost center with budget: also CFO.
On approval:
Downstream:
#Send Direct Message to requester with code; DM owner with responsibilities.
#Send Channel Message to
#finance-ops.
New Device Order
Playbooks
/
New Device Order
New Device Order
Created by
Console Team
Published
IT
Kandji
Apple Business Manager
+2
Trigger
User requests a new or replacement laptop, monitor, or peripheral.
Instructions
#Lookup Users on the requester with
includeManagerandincludeGroupsto get role, department, location.#Trigger Form to collect:
Device type (laptop / monitor / accessory)
Reason (new hire / refresh / replacement / additional)
Specific model preference
Shipping address (default to address on file)
Needed-by date
#List Devices (Kandji) to check existing assigned devices and age.
Validate against role's approved spec:
#Custom Zip Get Approved Spec action based on role.
If requester is asking for an above-spec model, capture the justification.
Determine approval tier:
<$2k → manager approval only.
$2k–$5k → manager + finance approval.
>$5k → manager + finance + VP approval.
#Request Approval chained per tier.
On approval, place the order:
#Custom Zip Create Order with line items.
#Custom CDW Place Order for actual procurement.
Or #custom Apple Business Order for Apple direct.
Capture the tracking number from the order response.
schedule_action wake daily until delivered to:
#Send Direct Message with the latest status if it changed.
On delivery confirmation:
#Kandji Assign ADE Device User to pre-assign the device.
#Send Direct Message with first-time setup instructions.
#Leave Internal Note capturing model, price, approvers, tracking.
#Resolve Request on delivery + setup confirmation.
New Device Order
Playbooks
/
New Device Order
New Device Order
Created by
Console Team
Published
IT
Kandji
Apple Business Manager
+2
Trigger
User requests a new or replacement laptop, monitor, or peripheral.
Instructions
#Lookup Users on the requester with
includeManagerandincludeGroupsto get role, department, location.#Trigger Form to collect:
Device type (laptop / monitor / accessory)
Reason (new hire / refresh / replacement / additional)
Specific model preference
Shipping address (default to address on file)
Needed-by date
#List Devices (Kandji) to check existing assigned devices and age.
Validate against role's approved spec:
#Custom Zip Get Approved Spec action based on role.
If requester is asking for an above-spec model, capture the justification.
Determine approval tier:
<$2k → manager approval only.
$2k–$5k → manager + finance approval.
>$5k → manager + finance + VP approval.
#Request Approval chained per tier.
On approval, place the order:
#Custom Zip Create Order with line items.
#Custom CDW Place Order for actual procurement.
Or #custom Apple Business Order for Apple direct.
Capture the tracking number from the order response.
schedule_action wake daily until delivered to:
#Send Direct Message with the latest status if it changed.
On delivery confirmation:
#Kandji Assign ADE Device User to pre-assign the device.
#Send Direct Message with first-time setup instructions.
#Leave Internal Note capturing model, price, approvers, tracking.
#Resolve Request on delivery + setup confirmation.
New Device Order
Playbooks
/
New Device Order
New Device Order
Created by
Console Team
Published
IT
Kandji
Apple Business Manager
+2
Trigger
User requests a new or replacement laptop, monitor, or peripheral.
Instructions
#Lookup Users on the requester with
includeManagerandincludeGroupsto get role, department, location.#Trigger Form to collect:
Device type (laptop / monitor / accessory)
Reason (new hire / refresh / replacement / additional)
Specific model preference
Shipping address (default to address on file)
Needed-by date
#List Devices (Kandji) to check existing assigned devices and age.
Validate against role's approved spec:
#Custom Zip Get Approved Spec action based on role.
If requester is asking for an above-spec model, capture the justification.
Determine approval tier:
<$2k → manager approval only.
$2k–$5k → manager + finance approval.
>$5k → manager + finance + VP approval.
#Request Approval chained per tier.
On approval, place the order:
#Custom Zip Create Order with line items.
#Custom CDW Place Order for actual procurement.
Or #custom Apple Business Order for Apple direct.
Capture the tracking number from the order response.
schedule_action wake daily until delivered to:
#Send Direct Message with the latest status if it changed.
On delivery confirmation:
#Kandji Assign ADE Device User to pre-assign the device.
#Send Direct Message with first-time setup instructions.
#Leave Internal Note capturing model, price, approvers, tracking.
#Resolve Request on delivery + setup confirmation.
New Hire Onboarding
Playbooks
/
New Hire Onboarding
New Hire Onboarding
Created by
Console Team
Published
HR
Google Calendar
Slack
Workday
+1
Trigger
Webhook — Workday/HiBob/Rippling worker.hired Variables: $employee.email, $employee.firstName, $employee.lastName, $employee.preferredName, $employee.startDate, $employee.managerEmail, $employee.team, $employee.location, $employee.title, $employee.personalEmail
Instructions
#Lookup Users to resolve the manager record from
$employee.managerEmail.Determine the buddy:
#Search Graph the HR ingest for active team members on
$employee.teamwith tenure >6 months.Pick one not already buddying for someone else; capture buddy email.
Pre-day-1 (fires immediately on webhook):
#Send Email to
$employee.personalEmailwith the welcome packet: handbook link, benefits enrollment link, day-1 logistics, dress code, what-to-bring, parking/transit info, manager intro.Attach the team intro doc and the location-specific office welcome PDF.
Day-1 calendar (fires 3 business days before
$employee.startDate):#Custom Google Calendar Create Event for a 30-min day-1 manager intro at 10:00 AM local on
$employee.startDate. Invite$employee.email, manager, and HRBP.#Custom Google Calendar Create Event for buddy lunch at 12:30 PM local on day 2. Invite
$employee.emailand the buddy.#Custom Google Calendar Create Event for HR orientation at 2:00 PM local on day 1.
#Custom Google Calendar Create Event for day-1 IT setup walkthrough at 9:00 AM local.
Slack onboarding (fires on
$employee.startDateat 9:00 AM local):#Add Users To Channel for
#welcome,#all-hands,#{{team}}, and#{{location}}-office.#Send Channel Message to
#welcomeintroducing the new hire with their preferred name, title, team, fun fact (collected via pre-start form if available), and a "say hi" prompt.
Team channel intro:
#Send Channel Message to
#{{team}}with a fuller bio and the manager tagged.
Manager + buddy nudge:
#Send Direct Message to the manager: pre-start checklist (set up 1:1 cadence, prep first-week agenda, intro to key collaborators).
#Send Direct Message to the buddy: their role (informal questions, lunch on day 2, check-in at end of week 1).
schedule_action wake at end of day 1 to confirm with the new hire via #Send Direct Message: "How did day 1 go? Anything blocking you?"
#Leave Internal Note capturing manager, buddy, calendar event IDs
New Hire Onboarding
Playbooks
/
New Hire Onboarding
New Hire Onboarding
Created by
Console Team
Published
HR
Google Calendar
Slack
Workday
+1
Trigger
Webhook — Workday/HiBob/Rippling worker.hired Variables: $employee.email, $employee.firstName, $employee.lastName, $employee.preferredName, $employee.startDate, $employee.managerEmail, $employee.team, $employee.location, $employee.title, $employee.personalEmail
Instructions
#Lookup Users to resolve the manager record from
$employee.managerEmail.Determine the buddy:
#Search Graph the HR ingest for active team members on
$employee.teamwith tenure >6 months.Pick one not already buddying for someone else; capture buddy email.
Pre-day-1 (fires immediately on webhook):
#Send Email to
$employee.personalEmailwith the welcome packet: handbook link, benefits enrollment link, day-1 logistics, dress code, what-to-bring, parking/transit info, manager intro.Attach the team intro doc and the location-specific office welcome PDF.
Day-1 calendar (fires 3 business days before
$employee.startDate):#Custom Google Calendar Create Event for a 30-min day-1 manager intro at 10:00 AM local on
$employee.startDate. Invite$employee.email, manager, and HRBP.#Custom Google Calendar Create Event for buddy lunch at 12:30 PM local on day 2. Invite
$employee.emailand the buddy.#Custom Google Calendar Create Event for HR orientation at 2:00 PM local on day 1.
#Custom Google Calendar Create Event for day-1 IT setup walkthrough at 9:00 AM local.
Slack onboarding (fires on
$employee.startDateat 9:00 AM local):#Add Users To Channel for
#welcome,#all-hands,#{{team}}, and#{{location}}-office.#Send Channel Message to
#welcomeintroducing the new hire with their preferred name, title, team, fun fact (collected via pre-start form if available), and a "say hi" prompt.
Team channel intro:
#Send Channel Message to
#{{team}}with a fuller bio and the manager tagged.
Manager + buddy nudge:
#Send Direct Message to the manager: pre-start checklist (set up 1:1 cadence, prep first-week agenda, intro to key collaborators).
#Send Direct Message to the buddy: their role (informal questions, lunch on day 2, check-in at end of week 1).
schedule_action wake at end of day 1 to confirm with the new hire via #Send Direct Message: "How did day 1 go? Anything blocking you?"
#Leave Internal Note capturing manager, buddy, calendar event IDs
New Hire Onboarding
Playbooks
/
New Hire Onboarding
New Hire Onboarding
Created by
Console Team
Published
HR
Google Calendar
Slack
Workday
+1
Trigger
Webhook — Workday/HiBob/Rippling worker.hired Variables: $employee.email, $employee.firstName, $employee.lastName, $employee.preferredName, $employee.startDate, $employee.managerEmail, $employee.team, $employee.location, $employee.title, $employee.personalEmail
Instructions
#Lookup Users to resolve the manager record from
$employee.managerEmail.Determine the buddy:
#Search Graph the HR ingest for active team members on
$employee.teamwith tenure >6 months.Pick one not already buddying for someone else; capture buddy email.
Pre-day-1 (fires immediately on webhook):
#Send Email to
$employee.personalEmailwith the welcome packet: handbook link, benefits enrollment link, day-1 logistics, dress code, what-to-bring, parking/transit info, manager intro.Attach the team intro doc and the location-specific office welcome PDF.
Day-1 calendar (fires 3 business days before
$employee.startDate):#Custom Google Calendar Create Event for a 30-min day-1 manager intro at 10:00 AM local on
$employee.startDate. Invite$employee.email, manager, and HRBP.#Custom Google Calendar Create Event for buddy lunch at 12:30 PM local on day 2. Invite
$employee.emailand the buddy.#Custom Google Calendar Create Event for HR orientation at 2:00 PM local on day 1.
#Custom Google Calendar Create Event for day-1 IT setup walkthrough at 9:00 AM local.
Slack onboarding (fires on
$employee.startDateat 9:00 AM local):#Add Users To Channel for
#welcome,#all-hands,#{{team}}, and#{{location}}-office.#Send Channel Message to
#welcomeintroducing the new hire with their preferred name, title, team, fun fact (collected via pre-start form if available), and a "say hi" prompt.
Team channel intro:
#Send Channel Message to
#{{team}}with a fuller bio and the manager tagged.
Manager + buddy nudge:
#Send Direct Message to the manager: pre-start checklist (set up 1:1 cadence, prep first-week agenda, intro to key collaborators).
#Send Direct Message to the buddy: their role (informal questions, lunch on day 2, check-in at end of week 1).
schedule_action wake at end of day 1 to confirm with the new hire via #Send Direct Message: "How did day 1 go? Anything blocking you?"
#Leave Internal Note capturing manager, buddy, calendar event IDs
New Hire Provisioning
Playbooks
/
New Hire Provisioning
New Hire Provisioning
Created by
Console Team
Published
IT
Okta
Google Calendar
Slack
+5
Trigger
Webhook — Workday/HiBob/Rippling worker.hired Variables: $employee.email, $employee.firstName, $employee.lastName, $employee.role, $employee.department, $employee.startDate, $employee.managerEmail, $employee.location, $employee.shippingAddress
Instructions
Use #Lookup Users to resolve the manager record from
$employee.managerEmail.Determine the provisioning bundle based on
$employee.department:Engineering → GitHub, Datadog, AWS sandbox
Sales → Salesforce, Gong, Outreach, Sales Nav
All → Okta, Google Workspace, Slack
Use #Create Okta User (Staged) with the email, first/last name, department, and manager.
Use #Activate Okta User to activate the account and send the activation email.
For each baseline group, call #Add to Group (Okta):
all-employees, the department group, and the location group.Use #Add to Group (Google) for
all@,{{department}}@, and{{location}}@.If
$employee.department == "Engineering": #Invite User to Org (GitHub), #Add User to Team for the right team, #Invite User to Datadog, and grant AWS sandbox via #AWS IAM - List Attached User Policies + custom IAM attach.If
$employee.department == "Sales": invite to Salesforce, Gong, Outreach, Sales Nav (custom actions).Use #Kandji Assign ADE Device User to pre-assign a device to
$employee.emailand ship to$employee.shippingAddress.Use #List Google Calendar Events to find the manager's calendar, then create a day-1 intro event and a buddy lunch via Google Calendar.
Use #Invite to Channel to add the user to
#welcome,#all-hands, and their team channel.Use schedule_action to wake on Monday 9am
$employee.locationtime to post a welcome thread in the team channel via #Send Channel Message.
New Hire Provisioning
Playbooks
/
New Hire Provisioning
New Hire Provisioning
Created by
Console Team
Published
IT
Okta
Google Calendar
Slack
+5
Trigger
Webhook — Workday/HiBob/Rippling worker.hired Variables: $employee.email, $employee.firstName, $employee.lastName, $employee.role, $employee.department, $employee.startDate, $employee.managerEmail, $employee.location, $employee.shippingAddress
Instructions
Use #Lookup Users to resolve the manager record from
$employee.managerEmail.Determine the provisioning bundle based on
$employee.department:Engineering → GitHub, Datadog, AWS sandbox
Sales → Salesforce, Gong, Outreach, Sales Nav
All → Okta, Google Workspace, Slack
Use #Create Okta User (Staged) with the email, first/last name, department, and manager.
Use #Activate Okta User to activate the account and send the activation email.
For each baseline group, call #Add to Group (Okta):
all-employees, the department group, and the location group.Use #Add to Group (Google) for
all@,{{department}}@, and{{location}}@.If
$employee.department == "Engineering": #Invite User to Org (GitHub), #Add User to Team for the right team, #Invite User to Datadog, and grant AWS sandbox via #AWS IAM - List Attached User Policies + custom IAM attach.If
$employee.department == "Sales": invite to Salesforce, Gong, Outreach, Sales Nav (custom actions).Use #Kandji Assign ADE Device User to pre-assign a device to
$employee.emailand ship to$employee.shippingAddress.Use #List Google Calendar Events to find the manager's calendar, then create a day-1 intro event and a buddy lunch via Google Calendar.
Use #Invite to Channel to add the user to
#welcome,#all-hands, and their team channel.Use schedule_action to wake on Monday 9am
$employee.locationtime to post a welcome thread in the team channel via #Send Channel Message.
New Hire Provisioning
Playbooks
/
New Hire Provisioning
New Hire Provisioning
Created by
Console Team
Published
IT
Okta
Google Calendar
Slack
+5
Trigger
Webhook — Workday/HiBob/Rippling worker.hired Variables: $employee.email, $employee.firstName, $employee.lastName, $employee.role, $employee.department, $employee.startDate, $employee.managerEmail, $employee.location, $employee.shippingAddress
Instructions
Use #Lookup Users to resolve the manager record from
$employee.managerEmail.Determine the provisioning bundle based on
$employee.department:Engineering → GitHub, Datadog, AWS sandbox
Sales → Salesforce, Gong, Outreach, Sales Nav
All → Okta, Google Workspace, Slack
Use #Create Okta User (Staged) with the email, first/last name, department, and manager.
Use #Activate Okta User to activate the account and send the activation email.
For each baseline group, call #Add to Group (Okta):
all-employees, the department group, and the location group.Use #Add to Group (Google) for
all@,{{department}}@, and{{location}}@.If
$employee.department == "Engineering": #Invite User to Org (GitHub), #Add User to Team for the right team, #Invite User to Datadog, and grant AWS sandbox via #AWS IAM - List Attached User Policies + custom IAM attach.If
$employee.department == "Sales": invite to Salesforce, Gong, Outreach, Sales Nav (custom actions).Use #Kandji Assign ADE Device User to pre-assign a device to
$employee.emailand ship to$employee.shippingAddress.Use #List Google Calendar Events to find the manager's calendar, then create a day-1 intro event and a buddy lunch via Google Calendar.
Use #Invite to Channel to add the user to
#welcome,#all-hands, and their team channel.Use schedule_action to wake on Monday 9am
$employee.locationtime to post a welcome thread in the team channel via #Send Channel Message.
New Sales Hire Onboarding
Playbooks
/
New Sales Hire Onboarding
New Sales Hire Onboarding
Created by
Console Team
Published
RevOps
Okta
Google Calendar
Google Sheet
+6
Trigger
Webhook — HRIS worker.hired with department = Sales Variables: $employee.email, $employee.startDate, $employee.role, $employee.managerEmail, $employee.location, $employee.team
Instructions
#Lookup Users on
$employee.emailwithincludeManagerafter IT-1 provisioning has created the Okta user.CRM provisioning:
#Custom Salesforce Create User (or HubSpot) with sales-role profile, role hierarchy, license.
#Custom Salesforce Assign Permission Set for sales-team permissions.
Engagement tools:
#Custom Gong Provision Seat with the role-appropriate seat type (call recording / Gong Engage).
#Custom Outreach Provision User with the team setting.
#Custom Salesloft Provision User if used as alternative to Outreach.
Quota and territory:
#Custom CaptivateIQ Add Plan with the comp plan for
$employee.role.#Custom Append Row to Google Sheet for the team's quota sheet with quota assignment.
#Custom Salesforce Assign Territory based on
$employee.locationand team.#Custom Salesforce CPQ Grant Access for product configuration.
Communications:
#Add Users To Channel for:
#sales,#sales-floor,#sales-{{region}},#sales-{{segment}},#wins,#deal-ops.#Custom Add to Slack Sales Usergroup for
@sales-{{team}}.
Financial:
#Invite Ramp User to issue a Ramp card with the team's spending limits.
#Custom Set Ramp Limit based on role (SDR / AE / Manager).
Sales enablement:
#Custom Highspot Provision User for the sales content library.
#Custom MindTickle Assign Onboarding Path for the role-based ramp curriculum.
#Send Email with the link to the onboarding hub.
Calendar setup:
#Custom Google Calendar Create Event series for:
Day 1: sales manager 1:1.
Day 3: SDR/AE buddy shadowing.
Day 5: SE shadow.
Day 7: CSM intro session.
Week 2: deal review observation.
Week 4: first roleplay session.
Books and curriculum:
#Send Email with: sales playbook link, ICP definition doc, competitive battle cards, pricing doc, demo script, product training videos.
Ramp metrics:
schedule_action wake at end of week 1, 2, 4 to send a "how's it going?" pulse.
On each wake: #Send Direct Message to new hire + manager with a brief check-in form.
Manager prep:
#Send Direct Message to manager: ramp expectations, first-30/60/90 milestones, role-specific coaching tips.
Welcome:
#Send Channel Message to
#saleswelcoming the new hire with bio + previous experience.
#Leave Internal Note capturing all provisioning + onboarding artifacts.
New Sales Hire Onboarding
Playbooks
/
New Sales Hire Onboarding
New Sales Hire Onboarding
Created by
Console Team
Published
RevOps
Okta
Google Calendar
Google Sheet
+6
Trigger
Webhook — HRIS worker.hired with department = Sales Variables: $employee.email, $employee.startDate, $employee.role, $employee.managerEmail, $employee.location, $employee.team
Instructions
#Lookup Users on
$employee.emailwithincludeManagerafter IT-1 provisioning has created the Okta user.CRM provisioning:
#Custom Salesforce Create User (or HubSpot) with sales-role profile, role hierarchy, license.
#Custom Salesforce Assign Permission Set for sales-team permissions.
Engagement tools:
#Custom Gong Provision Seat with the role-appropriate seat type (call recording / Gong Engage).
#Custom Outreach Provision User with the team setting.
#Custom Salesloft Provision User if used as alternative to Outreach.
Quota and territory:
#Custom CaptivateIQ Add Plan with the comp plan for
$employee.role.#Custom Append Row to Google Sheet for the team's quota sheet with quota assignment.
#Custom Salesforce Assign Territory based on
$employee.locationand team.#Custom Salesforce CPQ Grant Access for product configuration.
Communications:
#Add Users To Channel for:
#sales,#sales-floor,#sales-{{region}},#sales-{{segment}},#wins,#deal-ops.#Custom Add to Slack Sales Usergroup for
@sales-{{team}}.
Financial:
#Invite Ramp User to issue a Ramp card with the team's spending limits.
#Custom Set Ramp Limit based on role (SDR / AE / Manager).
Sales enablement:
#Custom Highspot Provision User for the sales content library.
#Custom MindTickle Assign Onboarding Path for the role-based ramp curriculum.
#Send Email with the link to the onboarding hub.
Calendar setup:
#Custom Google Calendar Create Event series for:
Day 1: sales manager 1:1.
Day 3: SDR/AE buddy shadowing.
Day 5: SE shadow.
Day 7: CSM intro session.
Week 2: deal review observation.
Week 4: first roleplay session.
Books and curriculum:
#Send Email with: sales playbook link, ICP definition doc, competitive battle cards, pricing doc, demo script, product training videos.
Ramp metrics:
schedule_action wake at end of week 1, 2, 4 to send a "how's it going?" pulse.
On each wake: #Send Direct Message to new hire + manager with a brief check-in form.
Manager prep:
#Send Direct Message to manager: ramp expectations, first-30/60/90 milestones, role-specific coaching tips.
Welcome:
#Send Channel Message to
#saleswelcoming the new hire with bio + previous experience.
#Leave Internal Note capturing all provisioning + onboarding artifacts.
New Sales Hire Onboarding
Playbooks
/
New Sales Hire Onboarding
New Sales Hire Onboarding
Created by
Console Team
Published
RevOps
Okta
Google Calendar
Google Sheet
+6
Trigger
Webhook — HRIS worker.hired with department = Sales Variables: $employee.email, $employee.startDate, $employee.role, $employee.managerEmail, $employee.location, $employee.team
Instructions
#Lookup Users on
$employee.emailwithincludeManagerafter IT-1 provisioning has created the Okta user.CRM provisioning:
#Custom Salesforce Create User (or HubSpot) with sales-role profile, role hierarchy, license.
#Custom Salesforce Assign Permission Set for sales-team permissions.
Engagement tools:
#Custom Gong Provision Seat with the role-appropriate seat type (call recording / Gong Engage).
#Custom Outreach Provision User with the team setting.
#Custom Salesloft Provision User if used as alternative to Outreach.
Quota and territory:
#Custom CaptivateIQ Add Plan with the comp plan for
$employee.role.#Custom Append Row to Google Sheet for the team's quota sheet with quota assignment.
#Custom Salesforce Assign Territory based on
$employee.locationand team.#Custom Salesforce CPQ Grant Access for product configuration.
Communications:
#Add Users To Channel for:
#sales,#sales-floor,#sales-{{region}},#sales-{{segment}},#wins,#deal-ops.#Custom Add to Slack Sales Usergroup for
@sales-{{team}}.
Financial:
#Invite Ramp User to issue a Ramp card with the team's spending limits.
#Custom Set Ramp Limit based on role (SDR / AE / Manager).
Sales enablement:
#Custom Highspot Provision User for the sales content library.
#Custom MindTickle Assign Onboarding Path for the role-based ramp curriculum.
#Send Email with the link to the onboarding hub.
Calendar setup:
#Custom Google Calendar Create Event series for:
Day 1: sales manager 1:1.
Day 3: SDR/AE buddy shadowing.
Day 5: SE shadow.
Day 7: CSM intro session.
Week 2: deal review observation.
Week 4: first roleplay session.
Books and curriculum:
#Send Email with: sales playbook link, ICP definition doc, competitive battle cards, pricing doc, demo script, product training videos.
Ramp metrics:
schedule_action wake at end of week 1, 2, 4 to send a "how's it going?" pulse.
On each wake: #Send Direct Message to new hire + manager with a brief check-in form.
Manager prep:
#Send Direct Message to manager: ramp expectations, first-30/60/90 milestones, role-specific coaching tips.
Welcome:
#Send Channel Message to
#saleswelcoming the new hire with bio + previous experience.
#Leave Internal Note capturing all provisioning + onboarding artifacts.
New-Hire Handoff
Playbooks
/
New-Hire Handoff
New-Hire Handoff
Created by
Console Team
Published
HR
Workday
Greenhouse
Ashby
Trigger
Webhook — candidate.hired from Greenhouse/Ashby Variables: $application.id, $candidate.id, $candidate.email, $application.jobId, $application.offerSignedAt
Instructions
#Get Application Details from Ashby (or Greenhouse equivalent) with
$application.id.#Get Candidate Details from Ashby with
$candidate.idfor full record.#Custom Ashby Get Offer Letter to retrieve the signed offer PDF.
Map fields from ATS to HRIS schema:
Personal info (name, email, phone, address)
Role (title, department, level, manager)
Comp (base salary, bonus, equity)
Start date
Location (office / remote)
Employment type (FT/PT/contract)
Validate the mapping:
Manager email exists in Workday via custom Workday Lookup Worker.
Title matches a valid job profile via custom Workday Get Job Profile.
Comp falls within band via custom Workday Get Comp Band.
If validation fails → #Send Channel Message to
#hrbpwith the issue; do not create the Workday record yet.On valid mapping:
#Custom Workday Create Worker with the mapped fields. Capture the new
workerId.#Custom Workday Attach Offer Letter to the worker record with the PDF from step 3.
#Custom Ashby Mark Hired Synced to update the ATS-side status.
Trigger downstream:
Fire HR-1: New Hire Onboarding (people side) via custom Run Playbook action with the new worker payload.
Fire IT-1: New Hire Provisioning via custom Run Playbook action.
#Send Direct Message to the hiring manager confirming the handoff and the start date.
#Send Channel Message to
#hr-opswith the new hire summary.#Leave Internal Note capturing the source application ID, Workday worker ID, downstream playbooks fired.
New-Hire Handoff
Playbooks
/
New-Hire Handoff
New-Hire Handoff
Created by
Console Team
Published
HR
Workday
Greenhouse
Ashby
Trigger
Webhook — candidate.hired from Greenhouse/Ashby Variables: $application.id, $candidate.id, $candidate.email, $application.jobId, $application.offerSignedAt
Instructions
#Get Application Details from Ashby (or Greenhouse equivalent) with
$application.id.#Get Candidate Details from Ashby with
$candidate.idfor full record.#Custom Ashby Get Offer Letter to retrieve the signed offer PDF.
Map fields from ATS to HRIS schema:
Personal info (name, email, phone, address)
Role (title, department, level, manager)
Comp (base salary, bonus, equity)
Start date
Location (office / remote)
Employment type (FT/PT/contract)
Validate the mapping:
Manager email exists in Workday via custom Workday Lookup Worker.
Title matches a valid job profile via custom Workday Get Job Profile.
Comp falls within band via custom Workday Get Comp Band.
If validation fails → #Send Channel Message to
#hrbpwith the issue; do not create the Workday record yet.On valid mapping:
#Custom Workday Create Worker with the mapped fields. Capture the new
workerId.#Custom Workday Attach Offer Letter to the worker record with the PDF from step 3.
#Custom Ashby Mark Hired Synced to update the ATS-side status.
Trigger downstream:
Fire HR-1: New Hire Onboarding (people side) via custom Run Playbook action with the new worker payload.
Fire IT-1: New Hire Provisioning via custom Run Playbook action.
#Send Direct Message to the hiring manager confirming the handoff and the start date.
#Send Channel Message to
#hr-opswith the new hire summary.#Leave Internal Note capturing the source application ID, Workday worker ID, downstream playbooks fired.
New-Hire Handoff
Playbooks
/
New-Hire Handoff
New-Hire Handoff
Created by
Console Team
Published
HR
Workday
Greenhouse
Ashby
Trigger
Webhook — candidate.hired from Greenhouse/Ashby Variables: $application.id, $candidate.id, $candidate.email, $application.jobId, $application.offerSignedAt
Instructions
#Get Application Details from Ashby (or Greenhouse equivalent) with
$application.id.#Get Candidate Details from Ashby with
$candidate.idfor full record.#Custom Ashby Get Offer Letter to retrieve the signed offer PDF.
Map fields from ATS to HRIS schema:
Personal info (name, email, phone, address)
Role (title, department, level, manager)
Comp (base salary, bonus, equity)
Start date
Location (office / remote)
Employment type (FT/PT/contract)
Validate the mapping:
Manager email exists in Workday via custom Workday Lookup Worker.
Title matches a valid job profile via custom Workday Get Job Profile.
Comp falls within band via custom Workday Get Comp Band.
If validation fails → #Send Channel Message to
#hrbpwith the issue; do not create the Workday record yet.On valid mapping:
#Custom Workday Create Worker with the mapped fields. Capture the new
workerId.#Custom Workday Attach Offer Letter to the worker record with the PDF from step 3.
#Custom Ashby Mark Hired Synced to update the ATS-side status.
Trigger downstream:
Fire HR-1: New Hire Onboarding (people side) via custom Run Playbook action with the new worker payload.
Fire IT-1: New Hire Provisioning via custom Run Playbook action.
#Send Direct Message to the hiring manager confirming the handoff and the start date.
#Send Channel Message to
#hr-opswith the new hire summary.#Leave Internal Note capturing the source application ID, Workday worker ID, downstream playbooks fired.
Non-Standard MSA & Redlines
Playbooks
/
Non-Standard MSA & Redlines
Non-Standard MSA & Redlines
Created by
Console Team
Published
RevOps
HubSpot
Gong
Ironclad
Trigger
AE needs a custom MSA or has redlines from prospect's legal.
Instructions
#Trigger Form to collect:
Deal name/ID.
Type (full custom MSA / redlines on standard MSA / NDA / DPA / other).
Standard doc the redlines are against (if redlines).
Counterparty redline document attachment.
Priority (standard / urgent / blocker).
Specific terms in question (if known).
#Lookup Users on the requester.
#Hubspot Search Deals + #Get HubSpot Deal Details with Activity Timeline for deal context.
Package the deal context:
ACV, term length, stage.
Champion + signer info from contacts.
Recent Gong call summaries.
Special considerations (sensitive industry, regulated data).
Create the legal workflow:
#Custom Ironclad Create Workflow with:
Workflow template (Custom MSA / Redlines / NDA / DPA).
Counterparty details.
Deal context attached.
Counterparty document attached.
Priority flag.
Capture the Ironclad workflow ID.
Notify legal:
#Send Direct Message to the legal counsel assigned by Ironclad.
Include: deal context summary, redline doc, priority, AE contact.
AE confirmation:
#Send Direct Message to AE confirming submission with Ironclad link and expected SLA.
Poll status:
schedule_action wake daily to check status via #custom Ironclad Get Workflow Status.
On status changes (Reviewed → Negotiating → Ready for Signature):
#Send Direct Message to AE with the update.
For redline rounds:
#Custom Ironclad Get Latest Document to surface the latest version to AE.
#Send Direct Message to AE: "Legal returned new redlines. Review here: {{link}}."
On final signature:
#Update HubSpot Deal Properties with
msaSigned = true,msaSignedDate.#Create HubSpot Note on Deal with the signed doc link.
#Send Direct Message to AE confirming.
#Send Channel Message to
#deal-legal-logfor tracking.#Leave Internal Note with workflow ID and outcome.
#Resolve Request on signature.
Non-Standard MSA & Redlines
Playbooks
/
Non-Standard MSA & Redlines
Non-Standard MSA & Redlines
Created by
Console Team
Published
RevOps
HubSpot
Gong
Ironclad
Trigger
AE needs a custom MSA or has redlines from prospect's legal.
Instructions
#Trigger Form to collect:
Deal name/ID.
Type (full custom MSA / redlines on standard MSA / NDA / DPA / other).
Standard doc the redlines are against (if redlines).
Counterparty redline document attachment.
Priority (standard / urgent / blocker).
Specific terms in question (if known).
#Lookup Users on the requester.
#Hubspot Search Deals + #Get HubSpot Deal Details with Activity Timeline for deal context.
Package the deal context:
ACV, term length, stage.
Champion + signer info from contacts.
Recent Gong call summaries.
Special considerations (sensitive industry, regulated data).
Create the legal workflow:
#Custom Ironclad Create Workflow with:
Workflow template (Custom MSA / Redlines / NDA / DPA).
Counterparty details.
Deal context attached.
Counterparty document attached.
Priority flag.
Capture the Ironclad workflow ID.
Notify legal:
#Send Direct Message to the legal counsel assigned by Ironclad.
Include: deal context summary, redline doc, priority, AE contact.
AE confirmation:
#Send Direct Message to AE confirming submission with Ironclad link and expected SLA.
Poll status:
schedule_action wake daily to check status via #custom Ironclad Get Workflow Status.
On status changes (Reviewed → Negotiating → Ready for Signature):
#Send Direct Message to AE with the update.
For redline rounds:
#Custom Ironclad Get Latest Document to surface the latest version to AE.
#Send Direct Message to AE: "Legal returned new redlines. Review here: {{link}}."
On final signature:
#Update HubSpot Deal Properties with
msaSigned = true,msaSignedDate.#Create HubSpot Note on Deal with the signed doc link.
#Send Direct Message to AE confirming.
#Send Channel Message to
#deal-legal-logfor tracking.#Leave Internal Note with workflow ID and outcome.
#Resolve Request on signature.
Non-Standard MSA & Redlines
Playbooks
/
Non-Standard MSA & Redlines
Non-Standard MSA & Redlines
Created by
Console Team
Published
RevOps
HubSpot
Gong
Ironclad
Trigger
AE needs a custom MSA or has redlines from prospect's legal.
Instructions
#Trigger Form to collect:
Deal name/ID.
Type (full custom MSA / redlines on standard MSA / NDA / DPA / other).
Standard doc the redlines are against (if redlines).
Counterparty redline document attachment.
Priority (standard / urgent / blocker).
Specific terms in question (if known).
#Lookup Users on the requester.
#Hubspot Search Deals + #Get HubSpot Deal Details with Activity Timeline for deal context.
Package the deal context:
ACV, term length, stage.
Champion + signer info from contacts.
Recent Gong call summaries.
Special considerations (sensitive industry, regulated data).
Create the legal workflow:
#Custom Ironclad Create Workflow with:
Workflow template (Custom MSA / Redlines / NDA / DPA).
Counterparty details.
Deal context attached.
Counterparty document attached.
Priority flag.
Capture the Ironclad workflow ID.
Notify legal:
#Send Direct Message to the legal counsel assigned by Ironclad.
Include: deal context summary, redline doc, priority, AE contact.
AE confirmation:
#Send Direct Message to AE confirming submission with Ironclad link and expected SLA.
Poll status:
schedule_action wake daily to check status via #custom Ironclad Get Workflow Status.
On status changes (Reviewed → Negotiating → Ready for Signature):
#Send Direct Message to AE with the update.
For redline rounds:
#Custom Ironclad Get Latest Document to surface the latest version to AE.
#Send Direct Message to AE: "Legal returned new redlines. Review here: {{link}}."
On final signature:
#Update HubSpot Deal Properties with
msaSigned = true,msaSignedDate.#Create HubSpot Note on Deal with the signed doc link.
#Send Direct Message to AE confirming.
#Send Channel Message to
#deal-legal-logfor tracking.#Leave Internal Note with workflow ID and outcome.
#Resolve Request on signature.
Notion KB Q&A
Playbooks
/
Notion KB Q&A
Notion KB Q&A
Created by
Console Team
Published
IT
Notion
Trigger
Requester asks a how-to / policy / process / "what's our..." question likely answered in the internal KB.
Instructions
#Lookup Users on the requester to get their
location(for multi-region routing) anddepartment.#Search Knowledge Base with the user's question as the query.
If results returned: take the top 1–3 hits.
For multi-region content: detect region tags on the articles. If the article has region-specific variants (US / EU / APAC), pick the one matching the requester's
location. If no match, surface all variants with labels.#Expand Knowledge Base Article on the top hit if more depth is needed.
If no relevant KB hit, escalate:
#Web Research vendor docs if the question is about a SaaS tool.
Or #Prompt for Handoff to the right team (HR for benefits, finance for expense, IT for tooling).
Compose the answer in #Send Direct Message:
Direct answer first
Quoted source paragraph
Source link to the Notion page
Ask if the answer resolved their question via a follow-up message.
On confirm → #Resolve Request.
On "no" or follow-up question → loop back to step 2, or #Escalate Request to a human.
Notion KB Q&A
Playbooks
/
Notion KB Q&A
Notion KB Q&A
Created by
Console Team
Published
IT
Notion
Trigger
Requester asks a how-to / policy / process / "what's our..." question likely answered in the internal KB.
Instructions
#Lookup Users on the requester to get their
location(for multi-region routing) anddepartment.#Search Knowledge Base with the user's question as the query.
If results returned: take the top 1–3 hits.
For multi-region content: detect region tags on the articles. If the article has region-specific variants (US / EU / APAC), pick the one matching the requester's
location. If no match, surface all variants with labels.#Expand Knowledge Base Article on the top hit if more depth is needed.
If no relevant KB hit, escalate:
#Web Research vendor docs if the question is about a SaaS tool.
Or #Prompt for Handoff to the right team (HR for benefits, finance for expense, IT for tooling).
Compose the answer in #Send Direct Message:
Direct answer first
Quoted source paragraph
Source link to the Notion page
Ask if the answer resolved their question via a follow-up message.
On confirm → #Resolve Request.
On "no" or follow-up question → loop back to step 2, or #Escalate Request to a human.
Notion KB Q&A
Playbooks
/
Notion KB Q&A
Notion KB Q&A
Created by
Console Team
Published
IT
Notion
Trigger
Requester asks a how-to / policy / process / "what's our..." question likely answered in the internal KB.
Instructions
#Lookup Users on the requester to get their
location(for multi-region routing) anddepartment.#Search Knowledge Base with the user's question as the query.
If results returned: take the top 1–3 hits.
For multi-region content: detect region tags on the articles. If the article has region-specific variants (US / EU / APAC), pick the one matching the requester's
location. If no match, surface all variants with labels.#Expand Knowledge Base Article on the top hit if more depth is needed.
If no relevant KB hit, escalate:
#Web Research vendor docs if the question is about a SaaS tool.
Or #Prompt for Handoff to the right team (HR for benefits, finance for expense, IT for tooling).
Compose the answer in #Send Direct Message:
Direct answer first
Quoted source paragraph
Source link to the Notion page
Ask if the answer resolved their question via a follow-up message.
On confirm → #Resolve Request.
On "no" or follow-up question → loop back to step 2, or #Escalate Request to a human.
Okta Password / MFA Reset
Playbooks
/
Okta Password / MFA Reset
Okta Password / MFA Reset
Created by
Console Team
Published
IT
Okta
Trigger
Requester reports being locked out, lost MFA device (YubiKey, phone, Authenticator), needs a password reset, or needs a factor reset.
Instructions
#Search Okta User by Email for the requester to confirm the account exists and get the user ID.
#Search Okta System Log Custom for
user.account.reset_passwordanduser.mfa.factor.resetevents in the last 30 days for this user.#List User Factors to see current enrollments.
Risk score the request based on:
3+ resets in last 30 days → High
Login from new country or unusual IP in last 24h → High
Standard request from known device/location → Low
Recent suspicious activity in Okta log → Medium
Identity verification per risk:
Low → ask 2 security questions inline (custom action to check answers against profile).
Medium → #Request Approval from the requester's manager (configured with
requestersManager) confirming they spoke to the user.High → #Prompt for Handoff to a security team member for live video ID verification.
If verification fails or is denied: #Send Direct Message to the requester explaining next steps, #Send Channel Message to
#sec-alerts, and #Resolve Request. Stop.Execute the reset based on the issue type:
Password reset → #Reset Password (Okta) with
sendEmail = true.MFA factor reset → identify the specific factor from step 3 and call #Reset User Factor with that factor ID.
Full factor wipe (lost device) → #Reset User Factors (Custom) to clear all factors so the user re-enrolls.
Account locked → #custom Okta Unlock User action.
#Send Direct Message to the requester with confirmation and next-step instructions.
If risk was High OR pattern-flag triggered (3+ resets): #Send Channel Message to
#sec-alertswith the user, the reason, and the action taken.#Leave Internal Note on the request capturing risk score, verification method, and action taken.
Okta Password / MFA Reset
Playbooks
/
Okta Password / MFA Reset
Okta Password / MFA Reset
Created by
Console Team
Published
IT
Okta
Trigger
Requester reports being locked out, lost MFA device (YubiKey, phone, Authenticator), needs a password reset, or needs a factor reset.
Instructions
#Search Okta User by Email for the requester to confirm the account exists and get the user ID.
#Search Okta System Log Custom for
user.account.reset_passwordanduser.mfa.factor.resetevents in the last 30 days for this user.#List User Factors to see current enrollments.
Risk score the request based on:
3+ resets in last 30 days → High
Login from new country or unusual IP in last 24h → High
Standard request from known device/location → Low
Recent suspicious activity in Okta log → Medium
Identity verification per risk:
Low → ask 2 security questions inline (custom action to check answers against profile).
Medium → #Request Approval from the requester's manager (configured with
requestersManager) confirming they spoke to the user.High → #Prompt for Handoff to a security team member for live video ID verification.
If verification fails or is denied: #Send Direct Message to the requester explaining next steps, #Send Channel Message to
#sec-alerts, and #Resolve Request. Stop.Execute the reset based on the issue type:
Password reset → #Reset Password (Okta) with
sendEmail = true.MFA factor reset → identify the specific factor from step 3 and call #Reset User Factor with that factor ID.
Full factor wipe (lost device) → #Reset User Factors (Custom) to clear all factors so the user re-enrolls.
Account locked → #custom Okta Unlock User action.
#Send Direct Message to the requester with confirmation and next-step instructions.
If risk was High OR pattern-flag triggered (3+ resets): #Send Channel Message to
#sec-alertswith the user, the reason, and the action taken.#Leave Internal Note on the request capturing risk score, verification method, and action taken.
Okta Password / MFA Reset
Playbooks
/
Okta Password / MFA Reset
Okta Password / MFA Reset
Created by
Console Team
Published
IT
Okta
Trigger
Requester reports being locked out, lost MFA device (YubiKey, phone, Authenticator), needs a password reset, or needs a factor reset.
Instructions
#Search Okta User by Email for the requester to confirm the account exists and get the user ID.
#Search Okta System Log Custom for
user.account.reset_passwordanduser.mfa.factor.resetevents in the last 30 days for this user.#List User Factors to see current enrollments.
Risk score the request based on:
3+ resets in last 30 days → High
Login from new country or unusual IP in last 24h → High
Standard request from known device/location → Low
Recent suspicious activity in Okta log → Medium
Identity verification per risk:
Low → ask 2 security questions inline (custom action to check answers against profile).
Medium → #Request Approval from the requester's manager (configured with
requestersManager) confirming they spoke to the user.High → #Prompt for Handoff to a security team member for live video ID verification.
If verification fails or is denied: #Send Direct Message to the requester explaining next steps, #Send Channel Message to
#sec-alerts, and #Resolve Request. Stop.Execute the reset based on the issue type:
Password reset → #Reset Password (Okta) with
sendEmail = true.MFA factor reset → identify the specific factor from step 3 and call #Reset User Factor with that factor ID.
Full factor wipe (lost device) → #Reset User Factors (Custom) to clear all factors so the user re-enrolls.
Account locked → #custom Okta Unlock User action.
#Send Direct Message to the requester with confirmation and next-step instructions.
If risk was High OR pattern-flag triggered (3+ resets): #Send Channel Message to
#sec-alertswith the user, the reason, and the action taken.#Leave Internal Note on the request capturing risk score, verification method, and action taken.
Onboarding Stall Detection
Playbooks
/
Onboarding Stall Detection
Onboarding Stall Detection
Created by
Console Team
Published
HR
Okta
Slack
+1
Trigger
Scheduled — every day at 10:00 AM America/Chicago
Instructions
#Custom Workday Query Hires for employees at exactly day 5 from their start date.
For each:
#Lookup Users with
includeManager.Resolve HRBP via #custom Get HRBP for Department.
Check core tool activation:
#Search Okta User by Email + #Search Okta System Log Custom for
user.session.startevents in the last 5 days.#Custom Google Workspace Get Last Login for email activity.
#Custom Slack Get User Activity for any message/login activity.
Determine stall status:
Activated all three → no action.
Missing one or more → flag as stalled.
For stalled hires:
#Send Direct Message to HRBP and manager: "{{employee.name}} hasn't activated {{missing tools}} by day 5. Want me to follow up with them or escalate?"
Include a #Trigger Form with options: "I'll reach out" / "Console reach out" / "Escalate to HRBP" / "Dismiss (known reason)".
On response:
I'll reach out → no further action; HRBP/manager handles.
Console reach out → #Send Direct Message to the new hire on the manager's behalf: "Hey, just checking in on your first week. Anything blocking your setup? I noticed you haven't logged into {{tool}} yet."
Escalate to HRBP → #Send Channel Message to
#hrbp-alerts.Dismiss → log reason and exit.
schedule_action wake at day 7 to re-check activation if "Console reach out" was chosen.
On wake: if still stalled, escalate to HRBP regardless.
#Leave Internal Note capturing the stall pattern and resolution.
Onboarding Stall Detection
Playbooks
/
Onboarding Stall Detection
Onboarding Stall Detection
Created by
Console Team
Published
HR
Okta
Slack
+1
Trigger
Scheduled — every day at 10:00 AM America/Chicago
Instructions
#Custom Workday Query Hires for employees at exactly day 5 from their start date.
For each:
#Lookup Users with
includeManager.Resolve HRBP via #custom Get HRBP for Department.
Check core tool activation:
#Search Okta User by Email + #Search Okta System Log Custom for
user.session.startevents in the last 5 days.#Custom Google Workspace Get Last Login for email activity.
#Custom Slack Get User Activity for any message/login activity.
Determine stall status:
Activated all three → no action.
Missing one or more → flag as stalled.
For stalled hires:
#Send Direct Message to HRBP and manager: "{{employee.name}} hasn't activated {{missing tools}} by day 5. Want me to follow up with them or escalate?"
Include a #Trigger Form with options: "I'll reach out" / "Console reach out" / "Escalate to HRBP" / "Dismiss (known reason)".
On response:
I'll reach out → no further action; HRBP/manager handles.
Console reach out → #Send Direct Message to the new hire on the manager's behalf: "Hey, just checking in on your first week. Anything blocking your setup? I noticed you haven't logged into {{tool}} yet."
Escalate to HRBP → #Send Channel Message to
#hrbp-alerts.Dismiss → log reason and exit.
schedule_action wake at day 7 to re-check activation if "Console reach out" was chosen.
On wake: if still stalled, escalate to HRBP regardless.
#Leave Internal Note capturing the stall pattern and resolution.
Onboarding Stall Detection
Playbooks
/
Onboarding Stall Detection
Onboarding Stall Detection
Created by
Console Team
Published
HR
Okta
Slack
+1
Trigger
Scheduled — every day at 10:00 AM America/Chicago
Instructions
#Custom Workday Query Hires for employees at exactly day 5 from their start date.
For each:
#Lookup Users with
includeManager.Resolve HRBP via #custom Get HRBP for Department.
Check core tool activation:
#Search Okta User by Email + #Search Okta System Log Custom for
user.session.startevents in the last 5 days.#Custom Google Workspace Get Last Login for email activity.
#Custom Slack Get User Activity for any message/login activity.
Determine stall status:
Activated all three → no action.
Missing one or more → flag as stalled.
For stalled hires:
#Send Direct Message to HRBP and manager: "{{employee.name}} hasn't activated {{missing tools}} by day 5. Want me to follow up with them or escalate?"
Include a #Trigger Form with options: "I'll reach out" / "Console reach out" / "Escalate to HRBP" / "Dismiss (known reason)".
On response:
I'll reach out → no further action; HRBP/manager handles.
Console reach out → #Send Direct Message to the new hire on the manager's behalf: "Hey, just checking in on your first week. Anything blocking your setup? I noticed you haven't logged into {{tool}} yet."
Escalate to HRBP → #Send Channel Message to
#hrbp-alerts.Dismiss → log reason and exit.
schedule_action wake at day 7 to re-check activation if "Console reach out" was chosen.
On wake: if still stalled, escalate to HRBP regardless.
#Leave Internal Note capturing the stall pattern and resolution.
Open Enrollment & Benefits Changes
Playbooks
/
Open Enrollment & Benefits Changes
Open Enrollment & Benefits Changes
Created by
Console Team
Published
HR
Workday
Gusto
Justworks
Trigger
Scheduled — Annual open enrollment window (typically November 1 kickoff, weekly reminders, closes November 30)
Instructions
On kickoff date:
#Custom Workday Get Eligible Employees for benefits enrollment.
For each, #Lookup Users with
includeDirectReportsto identify those with dependents in HRIS.
For each eligible employee:
#Custom Generate Personalized Plan Comparison action that pulls current elections + new plan options + cost deltas.
#Send Email to
$employee.emailwith the comparison and a deep link to the enrollment portal.#Send Direct Message with a TL;DR and the deadline.
schedule_action wakes at week 1, 2, 3 (3 reminders) for non-completers:
#Custom Workday Get Enrollment Status to identify who hasn't enrolled.
#Send Direct Message with increasing urgency: "Open enrollment closes in {{X}} days. You haven't made elections yet. Default coverage will continue if you don't act."
Final week (3 days before close):
#Send Channel Message to
#all-handswith a final reminder.For non-completers: #Send Direct Message to their manager flagging the employee.
After close:
#Custom Workday Submit Enrollment Batch to push elections to carriers (Gusto / Justworks / direct carrier portal).
#Custom Get Enrollment Confirmations from carriers.
For each: #Send Email confirming enrollment with plan details, effective date, ID card delivery.
#Send Channel Message to
#peoplepost-close summary: enrollment rate, plan distribution, common changes.#Leave Internal Note in an internal tracking issue with the cohort completion data.
Open Enrollment & Benefits Changes
Playbooks
/
Open Enrollment & Benefits Changes
Open Enrollment & Benefits Changes
Created by
Console Team
Published
HR
Workday
Gusto
Justworks
Trigger
Scheduled — Annual open enrollment window (typically November 1 kickoff, weekly reminders, closes November 30)
Instructions
On kickoff date:
#Custom Workday Get Eligible Employees for benefits enrollment.
For each, #Lookup Users with
includeDirectReportsto identify those with dependents in HRIS.
For each eligible employee:
#Custom Generate Personalized Plan Comparison action that pulls current elections + new plan options + cost deltas.
#Send Email to
$employee.emailwith the comparison and a deep link to the enrollment portal.#Send Direct Message with a TL;DR and the deadline.
schedule_action wakes at week 1, 2, 3 (3 reminders) for non-completers:
#Custom Workday Get Enrollment Status to identify who hasn't enrolled.
#Send Direct Message with increasing urgency: "Open enrollment closes in {{X}} days. You haven't made elections yet. Default coverage will continue if you don't act."
Final week (3 days before close):
#Send Channel Message to
#all-handswith a final reminder.For non-completers: #Send Direct Message to their manager flagging the employee.
After close:
#Custom Workday Submit Enrollment Batch to push elections to carriers (Gusto / Justworks / direct carrier portal).
#Custom Get Enrollment Confirmations from carriers.
For each: #Send Email confirming enrollment with plan details, effective date, ID card delivery.
#Send Channel Message to
#peoplepost-close summary: enrollment rate, plan distribution, common changes.#Leave Internal Note in an internal tracking issue with the cohort completion data.
Open Enrollment & Benefits Changes
Playbooks
/
Open Enrollment & Benefits Changes
Open Enrollment & Benefits Changes
Created by
Console Team
Published
HR
Workday
Gusto
Justworks
Trigger
Scheduled — Annual open enrollment window (typically November 1 kickoff, weekly reminders, closes November 30)
Instructions
On kickoff date:
#Custom Workday Get Eligible Employees for benefits enrollment.
For each, #Lookup Users with
includeDirectReportsto identify those with dependents in HRIS.
For each eligible employee:
#Custom Generate Personalized Plan Comparison action that pulls current elections + new plan options + cost deltas.
#Send Email to
$employee.emailwith the comparison and a deep link to the enrollment portal.#Send Direct Message with a TL;DR and the deadline.
schedule_action wakes at week 1, 2, 3 (3 reminders) for non-completers:
#Custom Workday Get Enrollment Status to identify who hasn't enrolled.
#Send Direct Message with increasing urgency: "Open enrollment closes in {{X}} days. You haven't made elections yet. Default coverage will continue if you don't act."
Final week (3 days before close):
#Send Channel Message to
#all-handswith a final reminder.For non-completers: #Send Direct Message to their manager flagging the employee.
After close:
#Custom Workday Submit Enrollment Batch to push elections to carriers (Gusto / Justworks / direct carrier portal).
#Custom Get Enrollment Confirmations from carriers.
For each: #Send Email confirming enrollment with plan details, effective date, ID card delivery.
#Send Channel Message to
#peoplepost-close summary: enrollment rate, plan distribution, common changes.#Leave Internal Note in an internal tracking issue with the cohort completion data.
Outage Detection & Bulk Tagging
Playbooks
/
Outage Detection & Bulk Tagging
Outage Detection & Bulk Tagging
Created by
Console Team
Published
IT
Okta
Slack
GitHub
Trigger
Detection — PagerDuty webhook for major SaaS dependency (Slack, Okta, Google, GitHub) OR scheduled status-page poll every 5 minutes.
Instructions
On trigger, identify the affected service from the alert payload.
#Web Research the vendor's status page to confirm and get expected resolution time.
If unconfirmed → wait 5 minutes and re-check; do not alert on noise.
On confirmation:
#Send Channel Message to
#it-statuswith: service, scope, vendor status page link, expected resolution.#Send Channel Message to
#all-companywith a brief user-facing message.
#Search Requests for open requests in the last 2 hours mentioning the affected service.
For each matching request:
#Leave Internal Note tagging it as related to the outage.
Update the category to
outage-{{service}}via custom action.#Send Direct Message to the requester: "This looks related to an active {{service}} outage. We'll update you when resolved."
schedule_action wake every 15 minutes to:
Re-check the status page.
#Send Channel Message updates to
#it-statuson changes.
On confirmed resolution:
#Send Channel Message to
#it-statusand#all-companywith the all-clear.For each tagged request, #Send Direct Message to the requester asking if their issue resolved.
#Resolve Request for any request the user confirms is fixed.
#Create Linear Issue post-outage for a retro doc with duration, impact, tagged-request count.
Outage Detection & Bulk Tagging
Playbooks
/
Outage Detection & Bulk Tagging
Outage Detection & Bulk Tagging
Created by
Console Team
Published
IT
Okta
Slack
GitHub
Trigger
Detection — PagerDuty webhook for major SaaS dependency (Slack, Okta, Google, GitHub) OR scheduled status-page poll every 5 minutes.
Instructions
On trigger, identify the affected service from the alert payload.
#Web Research the vendor's status page to confirm and get expected resolution time.
If unconfirmed → wait 5 minutes and re-check; do not alert on noise.
On confirmation:
#Send Channel Message to
#it-statuswith: service, scope, vendor status page link, expected resolution.#Send Channel Message to
#all-companywith a brief user-facing message.
#Search Requests for open requests in the last 2 hours mentioning the affected service.
For each matching request:
#Leave Internal Note tagging it as related to the outage.
Update the category to
outage-{{service}}via custom action.#Send Direct Message to the requester: "This looks related to an active {{service}} outage. We'll update you when resolved."
schedule_action wake every 15 minutes to:
Re-check the status page.
#Send Channel Message updates to
#it-statuson changes.
On confirmed resolution:
#Send Channel Message to
#it-statusand#all-companywith the all-clear.For each tagged request, #Send Direct Message to the requester asking if their issue resolved.
#Resolve Request for any request the user confirms is fixed.
#Create Linear Issue post-outage for a retro doc with duration, impact, tagged-request count.
Outage Detection & Bulk Tagging
Playbooks
/
Outage Detection & Bulk Tagging
Outage Detection & Bulk Tagging
Created by
Console Team
Published
IT
Okta
Slack
GitHub
Trigger
Detection — PagerDuty webhook for major SaaS dependency (Slack, Okta, Google, GitHub) OR scheduled status-page poll every 5 minutes.
Instructions
On trigger, identify the affected service from the alert payload.
#Web Research the vendor's status page to confirm and get expected resolution time.
If unconfirmed → wait 5 minutes and re-check; do not alert on noise.
On confirmation:
#Send Channel Message to
#it-statuswith: service, scope, vendor status page link, expected resolution.#Send Channel Message to
#all-companywith a brief user-facing message.
#Search Requests for open requests in the last 2 hours mentioning the affected service.
For each matching request:
#Leave Internal Note tagging it as related to the outage.
Update the category to
outage-{{service}}via custom action.#Send Direct Message to the requester: "This looks related to an active {{service}} outage. We'll update you when resolved."
schedule_action wake every 15 minutes to:
Re-check the status page.
#Send Channel Message updates to
#it-statuson changes.
On confirmed resolution:
#Send Channel Message to
#it-statusand#all-companywith the all-clear.For each tagged request, #Send Direct Message to the requester asking if their issue resolved.
#Resolve Request for any request the user confirms is fixed.
#Create Linear Issue post-outage for a retro doc with duration, impact, tagged-request count.
Outside Counsel Engagement
Playbooks
/
Outside Counsel Engagement
Outside Counsel Engagement
Created by
Console Team
Published
Legal
DocuSign
Ironclad
NetSuite
+1
Trigger
Requester asks to engage a firm.
Instructions
#Trigger Form to collect:
Matter type (employment / litigation / IP / corporate / regulatory / other).
Jurisdiction.
Matter description.
Specific firm requested (or open).
Estimated budget.
Urgency.
Internal sponsor.
#Lookup Users on requester.
Approval for engagement:
#Request Approval from GC.
For high-budget (>$50k): also CFO.
Select counsel:
#Custom Get Preferred Firms by Matter Type.
Specific firm → validate panel status or require exception approval.
Generate engagement letter:
#Custom Ironclad Generate Engagement Letter with firm name, scope, billing rates (custom Get Standard Rates), budget cap, conflict check confirmation, reporting cadence.
Conflict check:
schedule_action wake at 3 days.
Send for signature:
Set up matter:
#Send Direct Message to: requester (confirmation + matter ID), AP team, outside counsel.
#Send Channel Message to
#legal-matters.#Resolve Request on engagement letter signature.
Outside Counsel Engagement
Playbooks
/
Outside Counsel Engagement
Outside Counsel Engagement
Created by
Console Team
Published
Legal
DocuSign
Ironclad
NetSuite
+1
Trigger
Requester asks to engage a firm.
Instructions
#Trigger Form to collect:
Matter type (employment / litigation / IP / corporate / regulatory / other).
Jurisdiction.
Matter description.
Specific firm requested (or open).
Estimated budget.
Urgency.
Internal sponsor.
#Lookup Users on requester.
Approval for engagement:
#Request Approval from GC.
For high-budget (>$50k): also CFO.
Select counsel:
#Custom Get Preferred Firms by Matter Type.
Specific firm → validate panel status or require exception approval.
Generate engagement letter:
#Custom Ironclad Generate Engagement Letter with firm name, scope, billing rates (custom Get Standard Rates), budget cap, conflict check confirmation, reporting cadence.
Conflict check:
schedule_action wake at 3 days.
Send for signature:
Set up matter:
#Send Direct Message to: requester (confirmation + matter ID), AP team, outside counsel.
#Send Channel Message to
#legal-matters.#Resolve Request on engagement letter signature.
Outside Counsel Engagement
Playbooks
/
Outside Counsel Engagement
Outside Counsel Engagement
Created by
Console Team
Published
Legal
DocuSign
Ironclad
NetSuite
+1
Trigger
Requester asks to engage a firm.
Instructions
#Trigger Form to collect:
Matter type (employment / litigation / IP / corporate / regulatory / other).
Jurisdiction.
Matter description.
Specific firm requested (or open).
Estimated budget.
Urgency.
Internal sponsor.
#Lookup Users on requester.
Approval for engagement:
#Request Approval from GC.
For high-budget (>$50k): also CFO.
Select counsel:
#Custom Get Preferred Firms by Matter Type.
Specific firm → validate panel status or require exception approval.
Generate engagement letter:
#Custom Ironclad Generate Engagement Letter with firm name, scope, billing rates (custom Get Standard Rates), budget cap, conflict check confirmation, reporting cadence.
Conflict check:
schedule_action wake at 3 days.
Send for signature:
Set up matter:
#Send Direct Message to: requester (confirmation + matter ID), AP team, outside counsel.
#Send Channel Message to
#legal-matters.#Resolve Request on engagement letter signature.
Parental Leave Intake
Playbooks
/
Parental Leave Intake
Parental Leave Intake
Created by
Console Team
Published
HR
Google Calendar
Slack
Workday
+3
Trigger
Requester announces upcoming parental leave (birth / adoption / foster).
Instructions
#Trigger Form to collect:
Leave type (birth-mother / birth-partner / adoption / foster)
Expected leave start date (or birth/placement date)
Expected duration (auto-suggest based on policy + tenure)
Whether they'll use FMLA (US) / STD / company top-up
Manager email
Backup contact info during leave (personal email)
#Lookup Users on the requester with
includeManager.#Custom Workday Get Parental Leave Policy to surface entitlement based on tenure and location.
#Custom Workday Get PTO Balance to factor in any pre-leave PTO they want to use.
Generate paperwork:
#Custom DocuSign Send FMLA Request with prefilled fields.
#Custom DocuSign Send STD Application if applicable.
#Custom DocuSign Send Parental Leave Plan company-specific form.
Coordinate manager handoff:
#Send Direct Message to the manager with: leave dates, coverage planning checklist, hand-off doc template.
#Custom Google Calendar Block Time on requester's calendar for the leave window.
#Custom Slack Set Status to "On parental leave - back {{returnDate}}" for the leave window (scheduled).
Pre-leave check-in:
schedule_action wake 14 days before leave start to #Send Direct Message to requester: "Two weeks until leave starts. Anything we still need to wrap up?"
During leave:
#Custom Pause Slack Notifications during leave.
#Custom Pause Lattice Activity for the user.
#Out Of Office to set auto-reply for the leave window with the backup contact.
Return-from-leave 1:1:
#Custom Google Calendar Create Event for a 60-min welcome-back 1:1 with manager on the return date.
schedule_action wake 3 days before return to #Send Direct Message: "Coming back on {{date}} — anything we should prepare for you?"
Coordinate benefits:
#Send Email with QLE benefits enrollment info (30-day window for adding dependents).
#Custom Trigger Benefits QLE for adding the child to coverage.
#Send Direct Message to the requester confirming everything is set up.
#Leave Internal Note capturing dates, paperwork status, manager handoff confirmation.
Parental Leave Intake
Playbooks
/
Parental Leave Intake
Parental Leave Intake
Created by
Console Team
Published
HR
Google Calendar
Slack
Workday
+3
Trigger
Requester announces upcoming parental leave (birth / adoption / foster).
Instructions
#Trigger Form to collect:
Leave type (birth-mother / birth-partner / adoption / foster)
Expected leave start date (or birth/placement date)
Expected duration (auto-suggest based on policy + tenure)
Whether they'll use FMLA (US) / STD / company top-up
Manager email
Backup contact info during leave (personal email)
#Lookup Users on the requester with
includeManager.#Custom Workday Get Parental Leave Policy to surface entitlement based on tenure and location.
#Custom Workday Get PTO Balance to factor in any pre-leave PTO they want to use.
Generate paperwork:
#Custom DocuSign Send FMLA Request with prefilled fields.
#Custom DocuSign Send STD Application if applicable.
#Custom DocuSign Send Parental Leave Plan company-specific form.
Coordinate manager handoff:
#Send Direct Message to the manager with: leave dates, coverage planning checklist, hand-off doc template.
#Custom Google Calendar Block Time on requester's calendar for the leave window.
#Custom Slack Set Status to "On parental leave - back {{returnDate}}" for the leave window (scheduled).
Pre-leave check-in:
schedule_action wake 14 days before leave start to #Send Direct Message to requester: "Two weeks until leave starts. Anything we still need to wrap up?"
During leave:
#Custom Pause Slack Notifications during leave.
#Custom Pause Lattice Activity for the user.
#Out Of Office to set auto-reply for the leave window with the backup contact.
Return-from-leave 1:1:
#Custom Google Calendar Create Event for a 60-min welcome-back 1:1 with manager on the return date.
schedule_action wake 3 days before return to #Send Direct Message: "Coming back on {{date}} — anything we should prepare for you?"
Coordinate benefits:
#Send Email with QLE benefits enrollment info (30-day window for adding dependents).
#Custom Trigger Benefits QLE for adding the child to coverage.
#Send Direct Message to the requester confirming everything is set up.
#Leave Internal Note capturing dates, paperwork status, manager handoff confirmation.
Parental Leave Intake
Playbooks
/
Parental Leave Intake
Parental Leave Intake
Created by
Console Team
Published
HR
Google Calendar
Slack
Workday
+3
Trigger
Requester announces upcoming parental leave (birth / adoption / foster).
Instructions
#Trigger Form to collect:
Leave type (birth-mother / birth-partner / adoption / foster)
Expected leave start date (or birth/placement date)
Expected duration (auto-suggest based on policy + tenure)
Whether they'll use FMLA (US) / STD / company top-up
Manager email
Backup contact info during leave (personal email)
#Lookup Users on the requester with
includeManager.#Custom Workday Get Parental Leave Policy to surface entitlement based on tenure and location.
#Custom Workday Get PTO Balance to factor in any pre-leave PTO they want to use.
Generate paperwork:
#Custom DocuSign Send FMLA Request with prefilled fields.
#Custom DocuSign Send STD Application if applicable.
#Custom DocuSign Send Parental Leave Plan company-specific form.
Coordinate manager handoff:
#Send Direct Message to the manager with: leave dates, coverage planning checklist, hand-off doc template.
#Custom Google Calendar Block Time on requester's calendar for the leave window.
#Custom Slack Set Status to "On parental leave - back {{returnDate}}" for the leave window (scheduled).
Pre-leave check-in:
schedule_action wake 14 days before leave start to #Send Direct Message to requester: "Two weeks until leave starts. Anything we still need to wrap up?"
During leave:
#Custom Pause Slack Notifications during leave.
#Custom Pause Lattice Activity for the user.
#Out Of Office to set auto-reply for the leave window with the backup contact.
Return-from-leave 1:1:
#Custom Google Calendar Create Event for a 60-min welcome-back 1:1 with manager on the return date.
schedule_action wake 3 days before return to #Send Direct Message: "Coming back on {{date}} — anything we should prepare for you?"
Coordinate benefits:
#Send Email with QLE benefits enrollment info (30-day window for adding dependents).
#Custom Trigger Benefits QLE for adding the child to coverage.
#Send Direct Message to the requester confirming everything is set up.
#Leave Internal Note capturing dates, paperwork status, manager handoff confirmation.
Performance & Feedback Routing
Playbooks
/
Performance & Feedback Routing
Performance & Feedback Routing
Created by
Console Team
Published
HR
Lattice
+2
Trigger
Requester submits review feedback, peer feedback, praise, or asks for peer reviewers.
Instructions
Parse submission type:
Review submission (for a current cycle)
Peer feedback (unstructured / between cycles)
Praise / kudos
Request for peer reviewers
360 feedback submission
#Lookup Users on the requester and the target user being reviewed.
Branch on submission type:
Review submission:
#Custom Lattice Get Active Cycle to confirm a cycle is open.
#Custom Lattice Submit Review with the content.
#Send Direct Message confirming submission and deadline.
Peer feedback:
#Custom Lattice Submit Peer Feedback to the target user's manager and the target if shared.
#Send Direct Message to target's manager flagging new feedback.
Praise / kudos:
#Custom Lattice Submit Praise AND #Send Channel Message to
#kudosor the target's team channel.#Custom Bonusly Send Recognition if the praise warrants points.
Request peer reviewers:
#Lookup Users for suggested reviewers based on org chart (same team, cross-functional collaborators from calendar history via custom action).
#Send Direct Message to requester with suggested list to confirm.
On confirm: custom Lattice Add Peer Reviewers to the requester's review.
360 feedback:
#Custom Culture Amp Submit 360 for the target user.
For all paths: schedule_action wakes at cycle deadlines (e.g. 7 days, 3 days, 1 day before) to remind stragglers via #Send Direct Message if their submissions are incomplete.
#Send Direct Message to the requester confirming receipt and any next steps.
#Leave Internal Note capturing submission type, target, action taken.
Performance & Feedback Routing
Playbooks
/
Performance & Feedback Routing
Performance & Feedback Routing
Created by
Console Team
Published
HR
Lattice
+2
Trigger
Requester submits review feedback, peer feedback, praise, or asks for peer reviewers.
Instructions
Parse submission type:
Review submission (for a current cycle)
Peer feedback (unstructured / between cycles)
Praise / kudos
Request for peer reviewers
360 feedback submission
#Lookup Users on the requester and the target user being reviewed.
Branch on submission type:
Review submission:
#Custom Lattice Get Active Cycle to confirm a cycle is open.
#Custom Lattice Submit Review with the content.
#Send Direct Message confirming submission and deadline.
Peer feedback:
#Custom Lattice Submit Peer Feedback to the target user's manager and the target if shared.
#Send Direct Message to target's manager flagging new feedback.
Praise / kudos:
#Custom Lattice Submit Praise AND #Send Channel Message to
#kudosor the target's team channel.#Custom Bonusly Send Recognition if the praise warrants points.
Request peer reviewers:
#Lookup Users for suggested reviewers based on org chart (same team, cross-functional collaborators from calendar history via custom action).
#Send Direct Message to requester with suggested list to confirm.
On confirm: custom Lattice Add Peer Reviewers to the requester's review.
360 feedback:
#Custom Culture Amp Submit 360 for the target user.
For all paths: schedule_action wakes at cycle deadlines (e.g. 7 days, 3 days, 1 day before) to remind stragglers via #Send Direct Message if their submissions are incomplete.
#Send Direct Message to the requester confirming receipt and any next steps.
#Leave Internal Note capturing submission type, target, action taken.
Performance & Feedback Routing
Playbooks
/
Performance & Feedback Routing
Performance & Feedback Routing
Created by
Console Team
Published
HR
Lattice
+2
Trigger
Requester submits review feedback, peer feedback, praise, or asks for peer reviewers.
Instructions
Parse submission type:
Review submission (for a current cycle)
Peer feedback (unstructured / between cycles)
Praise / kudos
Request for peer reviewers
360 feedback submission
#Lookup Users on the requester and the target user being reviewed.
Branch on submission type:
Review submission:
#Custom Lattice Get Active Cycle to confirm a cycle is open.
#Custom Lattice Submit Review with the content.
#Send Direct Message confirming submission and deadline.
Peer feedback:
#Custom Lattice Submit Peer Feedback to the target user's manager and the target if shared.
#Send Direct Message to target's manager flagging new feedback.
Praise / kudos:
#Custom Lattice Submit Praise AND #Send Channel Message to
#kudosor the target's team channel.#Custom Bonusly Send Recognition if the praise warrants points.
Request peer reviewers:
#Lookup Users for suggested reviewers based on org chart (same team, cross-functional collaborators from calendar history via custom action).
#Send Direct Message to requester with suggested list to confirm.
On confirm: custom Lattice Add Peer Reviewers to the requester's review.
360 feedback:
#Custom Culture Amp Submit 360 for the target user.
For all paths: schedule_action wakes at cycle deadlines (e.g. 7 days, 3 days, 1 day before) to remind stragglers via #Send Direct Message if their submissions are incomplete.
#Send Direct Message to the requester confirming receipt and any next steps.
#Leave Internal Note capturing submission type, target, action taken.
Performance Review Cycle Kickoff
Playbooks
/
Performance Review Cycle Kickoff
Performance Review Cycle Kickoff
Created by
Console Team
Published
HR
Google Calendar
Lattice
Workday
Trigger
Scheduled — on cycle start date (e.g. Q1 cycle on Jan 5, Q3 on Jul 5)
Instructions
#Custom Lattice Create Cycle with cycle name, start date, end date, review components.
#Custom Workday Query All Workers with active status to get the population.
For each employee:
#Lookup Users with
includeManager.#Custom Workday Get Active Goals to seed Lattice goals.
#Custom Lattice Populate Reviewee with goals + suggested peer reviewers (based on org chart + calendar collaborators from a custom Google Calendar query).
Set deadlines:
#Custom Lattice Set Cycle Deadlines for self-review, peer-review, manager-review, calibration, delivery.
#Send Channel Message to
#all-handsannouncing cycle kickoff with overview and deadlines.#Send Direct Message to each employee with: their assignments, deadlines, link to Lattice.
#Send Direct Message to each manager with: their direct reports' reviews, calibration schedule, peer-review prompts.
schedule_action wakes at 14, 7, 3, 1 days before each deadline:
On each wake, custom Lattice Get Incomplete Reviews for the deadline window.
#Send Direct Message to each non-submitter with increasing urgency.
At each deadline:
#Custom Lattice Get Overdue Reviewers for the deadline.
#Send Channel Message to skip-level managers tagging their reports who are overdue.
#Send Channel Message to
#hrbppost-cycle stats with completion rate via #Run Query.#Leave Internal Note capturing cycle config and key dates.
Performance Review Cycle Kickoff
Playbooks
/
Performance Review Cycle Kickoff
Performance Review Cycle Kickoff
Created by
Console Team
Published
HR
Google Calendar
Lattice
Workday
Trigger
Scheduled — on cycle start date (e.g. Q1 cycle on Jan 5, Q3 on Jul 5)
Instructions
#Custom Lattice Create Cycle with cycle name, start date, end date, review components.
#Custom Workday Query All Workers with active status to get the population.
For each employee:
#Lookup Users with
includeManager.#Custom Workday Get Active Goals to seed Lattice goals.
#Custom Lattice Populate Reviewee with goals + suggested peer reviewers (based on org chart + calendar collaborators from a custom Google Calendar query).
Set deadlines:
#Custom Lattice Set Cycle Deadlines for self-review, peer-review, manager-review, calibration, delivery.
#Send Channel Message to
#all-handsannouncing cycle kickoff with overview and deadlines.#Send Direct Message to each employee with: their assignments, deadlines, link to Lattice.
#Send Direct Message to each manager with: their direct reports' reviews, calibration schedule, peer-review prompts.
schedule_action wakes at 14, 7, 3, 1 days before each deadline:
On each wake, custom Lattice Get Incomplete Reviews for the deadline window.
#Send Direct Message to each non-submitter with increasing urgency.
At each deadline:
#Custom Lattice Get Overdue Reviewers for the deadline.
#Send Channel Message to skip-level managers tagging their reports who are overdue.
#Send Channel Message to
#hrbppost-cycle stats with completion rate via #Run Query.#Leave Internal Note capturing cycle config and key dates.
Performance Review Cycle Kickoff
Playbooks
/
Performance Review Cycle Kickoff
Performance Review Cycle Kickoff
Created by
Console Team
Published
HR
Google Calendar
Lattice
Workday
Trigger
Scheduled — on cycle start date (e.g. Q1 cycle on Jan 5, Q3 on Jul 5)
Instructions
#Custom Lattice Create Cycle with cycle name, start date, end date, review components.
#Custom Workday Query All Workers with active status to get the population.
For each employee:
#Lookup Users with
includeManager.#Custom Workday Get Active Goals to seed Lattice goals.
#Custom Lattice Populate Reviewee with goals + suggested peer reviewers (based on org chart + calendar collaborators from a custom Google Calendar query).
Set deadlines:
#Custom Lattice Set Cycle Deadlines for self-review, peer-review, manager-review, calibration, delivery.
#Send Channel Message to
#all-handsannouncing cycle kickoff with overview and deadlines.#Send Direct Message to each employee with: their assignments, deadlines, link to Lattice.
#Send Direct Message to each manager with: their direct reports' reviews, calibration schedule, peer-review prompts.
schedule_action wakes at 14, 7, 3, 1 days before each deadline:
On each wake, custom Lattice Get Incomplete Reviews for the deadline window.
#Send Direct Message to each non-submitter with increasing urgency.
At each deadline:
#Custom Lattice Get Overdue Reviewers for the deadline.
#Send Channel Message to skip-level managers tagging their reports who are overdue.
#Send Channel Message to
#hrbppost-cycle stats with completion rate via #Run Query.#Leave Internal Note capturing cycle config and key dates.
Phishing & Suspicious Email Triage
Playbooks
/
Phishing & Suspicious Email Triage
Phishing & Suspicious Email Triage
Created by
Console Team
Published
Security
Slack
CrowdStrike
+4
Trigger
User reports a suspicious email via Slack, the report-phish button, or forwarding to phish@.
Instructions
Parse the report:
If forwarded as
.eml: extract via custom Parse Email Headers.If Slack-reported: collect the email subject, sender, body screenshot, full headers if available.
#Lookup Users on the reporter.
#Trigger Form if details are incomplete to collect:
Full sender address
Subject line
Any links clicked? (yes/no)
Any attachments opened? (yes/no)
Any credentials entered? (yes/no)
Indicator extraction:
#Custom Extract URLs from Email Body.
#Custom Extract Attachment Hashes.
#Custom Extract Sender Domain and SPF/DKIM/DMARC.
Enrichment:
For each URL: custom VirusTotal URL Lookup, custom URLscan Submit, custom Get Domain Age.
For each attachment hash: custom VirusTotal Hash Lookup, custom CrowdStrike Falcon Sandbox Submit (and #Get CrowdStrike Falcon Sandbox Status + #Get CrowdStrike Falcon Sandbox Summary Report).
For sender: #custom Check Sender Reputation.
Verdict logic:
High-confidence malicious (multiple AV hits, known-bad domain, sandbox detection) → Malicious.
Suspicious but inconclusive → Suspicious, escalate to analyst.
Looks legit (known sender, clean indicators) → Benign.
Branch on verdict:
Malicious:
#Custom Google Workspace Search and Purge for the email subject + sender across all mailboxes.
#Custom Google Workspace Quarantine Future with sender domain + indicators.
If user clicked or entered creds: fire Sec-11 (Compromised Credential Response) for the user.
#Send Direct Message to the reporter: thanks, confirmation that it was malicious, and what got purged.
#Send Channel Message to
#securitywith the IOC bundle and verdict.#Send Channel Message to
#all-companyif widespread (>10 recipients) with a generic warning.
Suspicious:
#Send Channel Message to
#soc-triagewith the enriched bundle for analyst review.#Send Direct Message to the reporter: "Thanks, this is being reviewed by security."
#Escalate Request to the security team.
Benign:
#Send Direct Message to the reporter: "Looks legitimate based on our checks. If you're unsure, here's why...". Include the source reputation.
#Leave Internal Note capturing indicators, verdict, actions taken.
Phishing & Suspicious Email Triage
Playbooks
/
Phishing & Suspicious Email Triage
Phishing & Suspicious Email Triage
Created by
Console Team
Published
Security
Slack
CrowdStrike
+4
Trigger
User reports a suspicious email via Slack, the report-phish button, or forwarding to phish@.
Instructions
Parse the report:
If forwarded as
.eml: extract via custom Parse Email Headers.If Slack-reported: collect the email subject, sender, body screenshot, full headers if available.
#Lookup Users on the reporter.
#Trigger Form if details are incomplete to collect:
Full sender address
Subject line
Any links clicked? (yes/no)
Any attachments opened? (yes/no)
Any credentials entered? (yes/no)
Indicator extraction:
#Custom Extract URLs from Email Body.
#Custom Extract Attachment Hashes.
#Custom Extract Sender Domain and SPF/DKIM/DMARC.
Enrichment:
For each URL: custom VirusTotal URL Lookup, custom URLscan Submit, custom Get Domain Age.
For each attachment hash: custom VirusTotal Hash Lookup, custom CrowdStrike Falcon Sandbox Submit (and #Get CrowdStrike Falcon Sandbox Status + #Get CrowdStrike Falcon Sandbox Summary Report).
For sender: #custom Check Sender Reputation.
Verdict logic:
High-confidence malicious (multiple AV hits, known-bad domain, sandbox detection) → Malicious.
Suspicious but inconclusive → Suspicious, escalate to analyst.
Looks legit (known sender, clean indicators) → Benign.
Branch on verdict:
Malicious:
#Custom Google Workspace Search and Purge for the email subject + sender across all mailboxes.
#Custom Google Workspace Quarantine Future with sender domain + indicators.
If user clicked or entered creds: fire Sec-11 (Compromised Credential Response) for the user.
#Send Direct Message to the reporter: thanks, confirmation that it was malicious, and what got purged.
#Send Channel Message to
#securitywith the IOC bundle and verdict.#Send Channel Message to
#all-companyif widespread (>10 recipients) with a generic warning.
Suspicious:
#Send Channel Message to
#soc-triagewith the enriched bundle for analyst review.#Send Direct Message to the reporter: "Thanks, this is being reviewed by security."
#Escalate Request to the security team.
Benign:
#Send Direct Message to the reporter: "Looks legitimate based on our checks. If you're unsure, here's why...". Include the source reputation.
#Leave Internal Note capturing indicators, verdict, actions taken.
Phishing & Suspicious Email Triage
Playbooks
/
Phishing & Suspicious Email Triage
Phishing & Suspicious Email Triage
Created by
Console Team
Published
Security
Slack
CrowdStrike
+4
Trigger
User reports a suspicious email via Slack, the report-phish button, or forwarding to phish@.
Instructions
Parse the report:
If forwarded as
.eml: extract via custom Parse Email Headers.If Slack-reported: collect the email subject, sender, body screenshot, full headers if available.
#Lookup Users on the reporter.
#Trigger Form if details are incomplete to collect:
Full sender address
Subject line
Any links clicked? (yes/no)
Any attachments opened? (yes/no)
Any credentials entered? (yes/no)
Indicator extraction:
#Custom Extract URLs from Email Body.
#Custom Extract Attachment Hashes.
#Custom Extract Sender Domain and SPF/DKIM/DMARC.
Enrichment:
For each URL: custom VirusTotal URL Lookup, custom URLscan Submit, custom Get Domain Age.
For each attachment hash: custom VirusTotal Hash Lookup, custom CrowdStrike Falcon Sandbox Submit (and #Get CrowdStrike Falcon Sandbox Status + #Get CrowdStrike Falcon Sandbox Summary Report).
For sender: #custom Check Sender Reputation.
Verdict logic:
High-confidence malicious (multiple AV hits, known-bad domain, sandbox detection) → Malicious.
Suspicious but inconclusive → Suspicious, escalate to analyst.
Looks legit (known sender, clean indicators) → Benign.
Branch on verdict:
Malicious:
#Custom Google Workspace Search and Purge for the email subject + sender across all mailboxes.
#Custom Google Workspace Quarantine Future with sender domain + indicators.
If user clicked or entered creds: fire Sec-11 (Compromised Credential Response) for the user.
#Send Direct Message to the reporter: thanks, confirmation that it was malicious, and what got purged.
#Send Channel Message to
#securitywith the IOC bundle and verdict.#Send Channel Message to
#all-companyif widespread (>10 recipients) with a generic warning.
Suspicious:
#Send Channel Message to
#soc-triagewith the enriched bundle for analyst review.#Send Direct Message to the reporter: "Thanks, this is being reviewed by security."
#Escalate Request to the security team.
Benign:
#Send Direct Message to the reporter: "Looks legitimate based on our checks. If you're unsure, here's why...". Include the source reputation.
#Leave Internal Note capturing indicators, verdict, actions taken.
Pipeline & Deal Lookup
Playbooks
/
Pipeline & Deal Lookup
Pipeline & Deal Lookup
Created by
Console Team
Published
RevOps
Slack
HubSpot
Trigger
Requester asks for a pipeline view ("my deals stuck in proposal >30 days", "Q3 forecast", "closed-won this week", "deals in EMEA over $50k").
Instructions
Parse the query:
Filter dimensions: owner / stage / close date / amount / region / vertical.
Aggregation: list / count / sum / forecast roll-up.
Time window.
#Lookup Users on the requester to default
ownerfilter to self unless asking about team.Translate to a CRM query:
#Search Open HubSpot Deals by Owner with Forecast Category for forecast queries.
#Search HubSpot Deals by Stage Entry Date for stage-stuck queries.
#Search HubSpot Deals by Close Date Range for date-range queries.
#Search HubSpot Deals by Owner for general owner queries.
#Hubspot Search Deals for ad-hoc filters.
Apply post-query enrichment:
For each deal, optional #Get HubSpot Deal Details with Activity Timeline if the user asked for "what's the latest on...".
Calculate days-in-stage if stage-stuck query.
Calculate forecast roll-up sums if forecast query.
Format output:
List queries → Slack table with: Deal name | Stage | Amount | Close date | Owner | Last activity.
Count queries → just the number + breakdown by stage.
Sum / forecast queries → totaled with breakdown.
#Send Direct Message with the formatted result.
Offer follow-up actions:
"Want me to ping the owners on these?" → fire Rev-20 flow for stale opps.
"Want this as a recurring digest?" → offer to set up a Rev-19 style scheduled report.
#Leave Internal Note capturing the query.
Pipeline & Deal Lookup
Playbooks
/
Pipeline & Deal Lookup
Pipeline & Deal Lookup
Created by
Console Team
Published
RevOps
Slack
HubSpot
Trigger
Requester asks for a pipeline view ("my deals stuck in proposal >30 days", "Q3 forecast", "closed-won this week", "deals in EMEA over $50k").
Instructions
Parse the query:
Filter dimensions: owner / stage / close date / amount / region / vertical.
Aggregation: list / count / sum / forecast roll-up.
Time window.
#Lookup Users on the requester to default
ownerfilter to self unless asking about team.Translate to a CRM query:
#Search Open HubSpot Deals by Owner with Forecast Category for forecast queries.
#Search HubSpot Deals by Stage Entry Date for stage-stuck queries.
#Search HubSpot Deals by Close Date Range for date-range queries.
#Search HubSpot Deals by Owner for general owner queries.
#Hubspot Search Deals for ad-hoc filters.
Apply post-query enrichment:
For each deal, optional #Get HubSpot Deal Details with Activity Timeline if the user asked for "what's the latest on...".
Calculate days-in-stage if stage-stuck query.
Calculate forecast roll-up sums if forecast query.
Format output:
List queries → Slack table with: Deal name | Stage | Amount | Close date | Owner | Last activity.
Count queries → just the number + breakdown by stage.
Sum / forecast queries → totaled with breakdown.
#Send Direct Message with the formatted result.
Offer follow-up actions:
"Want me to ping the owners on these?" → fire Rev-20 flow for stale opps.
"Want this as a recurring digest?" → offer to set up a Rev-19 style scheduled report.
#Leave Internal Note capturing the query.
Pipeline & Deal Lookup
Playbooks
/
Pipeline & Deal Lookup
Pipeline & Deal Lookup
Created by
Console Team
Published
RevOps
Slack
HubSpot
Trigger
Requester asks for a pipeline view ("my deals stuck in proposal >30 days", "Q3 forecast", "closed-won this week", "deals in EMEA over $50k").
Instructions
Parse the query:
Filter dimensions: owner / stage / close date / amount / region / vertical.
Aggregation: list / count / sum / forecast roll-up.
Time window.
#Lookup Users on the requester to default
ownerfilter to self unless asking about team.Translate to a CRM query:
#Search Open HubSpot Deals by Owner with Forecast Category for forecast queries.
#Search HubSpot Deals by Stage Entry Date for stage-stuck queries.
#Search HubSpot Deals by Close Date Range for date-range queries.
#Search HubSpot Deals by Owner for general owner queries.
#Hubspot Search Deals for ad-hoc filters.
Apply post-query enrichment:
For each deal, optional #Get HubSpot Deal Details with Activity Timeline if the user asked for "what's the latest on...".
Calculate days-in-stage if stage-stuck query.
Calculate forecast roll-up sums if forecast query.
Format output:
List queries → Slack table with: Deal name | Stage | Amount | Close date | Owner | Last activity.
Count queries → just the number + breakdown by stage.
Sum / forecast queries → totaled with breakdown.
#Send Direct Message with the formatted result.
Offer follow-up actions:
"Want me to ping the owners on these?" → fire Rev-20 flow for stale opps.
"Want this as a recurring digest?" → offer to set up a Rev-19 style scheduled report.
#Leave Internal Note capturing the query.
PO & Invoice Status Lookup
Playbooks
/
PO & Invoice Status Lookup
PO & Invoice Status Lookup
Created by
Console Team
Published
Finance
NetSuite
Bill
Coupa
+1
Trigger
Requester asks for PO/invoice/contract status.
Instructions
Parse identifier and system (Coupa / Ariba / NetSuite / Bill.com).
#Lookup Users with
includeGroups.Permission check: requester is PO owner, cost-center owner, finance, or executive.
Search across systems in parallel:
Compile response: current stage, current approver + queue time, amount + vendor + cost center, PO/invoice linkage, ETA based on historical times, direct link.
Vague request ("status of all my POs") → #custom Coupa List My POs as table.
#Send Direct Message with the formatted result.
Offer follow-ups: ping approver, expedite.
PO & Invoice Status Lookup
Playbooks
/
PO & Invoice Status Lookup
PO & Invoice Status Lookup
Created by
Console Team
Published
Finance
NetSuite
Bill
Coupa
+1
Trigger
Requester asks for PO/invoice/contract status.
Instructions
Parse identifier and system (Coupa / Ariba / NetSuite / Bill.com).
#Lookup Users with
includeGroups.Permission check: requester is PO owner, cost-center owner, finance, or executive.
Search across systems in parallel:
Compile response: current stage, current approver + queue time, amount + vendor + cost center, PO/invoice linkage, ETA based on historical times, direct link.
Vague request ("status of all my POs") → #custom Coupa List My POs as table.
#Send Direct Message with the formatted result.
Offer follow-ups: ping approver, expedite.
PO & Invoice Status Lookup
Playbooks
/
PO & Invoice Status Lookup
PO & Invoice Status Lookup
Created by
Console Team
Published
Finance
NetSuite
Bill
Coupa
+1
Trigger
Requester asks for PO/invoice/contract status.
Instructions
Parse identifier and system (Coupa / Ariba / NetSuite / Bill.com).
#Lookup Users with
includeGroups.Permission check: requester is PO owner, cost-center owner, finance, or executive.
Search across systems in parallel:
Compile response: current stage, current approver + queue time, amount + vendor + cost center, PO/invoice linkage, ETA based on historical times, direct link.
Vague request ("status of all my POs") → #custom Coupa List My POs as table.
#Send Direct Message with the formatted result.
Offer follow-ups: ping approver, expedite.
POC & Pilot Stand-Up
Playbooks
/
POC & Pilot Stand-Up
POC & Pilot Stand-Up
Created by
Console Team
Published
RevOps
Okta
Google Calendar
Google Docs
+3
Trigger
AE kicks off a POC or pilot.
Instructions
#Trigger Form to collect:
Deal name/ID.
POC type (full / scoped / proof-of-value).
Duration (typical 14 / 30 / 60 days).
Success criteria (free text — what defines success).
Customer team contacts.
Internal SE/CSM assigned.
Data sensitivity (any customer data involved).
#Lookup Users on AE, SE, CSM.
Set up gates in sequence — POC cannot proceed until each clears:
Gate 1: SOW signed
#Get HubSpot Deal Details with Activity Timeline for SOW status.
#Custom Ironclad Get Workflow Status for the SOW.
If not signed → fire Rev-9 flow for SOW; pause Rev-11 until signed.
Gate 2: Security review
If data sensitivity > Low → fire Sec-18 (Vendor Security Review) for customer access to our environment.
#Lookup Policies for the relevant access policies.
Wait for security sign-off.
Gate 3: Provisioning
#Custom Create POC Tenant action (or Okta create test users).
Provision sandbox environment if applicable.
Gate 4: Success criteria captured
#Custom Create POC Success Doc writes a Google Doc with the criteria + measurement plan.
Attach to the deal via #Create HubSpot Note on Deal.
Gate 5: Kickoff scheduled
#Custom Google Calendar Create Event for kickoff with customer + AE + SE.
#Create Channel for
#poc-{{account}}and #Add Users To Channel for AE, SE, CSM.
After all gates clear:
#Send Direct Message to AE confirming POC is live.
#Send Channel Message to
#poc-opsannouncing the new POC.
Mid-POC checkpoints:
schedule_action wakes at 25%, 50%, 75% of POC duration.
On each wake, #Send Direct Message to SE asking for status + customer engagement signals.
POC close:
schedule_action wake at end of POC.
#Send Direct Message to AE + SE: "POC ends today. Conversion status?"
On conversion → #Update HubSpot Deal Properties with
pocConverted = true.On non-conversion → fire Rev-14 (closed-lost cascade) if deal is lost.
#Leave Internal Note capturing all gates and outcomes.
POC & Pilot Stand-Up
Playbooks
/
POC & Pilot Stand-Up
POC & Pilot Stand-Up
Created by
Console Team
Published
RevOps
Okta
Google Calendar
Google Docs
+3
Trigger
AE kicks off a POC or pilot.
Instructions
#Trigger Form to collect:
Deal name/ID.
POC type (full / scoped / proof-of-value).
Duration (typical 14 / 30 / 60 days).
Success criteria (free text — what defines success).
Customer team contacts.
Internal SE/CSM assigned.
Data sensitivity (any customer data involved).
#Lookup Users on AE, SE, CSM.
Set up gates in sequence — POC cannot proceed until each clears:
Gate 1: SOW signed
#Get HubSpot Deal Details with Activity Timeline for SOW status.
#Custom Ironclad Get Workflow Status for the SOW.
If not signed → fire Rev-9 flow for SOW; pause Rev-11 until signed.
Gate 2: Security review
If data sensitivity > Low → fire Sec-18 (Vendor Security Review) for customer access to our environment.
#Lookup Policies for the relevant access policies.
Wait for security sign-off.
Gate 3: Provisioning
#Custom Create POC Tenant action (or Okta create test users).
Provision sandbox environment if applicable.
Gate 4: Success criteria captured
#Custom Create POC Success Doc writes a Google Doc with the criteria + measurement plan.
Attach to the deal via #Create HubSpot Note on Deal.
Gate 5: Kickoff scheduled
#Custom Google Calendar Create Event for kickoff with customer + AE + SE.
#Create Channel for
#poc-{{account}}and #Add Users To Channel for AE, SE, CSM.
After all gates clear:
#Send Direct Message to AE confirming POC is live.
#Send Channel Message to
#poc-opsannouncing the new POC.
Mid-POC checkpoints:
schedule_action wakes at 25%, 50%, 75% of POC duration.
On each wake, #Send Direct Message to SE asking for status + customer engagement signals.
POC close:
schedule_action wake at end of POC.
#Send Direct Message to AE + SE: "POC ends today. Conversion status?"
On conversion → #Update HubSpot Deal Properties with
pocConverted = true.On non-conversion → fire Rev-14 (closed-lost cascade) if deal is lost.
#Leave Internal Note capturing all gates and outcomes.
POC & Pilot Stand-Up
Playbooks
/
POC & Pilot Stand-Up
POC & Pilot Stand-Up
Created by
Console Team
Published
RevOps
Okta
Google Calendar
Google Docs
+3
Trigger
AE kicks off a POC or pilot.
Instructions
#Trigger Form to collect:
Deal name/ID.
POC type (full / scoped / proof-of-value).
Duration (typical 14 / 30 / 60 days).
Success criteria (free text — what defines success).
Customer team contacts.
Internal SE/CSM assigned.
Data sensitivity (any customer data involved).
#Lookup Users on AE, SE, CSM.
Set up gates in sequence — POC cannot proceed until each clears:
Gate 1: SOW signed
#Get HubSpot Deal Details with Activity Timeline for SOW status.
#Custom Ironclad Get Workflow Status for the SOW.
If not signed → fire Rev-9 flow for SOW; pause Rev-11 until signed.
Gate 2: Security review
If data sensitivity > Low → fire Sec-18 (Vendor Security Review) for customer access to our environment.
#Lookup Policies for the relevant access policies.
Wait for security sign-off.
Gate 3: Provisioning
#Custom Create POC Tenant action (or Okta create test users).
Provision sandbox environment if applicable.
Gate 4: Success criteria captured
#Custom Create POC Success Doc writes a Google Doc with the criteria + measurement plan.
Attach to the deal via #Create HubSpot Note on Deal.
Gate 5: Kickoff scheduled
#Custom Google Calendar Create Event for kickoff with customer + AE + SE.
#Create Channel for
#poc-{{account}}and #Add Users To Channel for AE, SE, CSM.
After all gates clear:
#Send Direct Message to AE confirming POC is live.
#Send Channel Message to
#poc-opsannouncing the new POC.
Mid-POC checkpoints:
schedule_action wakes at 25%, 50%, 75% of POC duration.
On each wake, #Send Direct Message to SE asking for status + customer engagement signals.
POC close:
schedule_action wake at end of POC.
#Send Direct Message to AE + SE: "POC ends today. Conversion status?"
On conversion → #Update HubSpot Deal Properties with
pocConverted = true.On non-conversion → fire Rev-14 (closed-lost cascade) if deal is lost.
#Leave Internal Note capturing all gates and outcomes.
Privacy / Data Deletion
Playbooks
/
Privacy / Data Deletion
Privacy / Data Deletion
Created by
Console Team
Published
Security
Okta
Google Workspace Admin
Snowflake
+6
Trigger
Requester submits a Data Subject Request (DSR) — internal user, customer, or external request via privacy@.
Instructions
#Trigger Form to collect:
Request type (Access / Portability / Deletion / Rectification / Opt-out)
Subject email or identifier
Subject relationship (customer / employee / prospect / unknown)
Verification method (email confirmation / govt ID / customer auth)
Regulatory basis (GDPR / CCPA / other)
SLA window (auto-calculated: GDPR = 30 days, CCPA = 45 days)
Verify the requester is authorized:
For employee-initiated → require their direct email match.
For customer → #custom Send Verification Email + verify response.
For attorney/legal rep → require power of attorney upload + legal review.
#Lookup Users on the subject email (employee case).
#Request Approval from the Data Protection Officer (DPO) for high-impact requests (deletion of active customer, employee records).
Locate the subject across all systems:
#Custom Snowflake Locate User across product DBs (orders, sessions, events).
#Search Okta User by Email for identity systems.
#Custom Zendesk Locate Tickets for support history.
#Custom Mailchimp/SendGrid Locate Subscriber for marketing.
#Custom Google Workspace Search for emails referencing the subject.
#Custom S3 Inventory Search for any data lake exports.
Build a comprehensive data inventory:
System / data type / record count / oldest record / newest record.
Branch on request type:
Access / Portability:
#Custom Generate Data Export action that pulls JSON/CSV from each system.
Compile into a single secure package (encrypted ZIP).
#Send Email to subject with download link + decryption key (separate channel).
Deletion:
For each system: #custom Delete User Data action.
For systems with retention obligations (e.g. financial records under SOX): apply pseudonymization instead of hard delete; document the basis.
#Deactivate User (Okta) if employee.
#Custom Snowflake Execute Deletion with audit log.
Rectification:
Apply corrections in each system via the appropriate update actions.
Opt-out:
#Custom Mark User Opted Out in marketing systems.
Add to suppression list.
Generate completion certificate:
#Custom Generate DSR Completion Report with: all systems touched, action taken, timestamps, records affected.
#Send Email to subject confirming completion.
#Custom Vanta Upload DSR Evidence for compliance audit trail.
schedule_action wake at SLA deadline minus 7 days to check unfinished items.
On wake: if any items remain, #Send Channel Message to
#privacy-opsand DPO.#Leave Internal Note capturing data inventory and completion.
Privacy / Data Deletion
Playbooks
/
Privacy / Data Deletion
Privacy / Data Deletion
Created by
Console Team
Published
Security
Okta
Google Workspace Admin
Snowflake
+6
Trigger
Requester submits a Data Subject Request (DSR) — internal user, customer, or external request via privacy@.
Instructions
#Trigger Form to collect:
Request type (Access / Portability / Deletion / Rectification / Opt-out)
Subject email or identifier
Subject relationship (customer / employee / prospect / unknown)
Verification method (email confirmation / govt ID / customer auth)
Regulatory basis (GDPR / CCPA / other)
SLA window (auto-calculated: GDPR = 30 days, CCPA = 45 days)
Verify the requester is authorized:
For employee-initiated → require their direct email match.
For customer → #custom Send Verification Email + verify response.
For attorney/legal rep → require power of attorney upload + legal review.
#Lookup Users on the subject email (employee case).
#Request Approval from the Data Protection Officer (DPO) for high-impact requests (deletion of active customer, employee records).
Locate the subject across all systems:
#Custom Snowflake Locate User across product DBs (orders, sessions, events).
#Search Okta User by Email for identity systems.
#Custom Zendesk Locate Tickets for support history.
#Custom Mailchimp/SendGrid Locate Subscriber for marketing.
#Custom Google Workspace Search for emails referencing the subject.
#Custom S3 Inventory Search for any data lake exports.
Build a comprehensive data inventory:
System / data type / record count / oldest record / newest record.
Branch on request type:
Access / Portability:
#Custom Generate Data Export action that pulls JSON/CSV from each system.
Compile into a single secure package (encrypted ZIP).
#Send Email to subject with download link + decryption key (separate channel).
Deletion:
For each system: #custom Delete User Data action.
For systems with retention obligations (e.g. financial records under SOX): apply pseudonymization instead of hard delete; document the basis.
#Deactivate User (Okta) if employee.
#Custom Snowflake Execute Deletion with audit log.
Rectification:
Apply corrections in each system via the appropriate update actions.
Opt-out:
#Custom Mark User Opted Out in marketing systems.
Add to suppression list.
Generate completion certificate:
#Custom Generate DSR Completion Report with: all systems touched, action taken, timestamps, records affected.
#Send Email to subject confirming completion.
#Custom Vanta Upload DSR Evidence for compliance audit trail.
schedule_action wake at SLA deadline minus 7 days to check unfinished items.
On wake: if any items remain, #Send Channel Message to
#privacy-opsand DPO.#Leave Internal Note capturing data inventory and completion.
Privacy / Data Deletion
Playbooks
/
Privacy / Data Deletion
Privacy / Data Deletion
Created by
Console Team
Published
Security
Okta
Google Workspace Admin
Snowflake
+6
Trigger
Requester submits a Data Subject Request (DSR) — internal user, customer, or external request via privacy@.
Instructions
#Trigger Form to collect:
Request type (Access / Portability / Deletion / Rectification / Opt-out)
Subject email or identifier
Subject relationship (customer / employee / prospect / unknown)
Verification method (email confirmation / govt ID / customer auth)
Regulatory basis (GDPR / CCPA / other)
SLA window (auto-calculated: GDPR = 30 days, CCPA = 45 days)
Verify the requester is authorized:
For employee-initiated → require their direct email match.
For customer → #custom Send Verification Email + verify response.
For attorney/legal rep → require power of attorney upload + legal review.
#Lookup Users on the subject email (employee case).
#Request Approval from the Data Protection Officer (DPO) for high-impact requests (deletion of active customer, employee records).
Locate the subject across all systems:
#Custom Snowflake Locate User across product DBs (orders, sessions, events).
#Search Okta User by Email for identity systems.
#Custom Zendesk Locate Tickets for support history.
#Custom Mailchimp/SendGrid Locate Subscriber for marketing.
#Custom Google Workspace Search for emails referencing the subject.
#Custom S3 Inventory Search for any data lake exports.
Build a comprehensive data inventory:
System / data type / record count / oldest record / newest record.
Branch on request type:
Access / Portability:
#Custom Generate Data Export action that pulls JSON/CSV from each system.
Compile into a single secure package (encrypted ZIP).
#Send Email to subject with download link + decryption key (separate channel).
Deletion:
For each system: #custom Delete User Data action.
For systems with retention obligations (e.g. financial records under SOX): apply pseudonymization instead of hard delete; document the basis.
#Deactivate User (Okta) if employee.
#Custom Snowflake Execute Deletion with audit log.
Rectification:
Apply corrections in each system via the appropriate update actions.
Opt-out:
#Custom Mark User Opted Out in marketing systems.
Add to suppression list.
Generate completion certificate:
#Custom Generate DSR Completion Report with: all systems touched, action taken, timestamps, records affected.
#Send Email to subject confirming completion.
#Custom Vanta Upload DSR Evidence for compliance audit trail.
schedule_action wake at SLA deadline minus 7 days to check unfinished items.
On wake: if any items remain, #Send Channel Message to
#privacy-opsand DPO.#Leave Internal Note capturing data inventory and completion.
Privacy Review for New Features
Playbooks
/
Privacy Review for New Features
Privacy Review for New Features
Created by
Console Team
Published
Legal
Vanta
Notion
Linear
Trigger
Engineering submits a feature with new data processing.
Instructions
#Trigger Form to collect:
Feature name and description.
Linear/Jira issue link.
Data categories processed (PII types / device data / location / health / financial / sensitive).
Data sources.
Lawful basis (consent / contract / legitimate interest / legal obligation / vital interest / public interest).
Data subjects.
Cross-border transfers?
Retention period.
Third-party sharing?
Automated decision-making?
Target launch date.
#Lookup Users on eng requester and product owner.
Generate DPIA template:
Save to Notion / Google Docs for collaborative editing.
Run privacy checklist:
#Custom Run Privacy Checklist:
Lawful basis valid?
Data minimization?
Purpose limitation?
Retention reasonable?
Transfer safeguards (SCCs for EU)?
Subject rights respected?
Security measures appropriate?
Privacy notice updated?
Risk scoring:
#Custom Calculate Privacy Risk Score based on data sensitivity, scope, automated decision-making.
Low / Medium / High.
Route by tier:
Low → auto-approve with privacy notes.
Medium → #Request Approval from privacy counsel.
High → #Request Approval from privacy counsel + DPO + (if applicable) regulatory consultation.
Documentation:
Launch gate:
#Custom Block Linear Issue Status until DPIA sign-off.
#Send Direct Message to eng requester with status and to privacy counsel with the DPIA.
#Send Channel Message to
#privacy-reviews.#Resolve Request on sign-off.
Privacy Review for New Features
Playbooks
/
Privacy Review for New Features
Privacy Review for New Features
Created by
Console Team
Published
Legal
Vanta
Notion
Linear
Trigger
Engineering submits a feature with new data processing.
Instructions
#Trigger Form to collect:
Feature name and description.
Linear/Jira issue link.
Data categories processed (PII types / device data / location / health / financial / sensitive).
Data sources.
Lawful basis (consent / contract / legitimate interest / legal obligation / vital interest / public interest).
Data subjects.
Cross-border transfers?
Retention period.
Third-party sharing?
Automated decision-making?
Target launch date.
#Lookup Users on eng requester and product owner.
Generate DPIA template:
Save to Notion / Google Docs for collaborative editing.
Run privacy checklist:
#Custom Run Privacy Checklist:
Lawful basis valid?
Data minimization?
Purpose limitation?
Retention reasonable?
Transfer safeguards (SCCs for EU)?
Subject rights respected?
Security measures appropriate?
Privacy notice updated?
Risk scoring:
#Custom Calculate Privacy Risk Score based on data sensitivity, scope, automated decision-making.
Low / Medium / High.
Route by tier:
Low → auto-approve with privacy notes.
Medium → #Request Approval from privacy counsel.
High → #Request Approval from privacy counsel + DPO + (if applicable) regulatory consultation.
Documentation:
Launch gate:
#Custom Block Linear Issue Status until DPIA sign-off.
#Send Direct Message to eng requester with status and to privacy counsel with the DPIA.
#Send Channel Message to
#privacy-reviews.#Resolve Request on sign-off.
Privacy Review for New Features
Playbooks
/
Privacy Review for New Features
Privacy Review for New Features
Created by
Console Team
Published
Legal
Vanta
Notion
Linear
Trigger
Engineering submits a feature with new data processing.
Instructions
#Trigger Form to collect:
Feature name and description.
Linear/Jira issue link.
Data categories processed (PII types / device data / location / health / financial / sensitive).
Data sources.
Lawful basis (consent / contract / legitimate interest / legal obligation / vital interest / public interest).
Data subjects.
Cross-border transfers?
Retention period.
Third-party sharing?
Automated decision-making?
Target launch date.
#Lookup Users on eng requester and product owner.
Generate DPIA template:
Save to Notion / Google Docs for collaborative editing.
Run privacy checklist:
#Custom Run Privacy Checklist:
Lawful basis valid?
Data minimization?
Purpose limitation?
Retention reasonable?
Transfer safeguards (SCCs for EU)?
Subject rights respected?
Security measures appropriate?
Privacy notice updated?
Risk scoring:
#Custom Calculate Privacy Risk Score based on data sensitivity, scope, automated decision-making.
Low / Medium / High.
Route by tier:
Low → auto-approve with privacy notes.
Medium → #Request Approval from privacy counsel.
High → #Request Approval from privacy counsel + DPO + (if applicable) regulatory consultation.
Documentation:
Launch gate:
#Custom Block Linear Issue Status until DPIA sign-off.
#Send Direct Message to eng requester with status and to privacy counsel with the DPIA.
#Send Channel Message to
#privacy-reviews.#Resolve Request on sign-off.
Proactive Device Health
Playbooks
/
Proactive Device Health
Proactive Device Health
Created by
Console Team
Published
IT
Kandji
Linear
Trigger
Detection — scheduled scan every 6 hours Conditions: Device matches: crash count ≥3 in 7 days, OR disk usage ≥90%, OR OS version more than 2 releases behind.
Instructions
#List Devices (Kandji) with all enrolled devices.
For each device, #Get Device Details and #Get Device Parameters to pull telemetry.
Filter to devices matching any trigger condition.
For each matching device:
#Lookup Users on
device.assignedUserEmailto get the owner.Skip if the user is on PTO/leave (check HR ingest) or if the same device was already pinged in the last 7 days.
#Send Direct Message to the user: "Saw your laptop's been struggling — looks like {{issue summary}}. Want me to run the fix?" with #Trigger Form containing "Run fix" / "Schedule for later" / "Not now".
schedule_action wake at 24 hours to check the form response.
On wake, branch on response:
Run fix → execute remediation:
Disk full → #Create Kandji Custom Script for cleanup (clear caches, purge old downloads).
OS outdated → #Create Kandji Custom Script to trigger software update.
Frequent crashes → #Kandji Blank Push (Force Check-In) then #Create Kandji Custom Script to reset problem services.
Schedule for later → re-schedule wake for the chosen time.
Not now or no response → proceed to step 8.
schedule_action wake at 48 hours after the fix to verify resolution via re-checking telemetry.
If still failing or user declined: #Create Linear Issue in the IT project assigned to a human technician.
#Send Direct Message to the user confirming the outcome.
#Leave Internal Note capturing the diagnosis and action.
Proactive Device Health
Playbooks
/
Proactive Device Health
Proactive Device Health
Created by
Console Team
Published
IT
Kandji
Linear
Trigger
Detection — scheduled scan every 6 hours Conditions: Device matches: crash count ≥3 in 7 days, OR disk usage ≥90%, OR OS version more than 2 releases behind.
Instructions
#List Devices (Kandji) with all enrolled devices.
For each device, #Get Device Details and #Get Device Parameters to pull telemetry.
Filter to devices matching any trigger condition.
For each matching device:
#Lookup Users on
device.assignedUserEmailto get the owner.Skip if the user is on PTO/leave (check HR ingest) or if the same device was already pinged in the last 7 days.
#Send Direct Message to the user: "Saw your laptop's been struggling — looks like {{issue summary}}. Want me to run the fix?" with #Trigger Form containing "Run fix" / "Schedule for later" / "Not now".
schedule_action wake at 24 hours to check the form response.
On wake, branch on response:
Run fix → execute remediation:
Disk full → #Create Kandji Custom Script for cleanup (clear caches, purge old downloads).
OS outdated → #Create Kandji Custom Script to trigger software update.
Frequent crashes → #Kandji Blank Push (Force Check-In) then #Create Kandji Custom Script to reset problem services.
Schedule for later → re-schedule wake for the chosen time.
Not now or no response → proceed to step 8.
schedule_action wake at 48 hours after the fix to verify resolution via re-checking telemetry.
If still failing or user declined: #Create Linear Issue in the IT project assigned to a human technician.
#Send Direct Message to the user confirming the outcome.
#Leave Internal Note capturing the diagnosis and action.
Proactive Device Health
Playbooks
/
Proactive Device Health
Proactive Device Health
Created by
Console Team
Published
IT
Kandji
Linear
Trigger
Detection — scheduled scan every 6 hours Conditions: Device matches: crash count ≥3 in 7 days, OR disk usage ≥90%, OR OS version more than 2 releases behind.
Instructions
#List Devices (Kandji) with all enrolled devices.
For each device, #Get Device Details and #Get Device Parameters to pull telemetry.
Filter to devices matching any trigger condition.
For each matching device:
#Lookup Users on
device.assignedUserEmailto get the owner.Skip if the user is on PTO/leave (check HR ingest) or if the same device was already pinged in the last 7 days.
#Send Direct Message to the user: "Saw your laptop's been struggling — looks like {{issue summary}}. Want me to run the fix?" with #Trigger Form containing "Run fix" / "Schedule for later" / "Not now".
schedule_action wake at 24 hours to check the form response.
On wake, branch on response:
Run fix → execute remediation:
Disk full → #Create Kandji Custom Script for cleanup (clear caches, purge old downloads).
OS outdated → #Create Kandji Custom Script to trigger software update.
Frequent crashes → #Kandji Blank Push (Force Check-In) then #Create Kandji Custom Script to reset problem services.
Schedule for later → re-schedule wake for the chosen time.
Not now or no response → proceed to step 8.
schedule_action wake at 48 hours after the fix to verify resolution via re-checking telemetry.
If still failing or user declined: #Create Linear Issue in the IT project assigned to a human technician.
#Send Direct Message to the user confirming the outcome.
#Leave Internal Note capturing the diagnosis and action.
Public Exposure Monitoring
Playbooks
/
Public Exposure Monitoring
Public Exposure Monitoring
Created by
Console Team
Published
Security
AWS
GitHub
Vanta
+2
Trigger
Detection — scheduled scan every 4 hours + GitHub secret-scanning webhook
Instructions
Multi-source scan in parallel:
#Custom GitHub Secret Scan Get Findings at org level.
#Custom GitHub Search Public Code for org domain + sensitive keywords.
#Custom AWS List Internet-Facing Resources (RDS, ELBs, ECS services).
#Custom Shodan Org Lookup for unexpected exposed services.
For each finding, classify severity:
Leaked secret (API key, token, password) → P0.
Public S3 with data → P1.
Unexpected exposed port → P2.
Outdated TLS / weak config → P3.
Resolve the owning team:
For GitHub findings: #custom Get Repo Owner via CODEOWNERS.
For AWS findings: #custom Get Resource Owner via tags.
Default: route to
#securityfor triage.
For each finding:
For P0 (leaked secret):
#Custom Revoke Leaked Secret if it's an API key the system can revoke.
#Send Direct Message to the team lead with extreme urgency.
#Send Channel Message to
#security-critical.#Create Linear Issue with severity Critical.
#Custom Page On-Call security engineer.
For P1 (public data):
#Send Direct Message to the team lead.
#Create Linear Issue with severity High.
#Send Channel Message to
#security.
For P2/P3:
#Send Direct Message to the team lead with the finding.
#Create Linear Issue with severity Medium/Low.
schedule_action wakes per finding at SLA windows:
P0 → 4h, 8h, 24h.
P1 → 24h, 72h, 7d.
P2 → 7d, 30d.
P3 → 30d, 90d.
On wakes, #custom Get Finding Status to check remediation.
If unremediated past SLA: #Send Channel Message escalating to the team's skip-level and
#security-leads.#Custom Vanta Log Exposure Finding for compliance.
Weekly summary to
#securityvia #Send Channel Message.#Leave Internal Note per finding.
Public Exposure Monitoring
Playbooks
/
Public Exposure Monitoring
Public Exposure Monitoring
Created by
Console Team
Published
Security
AWS
GitHub
Vanta
+2
Trigger
Detection — scheduled scan every 4 hours + GitHub secret-scanning webhook
Instructions
Multi-source scan in parallel:
#Custom GitHub Secret Scan Get Findings at org level.
#Custom GitHub Search Public Code for org domain + sensitive keywords.
#Custom AWS List Internet-Facing Resources (RDS, ELBs, ECS services).
#Custom Shodan Org Lookup for unexpected exposed services.
For each finding, classify severity:
Leaked secret (API key, token, password) → P0.
Public S3 with data → P1.
Unexpected exposed port → P2.
Outdated TLS / weak config → P3.
Resolve the owning team:
For GitHub findings: #custom Get Repo Owner via CODEOWNERS.
For AWS findings: #custom Get Resource Owner via tags.
Default: route to
#securityfor triage.
For each finding:
For P0 (leaked secret):
#Custom Revoke Leaked Secret if it's an API key the system can revoke.
#Send Direct Message to the team lead with extreme urgency.
#Send Channel Message to
#security-critical.#Create Linear Issue with severity Critical.
#Custom Page On-Call security engineer.
For P1 (public data):
#Send Direct Message to the team lead.
#Create Linear Issue with severity High.
#Send Channel Message to
#security.
For P2/P3:
#Send Direct Message to the team lead with the finding.
#Create Linear Issue with severity Medium/Low.
schedule_action wakes per finding at SLA windows:
P0 → 4h, 8h, 24h.
P1 → 24h, 72h, 7d.
P2 → 7d, 30d.
P3 → 30d, 90d.
On wakes, #custom Get Finding Status to check remediation.
If unremediated past SLA: #Send Channel Message escalating to the team's skip-level and
#security-leads.#Custom Vanta Log Exposure Finding for compliance.
Weekly summary to
#securityvia #Send Channel Message.#Leave Internal Note per finding.
Public Exposure Monitoring
Playbooks
/
Public Exposure Monitoring
Public Exposure Monitoring
Created by
Console Team
Published
Security
AWS
GitHub
Vanta
+2
Trigger
Detection — scheduled scan every 4 hours + GitHub secret-scanning webhook
Instructions
Multi-source scan in parallel:
#Custom GitHub Secret Scan Get Findings at org level.
#Custom GitHub Search Public Code for org domain + sensitive keywords.
#Custom AWS List Internet-Facing Resources (RDS, ELBs, ECS services).
#Custom Shodan Org Lookup for unexpected exposed services.
For each finding, classify severity:
Leaked secret (API key, token, password) → P0.
Public S3 with data → P1.
Unexpected exposed port → P2.
Outdated TLS / weak config → P3.
Resolve the owning team:
For GitHub findings: #custom Get Repo Owner via CODEOWNERS.
For AWS findings: #custom Get Resource Owner via tags.
Default: route to
#securityfor triage.
For each finding:
For P0 (leaked secret):
#Custom Revoke Leaked Secret if it's an API key the system can revoke.
#Send Direct Message to the team lead with extreme urgency.
#Send Channel Message to
#security-critical.#Create Linear Issue with severity Critical.
#Custom Page On-Call security engineer.
For P1 (public data):
#Send Direct Message to the team lead.
#Create Linear Issue with severity High.
#Send Channel Message to
#security.
For P2/P3:
#Send Direct Message to the team lead with the finding.
#Create Linear Issue with severity Medium/Low.
schedule_action wakes per finding at SLA windows:
P0 → 4h, 8h, 24h.
P1 → 24h, 72h, 7d.
P2 → 7d, 30d.
P3 → 30d, 90d.
On wakes, #custom Get Finding Status to check remediation.
If unremediated past SLA: #Send Channel Message escalating to the team's skip-level and
#security-leads.#Custom Vanta Log Exposure Finding for compliance.
Weekly summary to
#securityvia #Send Channel Message.#Leave Internal Note per finding.
Receipt Match & Policy Compliance
Playbooks
/
Receipt Match & Policy Compliance
Receipt Match & Policy Compliance
Created by
Console Team
Published
Finance
Ramp
Trigger
Scheduled — every day at 9:00 AM America/Chicago
Instructions
Pull recent transactions:
#List Ramp Cards by User then custom Ramp List Transactions for last 30 days.
For each transaction:
Branch by days:
Day 3: first reminder.
Day 7: second + manager escalation.
Day 14: route to finance + policy flag.
Missing-receipt transactions:
#Lookup Users on cardholder.
#Send Direct Message with #Trigger Form for upload.
Day 7: cc manager.
Day 14: #Send Channel Message to
#finance-receipts; custom Ramp Pause Card until caught up.
With-receipt transactions:
#Custom Validate Against T&E Policy for alcohol on lunch, dinner over threshold, missing memo, personal-looking merchants, out-of-policy categories.
Flagged items → #Send Channel Message to
#finance-reviewwith transaction + receipt + reason.
Aggregate metrics per cardholder.
Weekly summary:
#Send Channel Message to
#financewith compliance stats via #Run Query.Repeat offenders (>3 missing in a month): #Send Direct Message to manager.
#Leave Internal Note in daily tracking issue.
Receipt Match & Policy Compliance
Playbooks
/
Receipt Match & Policy Compliance
Receipt Match & Policy Compliance
Created by
Console Team
Published
Finance
Ramp
Trigger
Scheduled — every day at 9:00 AM America/Chicago
Instructions
Pull recent transactions:
#List Ramp Cards by User then custom Ramp List Transactions for last 30 days.
For each transaction:
Branch by days:
Day 3: first reminder.
Day 7: second + manager escalation.
Day 14: route to finance + policy flag.
Missing-receipt transactions:
#Lookup Users on cardholder.
#Send Direct Message with #Trigger Form for upload.
Day 7: cc manager.
Day 14: #Send Channel Message to
#finance-receipts; custom Ramp Pause Card until caught up.
With-receipt transactions:
#Custom Validate Against T&E Policy for alcohol on lunch, dinner over threshold, missing memo, personal-looking merchants, out-of-policy categories.
Flagged items → #Send Channel Message to
#finance-reviewwith transaction + receipt + reason.
Aggregate metrics per cardholder.
Weekly summary:
#Send Channel Message to
#financewith compliance stats via #Run Query.Repeat offenders (>3 missing in a month): #Send Direct Message to manager.
#Leave Internal Note in daily tracking issue.
Receipt Match & Policy Compliance
Playbooks
/
Receipt Match & Policy Compliance
Receipt Match & Policy Compliance
Created by
Console Team
Published
Finance
Ramp
Trigger
Scheduled — every day at 9:00 AM America/Chicago
Instructions
Pull recent transactions:
#List Ramp Cards by User then custom Ramp List Transactions for last 30 days.
For each transaction:
Branch by days:
Day 3: first reminder.
Day 7: second + manager escalation.
Day 14: route to finance + policy flag.
Missing-receipt transactions:
#Lookup Users on cardholder.
#Send Direct Message with #Trigger Form for upload.
Day 7: cc manager.
Day 14: #Send Channel Message to
#finance-receipts; custom Ramp Pause Card until caught up.
With-receipt transactions:
#Custom Validate Against T&E Policy for alcohol on lunch, dinner over threshold, missing memo, personal-looking merchants, out-of-policy categories.
Flagged items → #Send Channel Message to
#finance-reviewwith transaction + receipt + reason.
Aggregate metrics per cardholder.
Weekly summary:
#Send Channel Message to
#financewith compliance stats via #Run Query.Repeat offenders (>3 missing in a month): #Send Direct Message to manager.
#Leave Internal Note in daily tracking issue.
Reimbursement Intake
Playbooks
/
Reimbursement Intake
Reimbursement Intake
Created by
Console Team
Published
Finance
Workday
Ramp
Bill
Trigger
Requester submits reimbursement.
Instructions
#Trigger Form for category, amount, dates, receipt, justification, payment method.
#Lookup Users with
includeManager.Policy validation:
#Search Knowledge Base for policy.
#Custom Validate Reimbursement Against Policy.
#Custom Get YTD Reimbursement Balance for caps.
Routing:
Auto-approve under threshold per category.
Manager approval otherwise.
Finance approval over $500 or any flag.
On approval:
Ramp Reimbursements →#custom Ramp Create Reimbursement.
Payroll → #custom Workday Add to Next Payroll.
Direct deposit → #custom Bill.com Schedule ACH.
#Send Direct Message with status, payment date, method, YTD balance.
Reimbursement Intake
Playbooks
/
Reimbursement Intake
Reimbursement Intake
Created by
Console Team
Published
Finance
Workday
Ramp
Bill
Trigger
Requester submits reimbursement.
Instructions
#Trigger Form for category, amount, dates, receipt, justification, payment method.
#Lookup Users with
includeManager.Policy validation:
#Search Knowledge Base for policy.
#Custom Validate Reimbursement Against Policy.
#Custom Get YTD Reimbursement Balance for caps.
Routing:
Auto-approve under threshold per category.
Manager approval otherwise.
Finance approval over $500 or any flag.
On approval:
Ramp Reimbursements →#custom Ramp Create Reimbursement.
Payroll → #custom Workday Add to Next Payroll.
Direct deposit → #custom Bill.com Schedule ACH.
#Send Direct Message with status, payment date, method, YTD balance.
Reimbursement Intake
Playbooks
/
Reimbursement Intake
Reimbursement Intake
Created by
Console Team
Published
Finance
Workday
Ramp
Bill
Trigger
Requester submits reimbursement.
Instructions
#Trigger Form for category, amount, dates, receipt, justification, payment method.
#Lookup Users with
includeManager.Policy validation:
#Search Knowledge Base for policy.
#Custom Validate Reimbursement Against Policy.
#Custom Get YTD Reimbursement Balance for caps.
Routing:
Auto-approve under threshold per category.
Manager approval otherwise.
Finance approval over $500 or any flag.
On approval:
Ramp Reimbursements →#custom Ramp Create Reimbursement.
Payroll → #custom Workday Add to Next Payroll.
Direct deposit → #custom Bill.com Schedule ACH.
#Send Direct Message with status, payment date, method, YTD balance.
Renewal Pipeline Review
Playbooks
/
Renewal Pipeline Review
Renewal Pipeline Review
Created by
Console Team
Published
RevOps
HubSpot
DocuSign
NetSuite
+2
Trigger
Scheduled — every day at 7:00 AM America/Chicago
Instructions
#Search HubSpot Deals by Close Date Range for deals (or contracts) with
renewalDateat exactly 90, 60, 30 days out.For each renewal:
#Get HubSpot Company Details with Activity Timeline for the customer.
#Lookup Users on the CSM and AE.
#Custom Gainsight Get Health Score for the customer.
#Custom Product Analytics Get Usage (MAU, feature adoption, key event volume).
#Custom NetSuite Get Billing History (payment timeliness, total spend, expansion).
#Custom Zendesk Get Support History (open tickets, recent CSAT, escalations).
#Search Plain Threads for recent customer support conversations.
Compute renewal risk score:
Health score weight (Gainsight).
Usage trend (declining / flat / growing).
Support burden (high ticket volume = risk).
Champion stability (no champion change = positive).
Engagement (recent QBRs / EBR cadence).
Bucket renewals:
At-risk (low score, declining usage, no champion) → escalate.
Standard (healthy) → standard renewal process.
Expansion-ready (high usage, expanding team) → upsell motion.
#Send Direct Message to CSM + AE per renewal with the full package:
Renewal date.
Risk score + breakdown.
Usage trend chart.
Last QBR summary.
Suggested action (renewal play / expansion play / save play).
For at-risk renewals (90-day):
#Send Channel Message to
#cs-leadershipflagging for executive sponsor involvement.#Custom Trigger Save Play Playbook for structured intervention.
For expansion-ready (90-day):
#Custom Generate Expansion Proposal with the suggested seats/products.
#Send Direct Message to AE with the expansion brief.
At 60-day mark:
Confirm renewal motion is in progress.
#Update HubSpot Deal Properties with
renewalMotion = active.
At 30-day mark:
#Send Direct Message to CSM with the contract status.
On signature:
#Update HubSpot Deal Properties with
renewed = true.#Send Channel Message to
#renewals-won.
On non-renewal:
Trigger Rev-14 (closed-lost cascade) with
lossType = churn.
#Leave Internal Note with renewal review per customer.
Renewal Pipeline Review
Playbooks
/
Renewal Pipeline Review
Renewal Pipeline Review
Created by
Console Team
Published
RevOps
HubSpot
DocuSign
NetSuite
+2
Trigger
Scheduled — every day at 7:00 AM America/Chicago
Instructions
#Search HubSpot Deals by Close Date Range for deals (or contracts) with
renewalDateat exactly 90, 60, 30 days out.For each renewal:
#Get HubSpot Company Details with Activity Timeline for the customer.
#Lookup Users on the CSM and AE.
#Custom Gainsight Get Health Score for the customer.
#Custom Product Analytics Get Usage (MAU, feature adoption, key event volume).
#Custom NetSuite Get Billing History (payment timeliness, total spend, expansion).
#Custom Zendesk Get Support History (open tickets, recent CSAT, escalations).
#Search Plain Threads for recent customer support conversations.
Compute renewal risk score:
Health score weight (Gainsight).
Usage trend (declining / flat / growing).
Support burden (high ticket volume = risk).
Champion stability (no champion change = positive).
Engagement (recent QBRs / EBR cadence).
Bucket renewals:
At-risk (low score, declining usage, no champion) → escalate.
Standard (healthy) → standard renewal process.
Expansion-ready (high usage, expanding team) → upsell motion.
#Send Direct Message to CSM + AE per renewal with the full package:
Renewal date.
Risk score + breakdown.
Usage trend chart.
Last QBR summary.
Suggested action (renewal play / expansion play / save play).
For at-risk renewals (90-day):
#Send Channel Message to
#cs-leadershipflagging for executive sponsor involvement.#Custom Trigger Save Play Playbook for structured intervention.
For expansion-ready (90-day):
#Custom Generate Expansion Proposal with the suggested seats/products.
#Send Direct Message to AE with the expansion brief.
At 60-day mark:
Confirm renewal motion is in progress.
#Update HubSpot Deal Properties with
renewalMotion = active.
At 30-day mark:
#Send Direct Message to CSM with the contract status.
On signature:
#Update HubSpot Deal Properties with
renewed = true.#Send Channel Message to
#renewals-won.
On non-renewal:
Trigger Rev-14 (closed-lost cascade) with
lossType = churn.
#Leave Internal Note with renewal review per customer.
Renewal Pipeline Review
Playbooks
/
Renewal Pipeline Review
Renewal Pipeline Review
Created by
Console Team
Published
RevOps
HubSpot
DocuSign
NetSuite
+2
Trigger
Scheduled — every day at 7:00 AM America/Chicago
Instructions
#Search HubSpot Deals by Close Date Range for deals (or contracts) with
renewalDateat exactly 90, 60, 30 days out.For each renewal:
#Get HubSpot Company Details with Activity Timeline for the customer.
#Lookup Users on the CSM and AE.
#Custom Gainsight Get Health Score for the customer.
#Custom Product Analytics Get Usage (MAU, feature adoption, key event volume).
#Custom NetSuite Get Billing History (payment timeliness, total spend, expansion).
#Custom Zendesk Get Support History (open tickets, recent CSAT, escalations).
#Search Plain Threads for recent customer support conversations.
Compute renewal risk score:
Health score weight (Gainsight).
Usage trend (declining / flat / growing).
Support burden (high ticket volume = risk).
Champion stability (no champion change = positive).
Engagement (recent QBRs / EBR cadence).
Bucket renewals:
At-risk (low score, declining usage, no champion) → escalate.
Standard (healthy) → standard renewal process.
Expansion-ready (high usage, expanding team) → upsell motion.
#Send Direct Message to CSM + AE per renewal with the full package:
Renewal date.
Risk score + breakdown.
Usage trend chart.
Last QBR summary.
Suggested action (renewal play / expansion play / save play).
For at-risk renewals (90-day):
#Send Channel Message to
#cs-leadershipflagging for executive sponsor involvement.#Custom Trigger Save Play Playbook for structured intervention.
For expansion-ready (90-day):
#Custom Generate Expansion Proposal with the suggested seats/products.
#Send Direct Message to AE with the expansion brief.
At 60-day mark:
Confirm renewal motion is in progress.
#Update HubSpot Deal Properties with
renewalMotion = active.
At 30-day mark:
#Send Direct Message to CSM with the contract status.
On signature:
#Update HubSpot Deal Properties with
renewed = true.#Send Channel Message to
#renewals-won.
On non-renewal:
Trigger Rev-14 (closed-lost cascade) with
lossType = churn.
#Leave Internal Note with renewal review per customer.
Restricted-Country Access Control
Playbooks
/
Restricted-Country Access Control
Restricted-Country Access Control
Created by
Console Team
Published
Security
Okta
Vanta
+1
Trigger
Detection — scheduled Okta system log poll every 5 minutes
Instructions
#Custom Get Restricted Country List from the security policy (e.g. OFAC list + internal exclusions).
#Search Okta System Log Custom with filter for
eventType eq "user.session.start"ANDclient.geographicalContext.country in restricted-listfor the last 5 minutes.For each matching login:
#Lookup Users on the user email with
includeManager,includeGroups.Check exemptions: #custom Get Travel Authorization for an active travel-from-country exemption.
If exempt → log and exit for this user.
#Send Direct Message to the user immediately:
"We detected a login from {{country}} at {{time}} from IP {{ip}}. Was this you?"
#Trigger Form with options: "Yes, I'm traveling" / "Yes, VPN" / "No, not me".
schedule_action wake at 30 minutes for response.
Branch on response:
Yes, traveling:
#Request Approval from security for time-boxed allowance with duration.
On approval: #custom Okta Create Network Zone Exception for the user + country window.
#Send Direct Message confirming with expiry.
schedule_action wake at TTL to remove the exception.
Yes, VPN:
Verify against known corporate VPN egress IPs via custom Check VPN Egress.
If matches → no action, log only.
If doesn't match → treat as "No, not me" and escalate.
No, not me OR no response within 30 min:
#Send Channel Message to
#soc-triagewith the user, login details, and escalate to Sec-12 (Anomalous Login).#Send Direct Message to the user (after revocation): "We've revoked your sessions and reset your factors as a precaution. Please re-authenticate from a trusted location."
#Custom Vanta Log Restricted Country Event with the full audit trail.
#Leave Internal Note capturing detection, response, action.
Restricted-Country Access Control
Playbooks
/
Restricted-Country Access Control
Restricted-Country Access Control
Created by
Console Team
Published
Security
Okta
Vanta
+1
Trigger
Detection — scheduled Okta system log poll every 5 minutes
Instructions
#Custom Get Restricted Country List from the security policy (e.g. OFAC list + internal exclusions).
#Search Okta System Log Custom with filter for
eventType eq "user.session.start"ANDclient.geographicalContext.country in restricted-listfor the last 5 minutes.For each matching login:
#Lookup Users on the user email with
includeManager,includeGroups.Check exemptions: #custom Get Travel Authorization for an active travel-from-country exemption.
If exempt → log and exit for this user.
#Send Direct Message to the user immediately:
"We detected a login from {{country}} at {{time}} from IP {{ip}}. Was this you?"
#Trigger Form with options: "Yes, I'm traveling" / "Yes, VPN" / "No, not me".
schedule_action wake at 30 minutes for response.
Branch on response:
Yes, traveling:
#Request Approval from security for time-boxed allowance with duration.
On approval: #custom Okta Create Network Zone Exception for the user + country window.
#Send Direct Message confirming with expiry.
schedule_action wake at TTL to remove the exception.
Yes, VPN:
Verify against known corporate VPN egress IPs via custom Check VPN Egress.
If matches → no action, log only.
If doesn't match → treat as "No, not me" and escalate.
No, not me OR no response within 30 min:
#Send Channel Message to
#soc-triagewith the user, login details, and escalate to Sec-12 (Anomalous Login).#Send Direct Message to the user (after revocation): "We've revoked your sessions and reset your factors as a precaution. Please re-authenticate from a trusted location."
#Custom Vanta Log Restricted Country Event with the full audit trail.
#Leave Internal Note capturing detection, response, action.
Restricted-Country Access Control
Playbooks
/
Restricted-Country Access Control
Restricted-Country Access Control
Created by
Console Team
Published
Security
Okta
Vanta
+1
Trigger
Detection — scheduled Okta system log poll every 5 minutes
Instructions
#Custom Get Restricted Country List from the security policy (e.g. OFAC list + internal exclusions).
#Search Okta System Log Custom with filter for
eventType eq "user.session.start"ANDclient.geographicalContext.country in restricted-listfor the last 5 minutes.For each matching login:
#Lookup Users on the user email with
includeManager,includeGroups.Check exemptions: #custom Get Travel Authorization for an active travel-from-country exemption.
If exempt → log and exit for this user.
#Send Direct Message to the user immediately:
"We detected a login from {{country}} at {{time}} from IP {{ip}}. Was this you?"
#Trigger Form with options: "Yes, I'm traveling" / "Yes, VPN" / "No, not me".
schedule_action wake at 30 minutes for response.
Branch on response:
Yes, traveling:
#Request Approval from security for time-boxed allowance with duration.
On approval: #custom Okta Create Network Zone Exception for the user + country window.
#Send Direct Message confirming with expiry.
schedule_action wake at TTL to remove the exception.
Yes, VPN:
Verify against known corporate VPN egress IPs via custom Check VPN Egress.
If matches → no action, log only.
If doesn't match → treat as "No, not me" and escalate.
No, not me OR no response within 30 min:
#Send Channel Message to
#soc-triagewith the user, login details, and escalate to Sec-12 (Anomalous Login).#Send Direct Message to the user (after revocation): "We've revoked your sessions and reset your factors as a precaution. Please re-authenticate from a trusted location."
#Custom Vanta Log Restricted Country Event with the full audit trail.
#Leave Internal Note capturing detection, response, action.
RMA & Repair
Playbooks
/
RMA & Repair
RMA & Repair
Created by
Console Team
Published
IT
Kandji
Apple Business Manager
+3
Trigger
User reports a device needing repair ("laptop won't power on", "screen cracked", "keyboard sticking", "battery swelling").
Instructions
#Lookup Users on the requester.
#List Devices (Kandji) filtered by
assignedUserEmail.#Trigger Form to collect:
Which device
Symptom description
Severity (can't work at all / partial use / cosmetic)
Whether they need a loaner immediately
#Get Device Details to confirm device, serial number, purchase date, warranty status.
Determine RMA path based on vendor:
Apple → #custom Apple Business RMA Create with serial and symptom.
Dell/Lenovo → #custom Dell ProSupport RMA or Lenovo Warranty Service.
Capture the RMA case number and shipping label.
If user needs a loaner (severity = can't work):
#Custom BlueTally Reserve Loaner with matching model.
#Custom ComputerCare Ship Loaner with overnight shipping.
Capture loaner tracking number.
#Send Direct Message to the user with RMA case, shipping label, loaner tracking, send-in instructions, expected turnaround.
schedule_action daily wake to:
#Send Direct Message if status changed.
On repair completion + return:
#Get Device Details to confirm repaired device is back online in Kandji.
#Custom ComputerCare Return Loaner with return shipping label.
#Send Direct Message with loaner return instructions.
#Leave Internal Note capturing RMA case, loaner ID, dates.
#Resolve Request after loaner return.
RMA & Repair
Playbooks
/
RMA & Repair
RMA & Repair
Created by
Console Team
Published
IT
Kandji
Apple Business Manager
+3
Trigger
User reports a device needing repair ("laptop won't power on", "screen cracked", "keyboard sticking", "battery swelling").
Instructions
#Lookup Users on the requester.
#List Devices (Kandji) filtered by
assignedUserEmail.#Trigger Form to collect:
Which device
Symptom description
Severity (can't work at all / partial use / cosmetic)
Whether they need a loaner immediately
#Get Device Details to confirm device, serial number, purchase date, warranty status.
Determine RMA path based on vendor:
Apple → #custom Apple Business RMA Create with serial and symptom.
Dell/Lenovo → #custom Dell ProSupport RMA or Lenovo Warranty Service.
Capture the RMA case number and shipping label.
If user needs a loaner (severity = can't work):
#Custom BlueTally Reserve Loaner with matching model.
#Custom ComputerCare Ship Loaner with overnight shipping.
Capture loaner tracking number.
#Send Direct Message to the user with RMA case, shipping label, loaner tracking, send-in instructions, expected turnaround.
schedule_action daily wake to:
#Send Direct Message if status changed.
On repair completion + return:
#Get Device Details to confirm repaired device is back online in Kandji.
#Custom ComputerCare Return Loaner with return shipping label.
#Send Direct Message with loaner return instructions.
#Leave Internal Note capturing RMA case, loaner ID, dates.
#Resolve Request after loaner return.
RMA & Repair
Playbooks
/
RMA & Repair
RMA & Repair
Created by
Console Team
Published
IT
Kandji
Apple Business Manager
+3
Trigger
User reports a device needing repair ("laptop won't power on", "screen cracked", "keyboard sticking", "battery swelling").
Instructions
#Lookup Users on the requester.
#List Devices (Kandji) filtered by
assignedUserEmail.#Trigger Form to collect:
Which device
Symptom description
Severity (can't work at all / partial use / cosmetic)
Whether they need a loaner immediately
#Get Device Details to confirm device, serial number, purchase date, warranty status.
Determine RMA path based on vendor:
Apple → #custom Apple Business RMA Create with serial and symptom.
Dell/Lenovo → #custom Dell ProSupport RMA or Lenovo Warranty Service.
Capture the RMA case number and shipping label.
If user needs a loaner (severity = can't work):
#Custom BlueTally Reserve Loaner with matching model.
#Custom ComputerCare Ship Loaner with overnight shipping.
Capture loaner tracking number.
#Send Direct Message to the user with RMA case, shipping label, loaner tracking, send-in instructions, expected turnaround.
schedule_action daily wake to:
#Send Direct Message if status changed.
On repair completion + return:
#Get Device Details to confirm repaired device is back online in Kandji.
#Custom ComputerCare Return Loaner with return shipping label.
#Send Direct Message with loaner return instructions.
#Leave Internal Note capturing RMA case, loaner ID, dates.
#Resolve Request after loaner return.
Role & Manager Changes
Playbooks
/
Role & Manager Changes
Role & Manager Changes
Created by
Console Team
Published
HR
Okta
Slack
Workday
Trigger
Internal transfer, promotion, reporting line change, or department change.
Instructions
#Trigger Form to collect:
Employee being changed
New role / title
New manager
New department / team
Effective date
Comp change (yes/no, new amount, new band)
Justification
#Lookup Users on the affected employee with
includeManagerandincludeGroups.#Lookup Users on the requester (assume manager initiating) to validate authority.
#Lookup Users on the new manager to confirm valid Okta record.
Approval chain:
#Request Approval from current manager (skip if they initiated).
#Request Approval from new manager.
#Request Approval from HRBP for the new department.
If comp change: #Request Approval from finance.
On full approval, execute changes on effective date (use schedule_action if effective date is in the future):
#Custom Workday Update Worker with new title, manager, department, comp band,
comp amount.
#Update Okta User Department for the new department.
#Custom Okta Update Manager to set the manager field.
For each group the employee was in: if it's role-based, #Remove from Group; if it's tenure-based, keep. Re-add to the new role's groups via #Add to Group.
#Update Usergroup (Slack) to add to the new team usergroup and remove from old.
#Custom Update Access Policies for any policies where manager-is-approver — the new manager becomes approver going forward.
For department-specific tooling: provision new (e.g. Sales tools if moving to Sales) and revoke old.
#Add Users To Channel for the new team's Slack channels; #Remove User From Channel for old team channels (with grace period of 30 days for handoff).
#Send Direct Message to the employee confirming all changes.
#Send Direct Message to both old and new managers explaining the transition.
#Send Channel Message to
#org-changesannouncing the move.#Leave Internal Note capturing all changes and approval trail.
Role & Manager Changes
Playbooks
/
Role & Manager Changes
Role & Manager Changes
Created by
Console Team
Published
HR
Okta
Slack
Workday
Trigger
Internal transfer, promotion, reporting line change, or department change.
Instructions
#Trigger Form to collect:
Employee being changed
New role / title
New manager
New department / team
Effective date
Comp change (yes/no, new amount, new band)
Justification
#Lookup Users on the affected employee with
includeManagerandincludeGroups.#Lookup Users on the requester (assume manager initiating) to validate authority.
#Lookup Users on the new manager to confirm valid Okta record.
Approval chain:
#Request Approval from current manager (skip if they initiated).
#Request Approval from new manager.
#Request Approval from HRBP for the new department.
If comp change: #Request Approval from finance.
On full approval, execute changes on effective date (use schedule_action if effective date is in the future):
#Custom Workday Update Worker with new title, manager, department, comp band,
comp amount.
#Update Okta User Department for the new department.
#Custom Okta Update Manager to set the manager field.
For each group the employee was in: if it's role-based, #Remove from Group; if it's tenure-based, keep. Re-add to the new role's groups via #Add to Group.
#Update Usergroup (Slack) to add to the new team usergroup and remove from old.
#Custom Update Access Policies for any policies where manager-is-approver — the new manager becomes approver going forward.
For department-specific tooling: provision new (e.g. Sales tools if moving to Sales) and revoke old.
#Add Users To Channel for the new team's Slack channels; #Remove User From Channel for old team channels (with grace period of 30 days for handoff).
#Send Direct Message to the employee confirming all changes.
#Send Direct Message to both old and new managers explaining the transition.
#Send Channel Message to
#org-changesannouncing the move.#Leave Internal Note capturing all changes and approval trail.
Role & Manager Changes
Playbooks
/
Role & Manager Changes
Role & Manager Changes
Created by
Console Team
Published
HR
Okta
Slack
Workday
Trigger
Internal transfer, promotion, reporting line change, or department change.
Instructions
#Trigger Form to collect:
Employee being changed
New role / title
New manager
New department / team
Effective date
Comp change (yes/no, new amount, new band)
Justification
#Lookup Users on the affected employee with
includeManagerandincludeGroups.#Lookup Users on the requester (assume manager initiating) to validate authority.
#Lookup Users on the new manager to confirm valid Okta record.
Approval chain:
#Request Approval from current manager (skip if they initiated).
#Request Approval from new manager.
#Request Approval from HRBP for the new department.
If comp change: #Request Approval from finance.
On full approval, execute changes on effective date (use schedule_action if effective date is in the future):
#Custom Workday Update Worker with new title, manager, department, comp band,
comp amount.
#Update Okta User Department for the new department.
#Custom Okta Update Manager to set the manager field.
For each group the employee was in: if it's role-based, #Remove from Group; if it's tenure-based, keep. Re-add to the new role's groups via #Add to Group.
#Update Usergroup (Slack) to add to the new team usergroup and remove from old.
#Custom Update Access Policies for any policies where manager-is-approver — the new manager becomes approver going forward.
For department-specific tooling: provision new (e.g. Sales tools if moving to Sales) and revoke old.
#Add Users To Channel for the new team's Slack channels; #Remove User From Channel for old team channels (with grace period of 30 days for handoff).
#Send Direct Message to the employee confirming all changes.
#Send Direct Message to both old and new managers explaining the transition.
#Send Channel Message to
#org-changesannouncing the move.#Leave Internal Note capturing all changes and approval trail.
Sales Policy Q&A
Playbooks
/
Sales Policy Q&A
Sales Policy Q&A
Created by
Console Team
Published
RevOps
Trigger
Requester asks a sales policy / process question ("discount threshold", "ICP definition", "MDF eligibility", "deal desk process", "deal registration rules").
Instructions
#Lookup Users on the requester to determine role (AE / SDR / manager).
#Search Knowledge Base with the user's question.
For multi-region or role-specific policies, filter by requester's role + region.
#Expand Knowledge Base Article on the top hit for deeper context.
Compose the answer:
Direct answer first (e.g. "Discounts up to 10% require no approval, 10-20% require manager, >20% require deal desk.").
Relevant exceptions or special cases.
Quoted source paragraph.
Source link to the KB doc.
#Send Direct Message with the formatted answer.
Offer follow-up:
"Want me to start the deal desk request?" → if they have a discount over threshold, fire Rev-8.
"Want to see related policies?" → list other policy docs.
If no relevant KB hit, #Prompt for Handoff to RevOps.
#Leave Internal Note capturing query + resolution.
Sales Policy Q&A
Playbooks
/
Sales Policy Q&A
Sales Policy Q&A
Created by
Console Team
Published
RevOps
Trigger
Requester asks a sales policy / process question ("discount threshold", "ICP definition", "MDF eligibility", "deal desk process", "deal registration rules").
Instructions
#Lookup Users on the requester to determine role (AE / SDR / manager).
#Search Knowledge Base with the user's question.
For multi-region or role-specific policies, filter by requester's role + region.
#Expand Knowledge Base Article on the top hit for deeper context.
Compose the answer:
Direct answer first (e.g. "Discounts up to 10% require no approval, 10-20% require manager, >20% require deal desk.").
Relevant exceptions or special cases.
Quoted source paragraph.
Source link to the KB doc.
#Send Direct Message with the formatted answer.
Offer follow-up:
"Want me to start the deal desk request?" → if they have a discount over threshold, fire Rev-8.
"Want to see related policies?" → list other policy docs.
If no relevant KB hit, #Prompt for Handoff to RevOps.
#Leave Internal Note capturing query + resolution.
Sales Policy Q&A
Playbooks
/
Sales Policy Q&A
Sales Policy Q&A
Created by
Console Team
Published
RevOps
Trigger
Requester asks a sales policy / process question ("discount threshold", "ICP definition", "MDF eligibility", "deal desk process", "deal registration rules").
Instructions
#Lookup Users on the requester to determine role (AE / SDR / manager).
#Search Knowledge Base with the user's question.
For multi-region or role-specific policies, filter by requester's role + region.
#Expand Knowledge Base Article on the top hit for deeper context.
Compose the answer:
Direct answer first (e.g. "Discounts up to 10% require no approval, 10-20% require manager, >20% require deal desk.").
Relevant exceptions or special cases.
Quoted source paragraph.
Source link to the KB doc.
#Send Direct Message with the formatted answer.
Offer follow-up:
"Want me to start the deal desk request?" → if they have a discount over threshold, fire Rev-8.
"Want to see related policies?" → list other policy docs.
If no relevant KB hit, #Prompt for Handoff to RevOps.
#Leave Internal Note capturing query + resolution.
SDR → AE Handoff
Playbooks
/
SDR → AE Handoff
SDR → AE Handoff
Created by
Console Team
Published
RevOps
Google Calendar
HubSpot
Outreach
+1
Trigger
Webhook — meeting held + marked qualified (in CRM or via SDR action) Variables: $meeting.id, $meeting.dealId, $meeting.sdrId, $meeting.outcome
Instructions
#Get HubSpot Deal Details with Activity Timeline for the deal.
#Lookup Users on the SDR and the proposed AE (from territory rules or specified in handoff).
#Trigger Form to SDR to capture handoff notes:
BANT (Budget, Authority, Need, Timeline) — each field.
Key talking points from the meeting.
Specific next steps agreed.
Anything to be aware of.
Recommended AE (auto-suggest from territory).
Package the full context:
#Custom Gong Get Meeting Recording + AI Summary for the qualifying meeting.
#Custom Get Email History from Outreach for all prior touches.
#Search HubSpot Contacts by Property Filter for the full contact set.
#Get HubSpot Engagement by ID for all engagements on the deal.
Validate AE assignment:
#Custom Check AE Capacity to ensure not over-allocated.
#Custom Check Territory Match for the AE.
Transfer the deal:
#Update HubSpot Deal Properties with
ownerId = AE,previousOwnerId = SDR,handoffNotes,handoffDate.#Create HubSpot Note on Deal with the BANT + meeting summary + handoff context.
#Create HubSpot Association between AE and the deal/contacts.
For Outreach: #custom Outreach Transfer Prospects to the AE.
Notify the AE:
#Send Direct Message with: deal link, BANT summary, meeting recording, full contact context, prior emails, suggested next steps, calendar slot link for the next meeting.
Schedule the AE's first touch:
#Custom Google Calendar Create Tentative Block on AE's calendar for first prep + outreach.
SDR confirmation:
#Send Direct Message to SDR confirming handoff is complete with credit attribution.
SLA enforcement:
schedule_action wake at 24h to confirm AE has touched the deal.
On wake: if no activity, #Send Direct Message to AE + manager.
#Send Channel Message to
#sdr-ae-handoffslogging the handoff.#Leave Internal Note with full handoff trail.
SDR → AE Handoff
Playbooks
/
SDR → AE Handoff
SDR → AE Handoff
Created by
Console Team
Published
RevOps
Google Calendar
HubSpot
Outreach
+1
Trigger
Webhook — meeting held + marked qualified (in CRM or via SDR action) Variables: $meeting.id, $meeting.dealId, $meeting.sdrId, $meeting.outcome
Instructions
#Get HubSpot Deal Details with Activity Timeline for the deal.
#Lookup Users on the SDR and the proposed AE (from territory rules or specified in handoff).
#Trigger Form to SDR to capture handoff notes:
BANT (Budget, Authority, Need, Timeline) — each field.
Key talking points from the meeting.
Specific next steps agreed.
Anything to be aware of.
Recommended AE (auto-suggest from territory).
Package the full context:
#Custom Gong Get Meeting Recording + AI Summary for the qualifying meeting.
#Custom Get Email History from Outreach for all prior touches.
#Search HubSpot Contacts by Property Filter for the full contact set.
#Get HubSpot Engagement by ID for all engagements on the deal.
Validate AE assignment:
#Custom Check AE Capacity to ensure not over-allocated.
#Custom Check Territory Match for the AE.
Transfer the deal:
#Update HubSpot Deal Properties with
ownerId = AE,previousOwnerId = SDR,handoffNotes,handoffDate.#Create HubSpot Note on Deal with the BANT + meeting summary + handoff context.
#Create HubSpot Association between AE and the deal/contacts.
For Outreach: #custom Outreach Transfer Prospects to the AE.
Notify the AE:
#Send Direct Message with: deal link, BANT summary, meeting recording, full contact context, prior emails, suggested next steps, calendar slot link for the next meeting.
Schedule the AE's first touch:
#Custom Google Calendar Create Tentative Block on AE's calendar for first prep + outreach.
SDR confirmation:
#Send Direct Message to SDR confirming handoff is complete with credit attribution.
SLA enforcement:
schedule_action wake at 24h to confirm AE has touched the deal.
On wake: if no activity, #Send Direct Message to AE + manager.
#Send Channel Message to
#sdr-ae-handoffslogging the handoff.#Leave Internal Note with full handoff trail.
SDR → AE Handoff
Playbooks
/
SDR → AE Handoff
SDR → AE Handoff
Created by
Console Team
Published
RevOps
Google Calendar
HubSpot
Outreach
+1
Trigger
Webhook — meeting held + marked qualified (in CRM or via SDR action) Variables: $meeting.id, $meeting.dealId, $meeting.sdrId, $meeting.outcome
Instructions
#Get HubSpot Deal Details with Activity Timeline for the deal.
#Lookup Users on the SDR and the proposed AE (from territory rules or specified in handoff).
#Trigger Form to SDR to capture handoff notes:
BANT (Budget, Authority, Need, Timeline) — each field.
Key talking points from the meeting.
Specific next steps agreed.
Anything to be aware of.
Recommended AE (auto-suggest from territory).
Package the full context:
#Custom Gong Get Meeting Recording + AI Summary for the qualifying meeting.
#Custom Get Email History from Outreach for all prior touches.
#Search HubSpot Contacts by Property Filter for the full contact set.
#Get HubSpot Engagement by ID for all engagements on the deal.
Validate AE assignment:
#Custom Check AE Capacity to ensure not over-allocated.
#Custom Check Territory Match for the AE.
Transfer the deal:
#Update HubSpot Deal Properties with
ownerId = AE,previousOwnerId = SDR,handoffNotes,handoffDate.#Create HubSpot Note on Deal with the BANT + meeting summary + handoff context.
#Create HubSpot Association between AE and the deal/contacts.
For Outreach: #custom Outreach Transfer Prospects to the AE.
Notify the AE:
#Send Direct Message with: deal link, BANT summary, meeting recording, full contact context, prior emails, suggested next steps, calendar slot link for the next meeting.
Schedule the AE's first touch:
#Custom Google Calendar Create Tentative Block on AE's calendar for first prep + outreach.
SDR confirmation:
#Send Direct Message to SDR confirming handoff is complete with credit attribution.
SLA enforcement:
schedule_action wake at 24h to confirm AE has touched the deal.
On wake: if no activity, #Send Direct Message to AE + manager.
#Send Channel Message to
#sdr-ae-handoffslogging the handoff.#Leave Internal Note with full handoff trail.
Secret & API Key Rotation
Playbooks
/
Secret & API Key Rotation
Secret & API Key Rotation
Created by
Console Team
Published
Security
Slack
1Password
AWS
+2
Trigger
Scheduled — every day at 6:00 AM America/Chicago
Instructions
Pull secrets inventory:
#Custom 1Password List Items with
lastModifiedtimestamps for shared vaults.#Custom GitHub List Repository Secrets for org-level and repo-level secrets.
#Custom Vault List Secrets by mount.
#Custom AWS Secrets Manager List with rotation status.
For each secret, compute age and expiry:
Use
lastRotatedfield if available, elsecreatedAt.Apply policy: 90-day rotation for prod, 180-day for non-prod, 365-day for read-only API keys.
Categorize by urgency:
Expired (past rotation date) → P0.
30 days from rotation → P1, send first reminder.
14 days from rotation → P2, second reminder.
7 days from rotation → P3, final reminder.
For each secret, #custom Get Secret Owner via:
Item tags / metadata.
Vault path → service mapping.
GitHub repo → CODEOWNERS.
For each owner, group their pending rotations.
#Send Direct Message with the list, urgency, and:
For rotatable-by-Console: offer "Rotate now" button via #Trigger Form.
For manual: link to runbook + provider rotation steps.
On "Rotate now":
Fire custom API Token Rotation action for that specific secret type (e.g. rotate AWS access key, regenerate Slack bot token).
Update the secret in the vault.
#Send Direct Message confirming, with the new secret stored in the original vault location.
schedule_action wakes at the expiry date to verify rotation occurred.
On wake, if not rotated:
#Send Direct Message to owner with hard-expiry warning.
#Send Channel Message to
#securityif past expiry by 7 days.For critical secrets past 14 days: custom Revoke Expired Secret to force the issue.
#Custom Vanta Log Secret Rotation for compliance.
Weekly: #Send Channel Message to
#securitywith rotation stats.#Leave Internal Note capturing rotation activity.
Secret & API Key Rotation
Playbooks
/
Secret & API Key Rotation
Secret & API Key Rotation
Created by
Console Team
Published
Security
Slack
1Password
AWS
+2
Trigger
Scheduled — every day at 6:00 AM America/Chicago
Instructions
Pull secrets inventory:
#Custom 1Password List Items with
lastModifiedtimestamps for shared vaults.#Custom GitHub List Repository Secrets for org-level and repo-level secrets.
#Custom Vault List Secrets by mount.
#Custom AWS Secrets Manager List with rotation status.
For each secret, compute age and expiry:
Use
lastRotatedfield if available, elsecreatedAt.Apply policy: 90-day rotation for prod, 180-day for non-prod, 365-day for read-only API keys.
Categorize by urgency:
Expired (past rotation date) → P0.
30 days from rotation → P1, send first reminder.
14 days from rotation → P2, second reminder.
7 days from rotation → P3, final reminder.
For each secret, #custom Get Secret Owner via:
Item tags / metadata.
Vault path → service mapping.
GitHub repo → CODEOWNERS.
For each owner, group their pending rotations.
#Send Direct Message with the list, urgency, and:
For rotatable-by-Console: offer "Rotate now" button via #Trigger Form.
For manual: link to runbook + provider rotation steps.
On "Rotate now":
Fire custom API Token Rotation action for that specific secret type (e.g. rotate AWS access key, regenerate Slack bot token).
Update the secret in the vault.
#Send Direct Message confirming, with the new secret stored in the original vault location.
schedule_action wakes at the expiry date to verify rotation occurred.
On wake, if not rotated:
#Send Direct Message to owner with hard-expiry warning.
#Send Channel Message to
#securityif past expiry by 7 days.For critical secrets past 14 days: custom Revoke Expired Secret to force the issue.
#Custom Vanta Log Secret Rotation for compliance.
Weekly: #Send Channel Message to
#securitywith rotation stats.#Leave Internal Note capturing rotation activity.
Secret & API Key Rotation
Playbooks
/
Secret & API Key Rotation
Secret & API Key Rotation
Created by
Console Team
Published
Security
Slack
1Password
AWS
+2
Trigger
Scheduled — every day at 6:00 AM America/Chicago
Instructions
Pull secrets inventory:
#Custom 1Password List Items with
lastModifiedtimestamps for shared vaults.#Custom GitHub List Repository Secrets for org-level and repo-level secrets.
#Custom Vault List Secrets by mount.
#Custom AWS Secrets Manager List with rotation status.
For each secret, compute age and expiry:
Use
lastRotatedfield if available, elsecreatedAt.Apply policy: 90-day rotation for prod, 180-day for non-prod, 365-day for read-only API keys.
Categorize by urgency:
Expired (past rotation date) → P0.
30 days from rotation → P1, send first reminder.
14 days from rotation → P2, second reminder.
7 days from rotation → P3, final reminder.
For each secret, #custom Get Secret Owner via:
Item tags / metadata.
Vault path → service mapping.
GitHub repo → CODEOWNERS.
For each owner, group their pending rotations.
#Send Direct Message with the list, urgency, and:
For rotatable-by-Console: offer "Rotate now" button via #Trigger Form.
For manual: link to runbook + provider rotation steps.
On "Rotate now":
Fire custom API Token Rotation action for that specific secret type (e.g. rotate AWS access key, regenerate Slack bot token).
Update the secret in the vault.
#Send Direct Message confirming, with the new secret stored in the original vault location.
schedule_action wakes at the expiry date to verify rotation occurred.
On wake, if not rotated:
#Send Direct Message to owner with hard-expiry warning.
#Send Channel Message to
#securityif past expiry by 7 days.For critical secrets past 14 days: custom Revoke Expired Secret to force the issue.
#Custom Vanta Log Secret Rotation for compliance.
Weekly: #Send Channel Message to
#securitywith rotation stats.#Leave Internal Note capturing rotation activity.
Security Alert Triage & Context
Playbooks
/
Security Alert Triage & Context
Security Alert Triage & Context
Created by
Console Team
Published
Security
Okta
Kandji
CrowdStrike
+4
Trigger
Integration Webhook — CrowdStrike alert (also SentinelOne, SIEM if connected) Variables: $alert.id, $alert.severity, $alert.deviceId, $alert.userEmail, $alert.detectionTime, $alert.indicators
Instructions
Filter by severity:
Low → just log to
#soc-low-priorityand exit.Medium / High / Critical → continue enrichment.
Device context:
#CrowdStrike Get Host Details for
$alert.deviceId.#List Devices (Kandji) by serial number to cross-ref MDM enrollment.
#Get Device Details (Kandji) for compliance posture (encryption, OS version, profiles).
User context:
#Lookup Users on
$alert.userEmailwithincludeManager,includeGroups,includeApps.#Search Okta System Log Custom for the last 24h of login events for this user.
#Get User Profile (Okta) for current state.
Activity context:
#Custom Google Workspace Get Recent Activity for the user (last 24h).
#CrowdStrike Query Device Alerts for other recent alerts on the same host.
#CrowdStrike Get Device Login History for the host.
Indicator enrichment:
For each indicator in
$alert.indicators(hash, IP, domain):
Assemble the enriched alert payload:
User: name, title, department, manager, recent logins, recent activity.
Device: hostname, OS, compliance state, owner, other recent alerts.
Indicators: verdicts from threat intel.
Suggested action based on rules (e.g. "User on PIP + suspicious file = high concern").
#Send Channel Message to
#soc-triagewith the enriched alert as a structured message + thread for analyst notes.Severity-based routing:
Critical → custom PagerDuty Page the on-call security engineer.
High → #Send Direct Message to security on-call.
Medium → leave in
#soc-triagefor next-shift triage.
If indicators have high-confidence malicious verdicts → fire Sec-5: Incident Response Orchestration for auto-containment.
#Leave Internal Note in the alert's tracking issue capturing enrichment data.
Security Alert Triage & Context
Playbooks
/
Security Alert Triage & Context
Security Alert Triage & Context
Created by
Console Team
Published
Security
Okta
Kandji
CrowdStrike
+4
Trigger
Integration Webhook — CrowdStrike alert (also SentinelOne, SIEM if connected) Variables: $alert.id, $alert.severity, $alert.deviceId, $alert.userEmail, $alert.detectionTime, $alert.indicators
Instructions
Filter by severity:
Low → just log to
#soc-low-priorityand exit.Medium / High / Critical → continue enrichment.
Device context:
#CrowdStrike Get Host Details for
$alert.deviceId.#List Devices (Kandji) by serial number to cross-ref MDM enrollment.
#Get Device Details (Kandji) for compliance posture (encryption, OS version, profiles).
User context:
#Lookup Users on
$alert.userEmailwithincludeManager,includeGroups,includeApps.#Search Okta System Log Custom for the last 24h of login events for this user.
#Get User Profile (Okta) for current state.
Activity context:
#Custom Google Workspace Get Recent Activity for the user (last 24h).
#CrowdStrike Query Device Alerts for other recent alerts on the same host.
#CrowdStrike Get Device Login History for the host.
Indicator enrichment:
For each indicator in
$alert.indicators(hash, IP, domain):
Assemble the enriched alert payload:
User: name, title, department, manager, recent logins, recent activity.
Device: hostname, OS, compliance state, owner, other recent alerts.
Indicators: verdicts from threat intel.
Suggested action based on rules (e.g. "User on PIP + suspicious file = high concern").
#Send Channel Message to
#soc-triagewith the enriched alert as a structured message + thread for analyst notes.Severity-based routing:
Critical → custom PagerDuty Page the on-call security engineer.
High → #Send Direct Message to security on-call.
Medium → leave in
#soc-triagefor next-shift triage.
If indicators have high-confidence malicious verdicts → fire Sec-5: Incident Response Orchestration for auto-containment.
#Leave Internal Note in the alert's tracking issue capturing enrichment data.
Security Alert Triage & Context
Playbooks
/
Security Alert Triage & Context
Security Alert Triage & Context
Created by
Console Team
Published
Security
Okta
Kandji
CrowdStrike
+4
Trigger
Integration Webhook — CrowdStrike alert (also SentinelOne, SIEM if connected) Variables: $alert.id, $alert.severity, $alert.deviceId, $alert.userEmail, $alert.detectionTime, $alert.indicators
Instructions
Filter by severity:
Low → just log to
#soc-low-priorityand exit.Medium / High / Critical → continue enrichment.
Device context:
#CrowdStrike Get Host Details for
$alert.deviceId.#List Devices (Kandji) by serial number to cross-ref MDM enrollment.
#Get Device Details (Kandji) for compliance posture (encryption, OS version, profiles).
User context:
#Lookup Users on
$alert.userEmailwithincludeManager,includeGroups,includeApps.#Search Okta System Log Custom for the last 24h of login events for this user.
#Get User Profile (Okta) for current state.
Activity context:
#Custom Google Workspace Get Recent Activity for the user (last 24h).
#CrowdStrike Query Device Alerts for other recent alerts on the same host.
#CrowdStrike Get Device Login History for the host.
Indicator enrichment:
For each indicator in
$alert.indicators(hash, IP, domain):
Assemble the enriched alert payload:
User: name, title, department, manager, recent logins, recent activity.
Device: hostname, OS, compliance state, owner, other recent alerts.
Indicators: verdicts from threat intel.
Suggested action based on rules (e.g. "User on PIP + suspicious file = high concern").
#Send Channel Message to
#soc-triagewith the enriched alert as a structured message + thread for analyst notes.Severity-based routing:
Critical → custom PagerDuty Page the on-call security engineer.
High → #Send Direct Message to security on-call.
Medium → leave in
#soc-triagefor next-shift triage.
If indicators have high-confidence malicious verdicts → fire Sec-5: Incident Response Orchestration for auto-containment.
#Leave Internal Note in the alert's tracking issue capturing enrichment data.
Security Exception Handling
Playbooks
/
Security Exception Handling
Security Exception Handling
Created by
Console Team
Published
Security
Vanta
Trigger
Requester asks to bypass a security policy ("I need root SSH on a prod box", "exception to MFA on this kiosk", "allow this admin to keep their password instead of FIDO2").
Instructions
#Trigger Form to collect:
Policy being bypassed (dropdown of named policies)
Justification (free text, min 100 chars)
Duration requested (max 30 days, max 90 days, max 1 year)
Compensating controls being put in place
Risk acknowledgment (checkbox)
Business owner sign-off (email)
#Lookup Users on the requester.
Pull policy context:
#Custom Get Policy Definition for the named policy.
#Search Knowledge Base for the policy doc.
Assess compensating controls:
#Custom Evaluate Compensating Controls against the policy.
If insufficient → #Send Direct Message to requester with what's missing; ask to revise.
Route for approval:
#Request Approval from security lead.
For business-critical policies (MFA, encryption, sensitive-data access): #Request Approval from CISO or delegate.
#Request Approval from the business owner named in the form.
On approval:
#Custom Apply Exception for the specific policy + user + scope (e.g. exclude user from MFA enforcement group, add SSH key to specific host).
#Custom Vanta Log Exception with all metadata.
schedule_action wake at expiry date.
#Send Direct Message to the requester with: exception scope, expiry, compensating controls, what they must NOT do.
#Send Channel Message to
#security-exceptionswith the granted exception.schedule_action wakes at 30/60/90% of duration for reminder:
"Your exception {{name}} expires in {{X}} days. Need to renew or let it expire?"
At expiry:
#Custom Remove Exception to reverse step 6.
#Send Direct Message to requester confirming auto-expire.
#Send Channel Message to
#security-exceptionsconfirming.
If renewal requested before expiry, loop back to step 5 (skip form if same parameters).
#Leave Internal Note capturing exception scope, controls, expiry.
#Resolve Request.
Security Exception Handling
Playbooks
/
Security Exception Handling
Security Exception Handling
Created by
Console Team
Published
Security
Vanta
Trigger
Requester asks to bypass a security policy ("I need root SSH on a prod box", "exception to MFA on this kiosk", "allow this admin to keep their password instead of FIDO2").
Instructions
#Trigger Form to collect:
Policy being bypassed (dropdown of named policies)
Justification (free text, min 100 chars)
Duration requested (max 30 days, max 90 days, max 1 year)
Compensating controls being put in place
Risk acknowledgment (checkbox)
Business owner sign-off (email)
#Lookup Users on the requester.
Pull policy context:
#Custom Get Policy Definition for the named policy.
#Search Knowledge Base for the policy doc.
Assess compensating controls:
#Custom Evaluate Compensating Controls against the policy.
If insufficient → #Send Direct Message to requester with what's missing; ask to revise.
Route for approval:
#Request Approval from security lead.
For business-critical policies (MFA, encryption, sensitive-data access): #Request Approval from CISO or delegate.
#Request Approval from the business owner named in the form.
On approval:
#Custom Apply Exception for the specific policy + user + scope (e.g. exclude user from MFA enforcement group, add SSH key to specific host).
#Custom Vanta Log Exception with all metadata.
schedule_action wake at expiry date.
#Send Direct Message to the requester with: exception scope, expiry, compensating controls, what they must NOT do.
#Send Channel Message to
#security-exceptionswith the granted exception.schedule_action wakes at 30/60/90% of duration for reminder:
"Your exception {{name}} expires in {{X}} days. Need to renew or let it expire?"
At expiry:
#Custom Remove Exception to reverse step 6.
#Send Direct Message to requester confirming auto-expire.
#Send Channel Message to
#security-exceptionsconfirming.
If renewal requested before expiry, loop back to step 5 (skip form if same parameters).
#Leave Internal Note capturing exception scope, controls, expiry.
#Resolve Request.
Security Exception Handling
Playbooks
/
Security Exception Handling
Security Exception Handling
Created by
Console Team
Published
Security
Vanta
Trigger
Requester asks to bypass a security policy ("I need root SSH on a prod box", "exception to MFA on this kiosk", "allow this admin to keep their password instead of FIDO2").
Instructions
#Trigger Form to collect:
Policy being bypassed (dropdown of named policies)
Justification (free text, min 100 chars)
Duration requested (max 30 days, max 90 days, max 1 year)
Compensating controls being put in place
Risk acknowledgment (checkbox)
Business owner sign-off (email)
#Lookup Users on the requester.
Pull policy context:
#Custom Get Policy Definition for the named policy.
#Search Knowledge Base for the policy doc.
Assess compensating controls:
#Custom Evaluate Compensating Controls against the policy.
If insufficient → #Send Direct Message to requester with what's missing; ask to revise.
Route for approval:
#Request Approval from security lead.
For business-critical policies (MFA, encryption, sensitive-data access): #Request Approval from CISO or delegate.
#Request Approval from the business owner named in the form.
On approval:
#Custom Apply Exception for the specific policy + user + scope (e.g. exclude user from MFA enforcement group, add SSH key to specific host).
#Custom Vanta Log Exception with all metadata.
schedule_action wake at expiry date.
#Send Direct Message to the requester with: exception scope, expiry, compensating controls, what they must NOT do.
#Send Channel Message to
#security-exceptionswith the granted exception.schedule_action wakes at 30/60/90% of duration for reminder:
"Your exception {{name}} expires in {{X}} days. Need to renew or let it expire?"
At expiry:
#Custom Remove Exception to reverse step 6.
#Send Direct Message to requester confirming auto-expire.
#Send Channel Message to
#security-exceptionsconfirming.
If renewal requested before expiry, loop back to step 5 (skip form if same parameters).
#Leave Internal Note capturing exception scope, controls, expiry.
#Resolve Request.
Slack Channel & Group Management
Playbooks
/
Slack Channel & Group Management
Slack Channel & Group Management
Created by
Console Team
Published
IT
Okta
Slack
Trigger
Requester asks to create, archive, modify visibility, or manage membership of a Slack channel or usergroup.
Instructions
Pull all data sources in parallel:
#List Devices (Kandji) for enrolled devices.
#Custom Intune List Devices for Windows enrolled devices.
#Custom Jira Assets Query for the asset register.
#Search Graph for the HR roster from the HR ingest.
Build a unified view by serial number and assigned user.
Compute mismatches:
Lost-not-recovered: marked lost in any system but still active elsewhere.
Retired-but-active: marked retired in asset register but checking in to Kandji/Intune.
Employee-without-device: active employee in HR but no device assigned.
Device-without-owner: active device but unassigned or owner is offboarded.
Owner-mismatch: different owner in Kandji vs Jira Assets.
For each mismatch:
Determine the asset owner (IT team member responsible).
#Send Direct Message to the asset owner with the mismatch, proposed fix, and a #Trigger Form to approve / modify / dismiss.
schedule_action wake at 7 days for each mismatch to check resolution.
On wake: if mismatch still exists, #Create Linear Issue for IT to resolve.
After full daily reconciliation:
#Send Channel Message to
#it-asset-opswith totals and trend.
Quarterly run also produces a Linear summary issue with trend data via #Run Query.
Slack Channel & Group Management
Playbooks
/
Slack Channel & Group Management
Slack Channel & Group Management
Created by
Console Team
Published
IT
Okta
Slack
Trigger
Requester asks to create, archive, modify visibility, or manage membership of a Slack channel or usergroup.
Instructions
Pull all data sources in parallel:
#List Devices (Kandji) for enrolled devices.
#Custom Intune List Devices for Windows enrolled devices.
#Custom Jira Assets Query for the asset register.
#Search Graph for the HR roster from the HR ingest.
Build a unified view by serial number and assigned user.
Compute mismatches:
Lost-not-recovered: marked lost in any system but still active elsewhere.
Retired-but-active: marked retired in asset register but checking in to Kandji/Intune.
Employee-without-device: active employee in HR but no device assigned.
Device-without-owner: active device but unassigned or owner is offboarded.
Owner-mismatch: different owner in Kandji vs Jira Assets.
For each mismatch:
Determine the asset owner (IT team member responsible).
#Send Direct Message to the asset owner with the mismatch, proposed fix, and a #Trigger Form to approve / modify / dismiss.
schedule_action wake at 7 days for each mismatch to check resolution.
On wake: if mismatch still exists, #Create Linear Issue for IT to resolve.
After full daily reconciliation:
#Send Channel Message to
#it-asset-opswith totals and trend.
Quarterly run also produces a Linear summary issue with trend data via #Run Query.
Slack Channel & Group Management
Playbooks
/
Slack Channel & Group Management
Slack Channel & Group Management
Created by
Console Team
Published
IT
Okta
Slack
Trigger
Requester asks to create, archive, modify visibility, or manage membership of a Slack channel or usergroup.
Instructions
Pull all data sources in parallel:
#List Devices (Kandji) for enrolled devices.
#Custom Intune List Devices for Windows enrolled devices.
#Custom Jira Assets Query for the asset register.
#Search Graph for the HR roster from the HR ingest.
Build a unified view by serial number and assigned user.
Compute mismatches:
Lost-not-recovered: marked lost in any system but still active elsewhere.
Retired-but-active: marked retired in asset register but checking in to Kandji/Intune.
Employee-without-device: active employee in HR but no device assigned.
Device-without-owner: active device but unassigned or owner is offboarded.
Owner-mismatch: different owner in Kandji vs Jira Assets.
For each mismatch:
Determine the asset owner (IT team member responsible).
#Send Direct Message to the asset owner with the mismatch, proposed fix, and a #Trigger Form to approve / modify / dismiss.
schedule_action wake at 7 days for each mismatch to check resolution.
On wake: if mismatch still exists, #Create Linear Issue for IT to resolve.
After full daily reconciliation:
#Send Channel Message to
#it-asset-opswith totals and trend.
Quarterly run also produces a Linear summary issue with trend data via #Run Query.
SOC2 / Vanta Evidence Collection
Playbooks
/
SOC2 / Vanta Evidence Collection
SOC2 / Vanta Evidence Collection
Created by
Console Team
Published
Security
AWS
GitHub
Vanta
+2
Trigger
Scheduled — every 1st of the month at 7:00 AM America/Chicago
Instructions
Identify required evidence:
#Custom Vanta List Required Evidence for the current audit window.
Categorize: access reviews, training completion, vuln scans, incident logs, change management, vendor reviews, backups.
Pull each evidence category in parallel:
Access reviews → #custom Get UAR Reports from Sec-1 archives.
Training completion → #custom LearnUpon Export Completion for the period.
Vuln scans → #List AWS Inspector Findings, custom Wiz Export Findings.
Incident logs → #custom Get IR Tickets from Linear Security-IR project + custom Vanta Get Incident Log.
Change management → #custom GitHub Get PR Approvals for prod-affecting repos.
Vendor reviews → #custom Vanta Get Vendor Review Log from Sec-18 archives.
Backups → #custom AWS Backup Get Job Status.
For each evidence package:
Validate completeness (e.g. all in-scope users reviewed in UAR, all critical incidents have post-mortems).
Identify gaps.
Upload evidence:
#Custom Vanta Upload Evidence for each artifact with metadata (date range, control, source).
For gaps:
#Custom Get Control Owner for each failing control.
#Send Direct Message to each owner with: gap description, expected evidence, deadline (typically 14 days before audit).
#Create Linear Issue in Security-Audit for each gap.
schedule_action wakes weekly until gaps closed.
Generate compliance health report:
#Custom Generate Compliance Snapshot with: framework, control coverage %, gap count, evidence freshness.
#Send Channel Message to
#complianceand#security-leadswith the snapshot.
Annual audit prep:
60 days before audit: ramp evidence checks to weekly.
30 days before audit: daily; custom Pre-Audit Walkthrough Schedule.
#Leave Internal Note per evidence upload
SOC2 / Vanta Evidence Collection
Playbooks
/
SOC2 / Vanta Evidence Collection
SOC2 / Vanta Evidence Collection
Created by
Console Team
Published
Security
AWS
GitHub
Vanta
+2
Trigger
Scheduled — every 1st of the month at 7:00 AM America/Chicago
Instructions
Identify required evidence:
#Custom Vanta List Required Evidence for the current audit window.
Categorize: access reviews, training completion, vuln scans, incident logs, change management, vendor reviews, backups.
Pull each evidence category in parallel:
Access reviews → #custom Get UAR Reports from Sec-1 archives.
Training completion → #custom LearnUpon Export Completion for the period.
Vuln scans → #List AWS Inspector Findings, custom Wiz Export Findings.
Incident logs → #custom Get IR Tickets from Linear Security-IR project + custom Vanta Get Incident Log.
Change management → #custom GitHub Get PR Approvals for prod-affecting repos.
Vendor reviews → #custom Vanta Get Vendor Review Log from Sec-18 archives.
Backups → #custom AWS Backup Get Job Status.
For each evidence package:
Validate completeness (e.g. all in-scope users reviewed in UAR, all critical incidents have post-mortems).
Identify gaps.
Upload evidence:
#Custom Vanta Upload Evidence for each artifact with metadata (date range, control, source).
For gaps:
#Custom Get Control Owner for each failing control.
#Send Direct Message to each owner with: gap description, expected evidence, deadline (typically 14 days before audit).
#Create Linear Issue in Security-Audit for each gap.
schedule_action wakes weekly until gaps closed.
Generate compliance health report:
#Custom Generate Compliance Snapshot with: framework, control coverage %, gap count, evidence freshness.
#Send Channel Message to
#complianceand#security-leadswith the snapshot.
Annual audit prep:
60 days before audit: ramp evidence checks to weekly.
30 days before audit: daily; custom Pre-Audit Walkthrough Schedule.
#Leave Internal Note per evidence upload
SOC2 / Vanta Evidence Collection
Playbooks
/
SOC2 / Vanta Evidence Collection
SOC2 / Vanta Evidence Collection
Created by
Console Team
Published
Security
AWS
GitHub
Vanta
+2
Trigger
Scheduled — every 1st of the month at 7:00 AM America/Chicago
Instructions
Identify required evidence:
#Custom Vanta List Required Evidence for the current audit window.
Categorize: access reviews, training completion, vuln scans, incident logs, change management, vendor reviews, backups.
Pull each evidence category in parallel:
Access reviews → #custom Get UAR Reports from Sec-1 archives.
Training completion → #custom LearnUpon Export Completion for the period.
Vuln scans → #List AWS Inspector Findings, custom Wiz Export Findings.
Incident logs → #custom Get IR Tickets from Linear Security-IR project + custom Vanta Get Incident Log.
Change management → #custom GitHub Get PR Approvals for prod-affecting repos.
Vendor reviews → #custom Vanta Get Vendor Review Log from Sec-18 archives.
Backups → #custom AWS Backup Get Job Status.
For each evidence package:
Validate completeness (e.g. all in-scope users reviewed in UAR, all critical incidents have post-mortems).
Identify gaps.
Upload evidence:
#Custom Vanta Upload Evidence for each artifact with metadata (date range, control, source).
For gaps:
#Custom Get Control Owner for each failing control.
#Send Direct Message to each owner with: gap description, expected evidence, deadline (typically 14 days before audit).
#Create Linear Issue in Security-Audit for each gap.
schedule_action wakes weekly until gaps closed.
Generate compliance health report:
#Custom Generate Compliance Snapshot with: framework, control coverage %, gap count, evidence freshness.
#Send Channel Message to
#complianceand#security-leadswith the snapshot.
Annual audit prep:
60 days before audit: ramp evidence checks to weekly.
30 days before audit: daily; custom Pre-Audit Walkthrough Schedule.
#Leave Internal Note per evidence upload
Spend Monitoring Detection
Playbooks
/
Spend Monitoring Detection
Spend Monitoring Detection
Created by
Console Team
Published
Finance
Ramp
NetSuite
Trigger
Detection — scheduled scan every day at 6:00 AM America/Chicago
Instructions
Pull spend:
#Custom Ramp List Transactions for last 30 days.
#Custom NetSuite Get Spend by Cost Center.
Compute baselines per employee / cost center / vendor / category.
Detect anomalies:
Spike: today >3x trailing AND >$500.
New vendor: first transaction AND >$10k.
Unusual category: cost center with no history AND >$1k.
Late-night: card swipes midnight-5am local.
High-velocity: >10 transactions on same card in 1h.
Round-number suspicious: round numbers >$5k.
For each flagged transaction:
#Custom Get Transaction Owner (cardholder).
#Lookup Users with
includeManager.
Routing:
High confidence (multiple signals): #Send Channel Message to
#finance-anomaly+ DM to cost-center owner + cardholder + finance lead.Medium: DM cost-center owner with #Trigger Form for clarification.
Low: log for weekly batch.
Potential fraud (late-night + high-velocity + round + new vendor):
#Send Channel Message to
#finance-fraud-log.DM cardholder.
schedule_action wake at 24h for responses.
Weekly summary to
#financewith counts + resolution rate.#Leave Internal Note per anomaly.
Spend Monitoring Detection
Playbooks
/
Spend Monitoring Detection
Spend Monitoring Detection
Created by
Console Team
Published
Finance
Ramp
NetSuite
Trigger
Detection — scheduled scan every day at 6:00 AM America/Chicago
Instructions
Pull spend:
#Custom Ramp List Transactions for last 30 days.
#Custom NetSuite Get Spend by Cost Center.
Compute baselines per employee / cost center / vendor / category.
Detect anomalies:
Spike: today >3x trailing AND >$500.
New vendor: first transaction AND >$10k.
Unusual category: cost center with no history AND >$1k.
Late-night: card swipes midnight-5am local.
High-velocity: >10 transactions on same card in 1h.
Round-number suspicious: round numbers >$5k.
For each flagged transaction:
#Custom Get Transaction Owner (cardholder).
#Lookup Users with
includeManager.
Routing:
High confidence (multiple signals): #Send Channel Message to
#finance-anomaly+ DM to cost-center owner + cardholder + finance lead.Medium: DM cost-center owner with #Trigger Form for clarification.
Low: log for weekly batch.
Potential fraud (late-night + high-velocity + round + new vendor):
#Send Channel Message to
#finance-fraud-log.DM cardholder.
schedule_action wake at 24h for responses.
Weekly summary to
#financewith counts + resolution rate.#Leave Internal Note per anomaly.
Spend Monitoring Detection
Playbooks
/
Spend Monitoring Detection
Spend Monitoring Detection
Created by
Console Team
Published
Finance
Ramp
NetSuite
Trigger
Detection — scheduled scan every day at 6:00 AM America/Chicago
Instructions
Pull spend:
#Custom Ramp List Transactions for last 30 days.
#Custom NetSuite Get Spend by Cost Center.
Compute baselines per employee / cost center / vendor / category.
Detect anomalies:
Spike: today >3x trailing AND >$500.
New vendor: first transaction AND >$10k.
Unusual category: cost center with no history AND >$1k.
Late-night: card swipes midnight-5am local.
High-velocity: >10 transactions on same card in 1h.
Round-number suspicious: round numbers >$5k.
For each flagged transaction:
#Custom Get Transaction Owner (cardholder).
#Lookup Users with
includeManager.
Routing:
High confidence (multiple signals): #Send Channel Message to
#finance-anomaly+ DM to cost-center owner + cardholder + finance lead.Medium: DM cost-center owner with #Trigger Form for clarification.
Low: log for weekly batch.
Potential fraud (late-night + high-velocity + round + new vendor):
#Send Channel Message to
#finance-fraud-log.DM cardholder.
schedule_action wake at 24h for responses.
Weekly summary to
#financewith counts + resolution rate.#Leave Internal Note per anomaly.
Stale Opp Cleanup
Playbooks
/
Stale Opp Cleanup
Stale Opp Cleanup
Created by
Console Team
Published
RevOps
HubSpot
Trigger
Scheduled — every day at 8:00 AM America/Chicago
Instructions
#Search HubSpot Deals by Stage Entry Date for deals untouched 30+ days in active stages (Proposal, Negotiation, Verbal Commit, etc.).
For each stale deal:
#Get HubSpot Deal Details with Activity Timeline to confirm staleness.
#Custom Get Last Activity to find the most recent touchpoint.
#Lookup Users on the deal owner.
Skip exclusions:
Deals on hold with a
holdUntilDatein future.Deals tagged
executive-deal(handled by leadership).Deals with active legal/security review (Rev-9 or Sec-18 in motion).
For each remaining stale deal:
#Send Direct Message to owner: "Deal {{name}} ({{amount}}) hasn't had activity in {{days}} days. What's the status?"
Include a #Trigger Form: "Still active — here's why" / "Moving to closed-lost" / "Push close date to {{date}}" / "Move stage to {{stage}}".
schedule_action wake at 5 days for response.
On response:
Still active → #Create HubSpot Note on Deal with the justification; reset stale-clock.
Closed-lost → #Update HubSpot Deal Properties with
dealstage = closed-lost, triggering Rev-14.Push date / move stage → apply the update via #Update HubSpot Deal Properties.
On no response within 5 days:
#Send Direct Message to owner + manager with escalation.
schedule_action wake at 5 more days.
On second wake: custom HubSpot Update Stage to "Stale - Needs Review" (a special stage); #Send Channel Message to
#revops-cleanup.
Weekly summary:
#Send Channel Message to
#revopswith: total flagged, resolved, escalated, moved to closed-lost.
#Leave Internal Note per deal action.
Stale Opp Cleanup
Playbooks
/
Stale Opp Cleanup
Stale Opp Cleanup
Created by
Console Team
Published
RevOps
HubSpot
Trigger
Scheduled — every day at 8:00 AM America/Chicago
Instructions
#Search HubSpot Deals by Stage Entry Date for deals untouched 30+ days in active stages (Proposal, Negotiation, Verbal Commit, etc.).
For each stale deal:
#Get HubSpot Deal Details with Activity Timeline to confirm staleness.
#Custom Get Last Activity to find the most recent touchpoint.
#Lookup Users on the deal owner.
Skip exclusions:
Deals on hold with a
holdUntilDatein future.Deals tagged
executive-deal(handled by leadership).Deals with active legal/security review (Rev-9 or Sec-18 in motion).
For each remaining stale deal:
#Send Direct Message to owner: "Deal {{name}} ({{amount}}) hasn't had activity in {{days}} days. What's the status?"
Include a #Trigger Form: "Still active — here's why" / "Moving to closed-lost" / "Push close date to {{date}}" / "Move stage to {{stage}}".
schedule_action wake at 5 days for response.
On response:
Still active → #Create HubSpot Note on Deal with the justification; reset stale-clock.
Closed-lost → #Update HubSpot Deal Properties with
dealstage = closed-lost, triggering Rev-14.Push date / move stage → apply the update via #Update HubSpot Deal Properties.
On no response within 5 days:
#Send Direct Message to owner + manager with escalation.
schedule_action wake at 5 more days.
On second wake: custom HubSpot Update Stage to "Stale - Needs Review" (a special stage); #Send Channel Message to
#revops-cleanup.
Weekly summary:
#Send Channel Message to
#revopswith: total flagged, resolved, escalated, moved to closed-lost.
#Leave Internal Note per deal action.
Stale Opp Cleanup
Playbooks
/
Stale Opp Cleanup
Stale Opp Cleanup
Created by
Console Team
Published
RevOps
HubSpot
Trigger
Scheduled — every day at 8:00 AM America/Chicago
Instructions
#Search HubSpot Deals by Stage Entry Date for deals untouched 30+ days in active stages (Proposal, Negotiation, Verbal Commit, etc.).
For each stale deal:
#Get HubSpot Deal Details with Activity Timeline to confirm staleness.
#Custom Get Last Activity to find the most recent touchpoint.
#Lookup Users on the deal owner.
Skip exclusions:
Deals on hold with a
holdUntilDatein future.Deals tagged
executive-deal(handled by leadership).Deals with active legal/security review (Rev-9 or Sec-18 in motion).
For each remaining stale deal:
#Send Direct Message to owner: "Deal {{name}} ({{amount}}) hasn't had activity in {{days}} days. What's the status?"
Include a #Trigger Form: "Still active — here's why" / "Moving to closed-lost" / "Push close date to {{date}}" / "Move stage to {{stage}}".
schedule_action wake at 5 days for response.
On response:
Still active → #Create HubSpot Note on Deal with the justification; reset stale-clock.
Closed-lost → #Update HubSpot Deal Properties with
dealstage = closed-lost, triggering Rev-14.Push date / move stage → apply the update via #Update HubSpot Deal Properties.
On no response within 5 days:
#Send Direct Message to owner + manager with escalation.
schedule_action wake at 5 more days.
On second wake: custom HubSpot Update Stage to "Stale - Needs Review" (a special stage); #Send Channel Message to
#revops-cleanup.
Weekly summary:
#Send Channel Message to
#revopswith: total flagged, resolved, escalated, moved to closed-lost.
#Leave Internal Note per deal action.
Subpoena Response
Playbooks
/
Subpoena Response
Subpoena Response
Created by
Console Team
Published
Legal
Vanta
DocuSign
Ironclad
Trigger
Requester reports a received subpoena.
Instructions
#Trigger Form to collect:
Subpoena document upload.
Issuing authority.
Subject (whose data).
Scope (records requested / date range).
Deadline.
Recipient.
#Lookup Users on requester.
Immediate escalation:
#Send Channel Message to
#legal-critical.#Send Direct Message to general counsel + outside counsel.
Intake checklist:
#Custom Run Subpoena Intake Checklist:
Valid jurisdiction?
Service of process correct?
Scope reasonable?
User notification permitted (no gag order)?
Deadline reasonable / extension needed?
Route to outside counsel:
#Custom Engage Outside Counsel (chains to Legal-21 if new firm).
#Request Approval from GC for response strategy.
If complying or partially complying:
Trigger Legal-11 for in-scope data.
#Send Channel Message to
#security-legal-coordination.
User notification (if permitted):
#Custom Notify Subject of Subpoena within required timeframes.
Track deadline:
schedule_action wakes at 14 / 7 / 3 / 1 days.
Reminder DMs each wake.
Response delivery:
Post-response:
#Send Channel Message to
#legal-matterswith closure.
Subpoena Response
Playbooks
/
Subpoena Response
Subpoena Response
Created by
Console Team
Published
Legal
Vanta
DocuSign
Ironclad
Trigger
Requester reports a received subpoena.
Instructions
#Trigger Form to collect:
Subpoena document upload.
Issuing authority.
Subject (whose data).
Scope (records requested / date range).
Deadline.
Recipient.
#Lookup Users on requester.
Immediate escalation:
#Send Channel Message to
#legal-critical.#Send Direct Message to general counsel + outside counsel.
Intake checklist:
#Custom Run Subpoena Intake Checklist:
Valid jurisdiction?
Service of process correct?
Scope reasonable?
User notification permitted (no gag order)?
Deadline reasonable / extension needed?
Route to outside counsel:
#Custom Engage Outside Counsel (chains to Legal-21 if new firm).
#Request Approval from GC for response strategy.
If complying or partially complying:
Trigger Legal-11 for in-scope data.
#Send Channel Message to
#security-legal-coordination.
User notification (if permitted):
#Custom Notify Subject of Subpoena within required timeframes.
Track deadline:
schedule_action wakes at 14 / 7 / 3 / 1 days.
Reminder DMs each wake.
Response delivery:
Post-response:
#Send Channel Message to
#legal-matterswith closure.
Subpoena Response
Playbooks
/
Subpoena Response
Subpoena Response
Created by
Console Team
Published
Legal
Vanta
DocuSign
Ironclad
Trigger
Requester reports a received subpoena.
Instructions
#Trigger Form to collect:
Subpoena document upload.
Issuing authority.
Subject (whose data).
Scope (records requested / date range).
Deadline.
Recipient.
#Lookup Users on requester.
Immediate escalation:
#Send Channel Message to
#legal-critical.#Send Direct Message to general counsel + outside counsel.
Intake checklist:
#Custom Run Subpoena Intake Checklist:
Valid jurisdiction?
Service of process correct?
Scope reasonable?
User notification permitted (no gag order)?
Deadline reasonable / extension needed?
Route to outside counsel:
#Custom Engage Outside Counsel (chains to Legal-21 if new firm).
#Request Approval from GC for response strategy.
If complying or partially complying:
Trigger Legal-11 for in-scope data.
#Send Channel Message to
#security-legal-coordination.
User notification (if permitted):
#Custom Notify Subject of Subpoena within required timeframes.
Track deadline:
schedule_action wakes at 14 / 7 / 3 / 1 days.
Reminder DMs each wake.
Response delivery:
Post-response:
#Send Channel Message to
#legal-matterswith closure.
Subprocessor List Management
Playbooks
/
Subprocessor List Management
Subprocessor List Management
Created by
Console Team
Published
Legal
Vanta
Notion
Trigger
Detection — webhook from Sec-18 (vendor approved for PII) OR Legal-8 (DPA executed)
Instructions
Determine action: Add / Remove / Modify.
For ADD:
Pull vendor details: name, services, location, data categories.
Notice timing: #custom Get Customer DPA Notice Periods (typically 30 days).
schedule_action wake at notice-period start to notify customers.
For REMOVE:
#Custom Notion Update Subprocessor List to mark removed.
Customer notification: typically immediate or with brief notice.
Customer notification:
For each: #custom Send Subprocessor Notification Email with vendor, services, effective date, opt-out rights.
schedule_action wake at notice period end to check opt-outs.
Opt-outs → #Send Channel Message to
#cs-escalationfor AE/CSM engagement.
Compliance:
#Send Direct Message to privacy counsel and DPO.
#Send Channel Message to
#legal-privacyand#privacy-ops.
Subprocessor List Management
Playbooks
/
Subprocessor List Management
Subprocessor List Management
Created by
Console Team
Published
Legal
Vanta
Notion
Trigger
Detection — webhook from Sec-18 (vendor approved for PII) OR Legal-8 (DPA executed)
Instructions
Determine action: Add / Remove / Modify.
For ADD:
Pull vendor details: name, services, location, data categories.
Notice timing: #custom Get Customer DPA Notice Periods (typically 30 days).
schedule_action wake at notice-period start to notify customers.
For REMOVE:
#Custom Notion Update Subprocessor List to mark removed.
Customer notification: typically immediate or with brief notice.
Customer notification:
For each: #custom Send Subprocessor Notification Email with vendor, services, effective date, opt-out rights.
schedule_action wake at notice period end to check opt-outs.
Opt-outs → #Send Channel Message to
#cs-escalationfor AE/CSM engagement.
Compliance:
#Send Direct Message to privacy counsel and DPO.
#Send Channel Message to
#legal-privacyand#privacy-ops.
Subprocessor List Management
Playbooks
/
Subprocessor List Management
Subprocessor List Management
Created by
Console Team
Published
Legal
Vanta
Notion
Trigger
Detection — webhook from Sec-18 (vendor approved for PII) OR Legal-8 (DPA executed)
Instructions
Determine action: Add / Remove / Modify.
For ADD:
Pull vendor details: name, services, location, data categories.
Notice timing: #custom Get Customer DPA Notice Periods (typically 30 days).
schedule_action wake at notice-period start to notify customers.
For REMOVE:
#Custom Notion Update Subprocessor List to mark removed.
Customer notification: typically immediate or with brief notice.
Customer notification:
For each: #custom Send Subprocessor Notification Email with vendor, services, effective date, opt-out rights.
schedule_action wake at notice period end to check opt-outs.
Opt-outs → #Send Channel Message to
#cs-escalationfor AE/CSM engagement.
Compliance:
#Send Direct Message to privacy counsel and DPO.
#Send Channel Message to
#legal-privacyand#privacy-ops.
T&E Policy Q&A
Playbooks
/
T&E Policy Q&A
T&E Policy Q&A
Created by
Console Team
Published
Finance
Trigger
Requester asks a T&E policy question.
Instructions
#Lookup Users with
locationanddepartment.#Search Knowledge Base for T&E policy.
Apply requester context: per diem by city/country, department limits, tenure-based allowances.
#Expand Knowledge Base Article on top hit.
Compose answer: direct answer + quoted clause + source link + "borderline — want pre-approval?" offer.
#Send Direct Message with answer.
Offer follow-up: pre-approval → fire Fin-15 or custom pre-approval; submit expense → fire Fin-2.
No policy match → #Prompt for Handoff to finance.
T&E Policy Q&A
Playbooks
/
T&E Policy Q&A
T&E Policy Q&A
Created by
Console Team
Published
Finance
Trigger
Requester asks a T&E policy question.
Instructions
#Lookup Users with
locationanddepartment.#Search Knowledge Base for T&E policy.
Apply requester context: per diem by city/country, department limits, tenure-based allowances.
#Expand Knowledge Base Article on top hit.
Compose answer: direct answer + quoted clause + source link + "borderline — want pre-approval?" offer.
#Send Direct Message with answer.
Offer follow-up: pre-approval → fire Fin-15 or custom pre-approval; submit expense → fire Fin-2.
No policy match → #Prompt for Handoff to finance.
T&E Policy Q&A
Playbooks
/
T&E Policy Q&A
T&E Policy Q&A
Created by
Console Team
Published
Finance
Trigger
Requester asks a T&E policy question.
Instructions
#Lookup Users with
locationanddepartment.#Search Knowledge Base for T&E policy.
Apply requester context: per diem by city/country, department limits, tenure-based allowances.
#Expand Knowledge Base Article on top hit.
Compose answer: direct answer + quoted clause + source link + "borderline — want pre-approval?" offer.
#Send Direct Message with answer.
Offer follow-up: pre-approval → fire Fin-15 or custom pre-approval; submit expense → fire Fin-2.
No policy match → #Prompt for Handoff to finance.
Territory & Account Reassignment
Playbooks
/
Territory & Account Reassignment
Territory & Account Reassignment
Created by
Console Team
Published
RevOps
HubSpot
Salesforce
Outreach
+1
Trigger
Rep departure, quarterly realignment, or single-account reassignment.
Instructions
#Trigger Form to collect:
Scope (single account / bulk transfer / rep departure / quarterly realignment).
Source rep (or list).
Target rep (or assignment rules).
Accounts to transfer (specific list / filter / all from source).
Effective date.
Reason.
#Lookup Users on requester, source rep, target rep.
Build the transfer list:
For "all from source": #Search HubSpot Deals by Owner + #Search HubSpot Companies by Property Filter with
owner = sourceRep.For filter: apply the filter against deals/accounts.
For specific list: parse the list.
Validate the transfer:
For each account/deal: confirm target rep is eligible (right territory, capacity).
#Custom Check Rep Capacity to ensure target isn't overloaded.
For active opps in late stages (negotiation, contracts): require additional approval.
Approval routing:
Single account → manager approval.
Bulk (>10 accounts) → manager + RevOps lead.
Rep departure / quarterly realignment → VP of Sales.
#Request Approval chained per scope.
On approval:
For each account/deal:
#Custom HubSpot Update Owner (or Salesforce equivalent) with the new owner.
#Create HubSpot Note on Deal/Company capturing the reassignment, old owner, new owner, date, reason.
#Custom Update Sales Engagement Tools (Outreach/Salesloft) to transfer prospecting sequences.
Notify affected parties:
#Send Direct Message to source rep with: list transferred, customer-facing handoff messaging.
#Send Direct Message to target rep with: list received, customer context per account, top priorities.
For each customer/contact with an active deal in late stages: optionally draft a customer-facing handoff email via custom Generate Handoff Email for AE to send.
#Send Channel Message to
#revops-changeswith the realignment summary.Audit logging:
#Custom RevOps Audit Log Write with full before/after state.
#Leave Internal Note capturing the full transfer.
Territory & Account Reassignment
Playbooks
/
Territory & Account Reassignment
Territory & Account Reassignment
Created by
Console Team
Published
RevOps
HubSpot
Salesforce
Outreach
+1
Trigger
Rep departure, quarterly realignment, or single-account reassignment.
Instructions
#Trigger Form to collect:
Scope (single account / bulk transfer / rep departure / quarterly realignment).
Source rep (or list).
Target rep (or assignment rules).
Accounts to transfer (specific list / filter / all from source).
Effective date.
Reason.
#Lookup Users on requester, source rep, target rep.
Build the transfer list:
For "all from source": #Search HubSpot Deals by Owner + #Search HubSpot Companies by Property Filter with
owner = sourceRep.For filter: apply the filter against deals/accounts.
For specific list: parse the list.
Validate the transfer:
For each account/deal: confirm target rep is eligible (right territory, capacity).
#Custom Check Rep Capacity to ensure target isn't overloaded.
For active opps in late stages (negotiation, contracts): require additional approval.
Approval routing:
Single account → manager approval.
Bulk (>10 accounts) → manager + RevOps lead.
Rep departure / quarterly realignment → VP of Sales.
#Request Approval chained per scope.
On approval:
For each account/deal:
#Custom HubSpot Update Owner (or Salesforce equivalent) with the new owner.
#Create HubSpot Note on Deal/Company capturing the reassignment, old owner, new owner, date, reason.
#Custom Update Sales Engagement Tools (Outreach/Salesloft) to transfer prospecting sequences.
Notify affected parties:
#Send Direct Message to source rep with: list transferred, customer-facing handoff messaging.
#Send Direct Message to target rep with: list received, customer context per account, top priorities.
For each customer/contact with an active deal in late stages: optionally draft a customer-facing handoff email via custom Generate Handoff Email for AE to send.
#Send Channel Message to
#revops-changeswith the realignment summary.Audit logging:
#Custom RevOps Audit Log Write with full before/after state.
#Leave Internal Note capturing the full transfer.
Territory & Account Reassignment
Playbooks
/
Territory & Account Reassignment
Territory & Account Reassignment
Created by
Console Team
Published
RevOps
HubSpot
Salesforce
Outreach
+1
Trigger
Rep departure, quarterly realignment, or single-account reassignment.
Instructions
#Trigger Form to collect:
Scope (single account / bulk transfer / rep departure / quarterly realignment).
Source rep (or list).
Target rep (or assignment rules).
Accounts to transfer (specific list / filter / all from source).
Effective date.
Reason.
#Lookup Users on requester, source rep, target rep.
Build the transfer list:
For "all from source": #Search HubSpot Deals by Owner + #Search HubSpot Companies by Property Filter with
owner = sourceRep.For filter: apply the filter against deals/accounts.
For specific list: parse the list.
Validate the transfer:
For each account/deal: confirm target rep is eligible (right territory, capacity).
#Custom Check Rep Capacity to ensure target isn't overloaded.
For active opps in late stages (negotiation, contracts): require additional approval.
Approval routing:
Single account → manager approval.
Bulk (>10 accounts) → manager + RevOps lead.
Rep departure / quarterly realignment → VP of Sales.
#Request Approval chained per scope.
On approval:
For each account/deal:
#Custom HubSpot Update Owner (or Salesforce equivalent) with the new owner.
#Create HubSpot Note on Deal/Company capturing the reassignment, old owner, new owner, date, reason.
#Custom Update Sales Engagement Tools (Outreach/Salesloft) to transfer prospecting sequences.
Notify affected parties:
#Send Direct Message to source rep with: list transferred, customer-facing handoff messaging.
#Send Direct Message to target rep with: list received, customer context per account, top priorities.
For each customer/contact with an active deal in late stages: optionally draft a customer-facing handoff email via custom Generate Handoff Email for AE to send.
#Send Channel Message to
#revops-changeswith the realignment summary.Audit logging:
#Custom RevOps Audit Log Write with full before/after state.
#Leave Internal Note capturing the full transfer.
Time Off & Leave Requests
Playbooks
/
Time Off & Leave Requests
Time Off & Leave Requests
Created by
Console Team
Published
HR
Google Calendar
Slack
Workday
+2
Trigger
Requester asks for PTO, sick day, bereavement, jury duty, or other leave.
Instructions
Parse start date, end date, leave type (PTO / sick / bereavement / jury / personal), and reason if provided.
#Lookup Users on the requester with
includeManager.#Custom Workday Get PTO Balance (or HiBob/UKG equivalent) for the requester, broken down by leave bucket.
Validate the request:
Sufficient balance for PTO? If not, #Send Direct Message with the shortfall and ask to adjust dates or take unpaid.
Within blackout dates (#custom Workday Check Blackout Dates action)? If yes, surface the conflict and ask the user to choose a new date.
Overlap with team's max-out-at-once threshold? #Custom Workday Get Team PTO Calendar action. If exceeded, flag for manager.
Branch on leave type:
PTO / personal → #Request Approval from manager.
Sick (≤3 days) → auto-approve, no approval needed.
Sick (>3 days) → auto-approve but custom Workday Trigger STD Eligibility Check.
Bereavement → auto-approve up to policy limit (e.g. 5 days); over that, manager approval.
Jury duty → auto-approve with proof-of-summons upload via #Trigger Form.
On approval:
#Custom Workday Submit Time Off with the dates and type.
#Custom Google Calendar Block Time on the requester's calendar with the leave label.
#Custom Slack Set Status to "On PTO" for the leave window.
#Out Of Office to set an auto-reply for the leave window (offer to compose; user can edit).
#Send Direct Message to the requester confirming with dates, remaining balance, and out-of-office status.
#Send Direct Message to the manager confirming the approved leave so they can plan coverage.
If leave is >5 consecutive days, schedule_action wake 2 days before the user returns to send a "welcome back" prep with their unread Slack threads and the team's status updates.
#Leave Internal Note capturing dates, type, approval path, balance impact.
Time Off & Leave Requests
Playbooks
/
Time Off & Leave Requests
Time Off & Leave Requests
Created by
Console Team
Published
HR
Google Calendar
Slack
Workday
+2
Trigger
Requester asks for PTO, sick day, bereavement, jury duty, or other leave.
Instructions
Parse start date, end date, leave type (PTO / sick / bereavement / jury / personal), and reason if provided.
#Lookup Users on the requester with
includeManager.#Custom Workday Get PTO Balance (or HiBob/UKG equivalent) for the requester, broken down by leave bucket.
Validate the request:
Sufficient balance for PTO? If not, #Send Direct Message with the shortfall and ask to adjust dates or take unpaid.
Within blackout dates (#custom Workday Check Blackout Dates action)? If yes, surface the conflict and ask the user to choose a new date.
Overlap with team's max-out-at-once threshold? #Custom Workday Get Team PTO Calendar action. If exceeded, flag for manager.
Branch on leave type:
PTO / personal → #Request Approval from manager.
Sick (≤3 days) → auto-approve, no approval needed.
Sick (>3 days) → auto-approve but custom Workday Trigger STD Eligibility Check.
Bereavement → auto-approve up to policy limit (e.g. 5 days); over that, manager approval.
Jury duty → auto-approve with proof-of-summons upload via #Trigger Form.
On approval:
#Custom Workday Submit Time Off with the dates and type.
#Custom Google Calendar Block Time on the requester's calendar with the leave label.
#Custom Slack Set Status to "On PTO" for the leave window.
#Out Of Office to set an auto-reply for the leave window (offer to compose; user can edit).
#Send Direct Message to the requester confirming with dates, remaining balance, and out-of-office status.
#Send Direct Message to the manager confirming the approved leave so they can plan coverage.
If leave is >5 consecutive days, schedule_action wake 2 days before the user returns to send a "welcome back" prep with their unread Slack threads and the team's status updates.
#Leave Internal Note capturing dates, type, approval path, balance impact.
Time Off & Leave Requests
Playbooks
/
Time Off & Leave Requests
Time Off & Leave Requests
Created by
Console Team
Published
HR
Google Calendar
Slack
Workday
+2
Trigger
Requester asks for PTO, sick day, bereavement, jury duty, or other leave.
Instructions
Parse start date, end date, leave type (PTO / sick / bereavement / jury / personal), and reason if provided.
#Lookup Users on the requester with
includeManager.#Custom Workday Get PTO Balance (or HiBob/UKG equivalent) for the requester, broken down by leave bucket.
Validate the request:
Sufficient balance for PTO? If not, #Send Direct Message with the shortfall and ask to adjust dates or take unpaid.
Within blackout dates (#custom Workday Check Blackout Dates action)? If yes, surface the conflict and ask the user to choose a new date.
Overlap with team's max-out-at-once threshold? #Custom Workday Get Team PTO Calendar action. If exceeded, flag for manager.
Branch on leave type:
PTO / personal → #Request Approval from manager.
Sick (≤3 days) → auto-approve, no approval needed.
Sick (>3 days) → auto-approve but custom Workday Trigger STD Eligibility Check.
Bereavement → auto-approve up to policy limit (e.g. 5 days); over that, manager approval.
Jury duty → auto-approve with proof-of-summons upload via #Trigger Form.
On approval:
#Custom Workday Submit Time Off with the dates and type.
#Custom Google Calendar Block Time on the requester's calendar with the leave label.
#Custom Slack Set Status to "On PTO" for the leave window.
#Out Of Office to set an auto-reply for the leave window (offer to compose; user can edit).
#Send Direct Message to the requester confirming with dates, remaining balance, and out-of-office status.
#Send Direct Message to the manager confirming the approved leave so they can plan coverage.
If leave is >5 consecutive days, schedule_action wake 2 days before the user returns to send a "welcome back" prep with their unread Slack threads and the team's status updates.
#Leave Internal Note capturing dates, type, approval path, balance impact.
Tool Migration & Secure Deployment
Playbooks
/
Tool Migration & Secure Deployment
Tool Migration & Secure Deployment
Created by
Console Team
Published
Security
Kandji
Ramp
Vanta
+1
Trigger
Admin/security engineer kicks off a security tooling migration or rollout (IdP migration, EDR deployment, MFA enforcement, etc.).
Instructions
#Trigger Form to collect:
Migration / rollout name
Source tool (if migration)
Target tool / config
Cohort definition (canary 10 users / 10% / department / all)
Rollback threshold (error rate %, complaint count)
Success criteria (metric thresholds)
Timeline (canary duration, ramp schedule)
Pre-deployment posture check:
#Custom Run Pre-Deployment Check that:
Confirms target tool is configured.
Confirms rollback procedure is documented.
Confirms monitoring is in place.
Confirms support team is briefed.
If any check fails → #Send Direct Message to admin with failures; do not proceed.
Stage 1: Canary cohort:
#Custom Resolve Cohort Members for the canary definition.
For each user: custom Apply Migration (e.g. add to new IdP, install EDR via Kandji, enforce MFA).
#Send Direct Message to each canary user with: what changed, what to expect, how to report issues.
schedule_action wake at 24h for canary monitoring:
#Custom Get Migration Metrics for error rate, user complaints, support ticket volume.
#Search Requests for tickets mentioning the rollout in the last 24h.
Decision gate after canary:
If error rate < threshold AND complaints < threshold → proceed to stage 2.
Else → #Send Direct Message to admin with metrics; pause for review.
Stage 2: Ramp to next cohort (e.g. 25% → 50% → 100%):
For each ramp stage, repeat steps 3-5.
schedule_action wakes per stage duration (typically 3-7 days).
Continuous monitoring during ramp:
#Send Channel Message to
#migration-{{name}}daily status updates.Track key metrics via #Run Query custom dashboards.
Rollback trigger (automatic):
If at any wake, error rate exceeds rollback threshold → fire custom Rollback Migration for all enrolled users.
#Send Channel Message to
#security-criticalwith rollback initiated.#Send Direct Message to admin with metrics and rollback confirmation.
Completion:
When 100% cohort reached + 7 days stable:
#Send Channel Message to
#securitywith the success report.#Custom Vanta Log Tool Deployment for compliance.
#Create Linear Issue in Security-Projects for the post-migration retro.
#Leave Internal Note capturing cohort progression, metrics, decisions.
Tool Migration & Secure Deployment
Playbooks
/
Tool Migration & Secure Deployment
Tool Migration & Secure Deployment
Created by
Console Team
Published
Security
Kandji
Ramp
Vanta
+1
Trigger
Admin/security engineer kicks off a security tooling migration or rollout (IdP migration, EDR deployment, MFA enforcement, etc.).
Instructions
#Trigger Form to collect:
Migration / rollout name
Source tool (if migration)
Target tool / config
Cohort definition (canary 10 users / 10% / department / all)
Rollback threshold (error rate %, complaint count)
Success criteria (metric thresholds)
Timeline (canary duration, ramp schedule)
Pre-deployment posture check:
#Custom Run Pre-Deployment Check that:
Confirms target tool is configured.
Confirms rollback procedure is documented.
Confirms monitoring is in place.
Confirms support team is briefed.
If any check fails → #Send Direct Message to admin with failures; do not proceed.
Stage 1: Canary cohort:
#Custom Resolve Cohort Members for the canary definition.
For each user: custom Apply Migration (e.g. add to new IdP, install EDR via Kandji, enforce MFA).
#Send Direct Message to each canary user with: what changed, what to expect, how to report issues.
schedule_action wake at 24h for canary monitoring:
#Custom Get Migration Metrics for error rate, user complaints, support ticket volume.
#Search Requests for tickets mentioning the rollout in the last 24h.
Decision gate after canary:
If error rate < threshold AND complaints < threshold → proceed to stage 2.
Else → #Send Direct Message to admin with metrics; pause for review.
Stage 2: Ramp to next cohort (e.g. 25% → 50% → 100%):
For each ramp stage, repeat steps 3-5.
schedule_action wakes per stage duration (typically 3-7 days).
Continuous monitoring during ramp:
#Send Channel Message to
#migration-{{name}}daily status updates.Track key metrics via #Run Query custom dashboards.
Rollback trigger (automatic):
If at any wake, error rate exceeds rollback threshold → fire custom Rollback Migration for all enrolled users.
#Send Channel Message to
#security-criticalwith rollback initiated.#Send Direct Message to admin with metrics and rollback confirmation.
Completion:
When 100% cohort reached + 7 days stable:
#Send Channel Message to
#securitywith the success report.#Custom Vanta Log Tool Deployment for compliance.
#Create Linear Issue in Security-Projects for the post-migration retro.
#Leave Internal Note capturing cohort progression, metrics, decisions.
Tool Migration & Secure Deployment
Playbooks
/
Tool Migration & Secure Deployment
Tool Migration & Secure Deployment
Created by
Console Team
Published
Security
Kandji
Ramp
Vanta
+1
Trigger
Admin/security engineer kicks off a security tooling migration or rollout (IdP migration, EDR deployment, MFA enforcement, etc.).
Instructions
#Trigger Form to collect:
Migration / rollout name
Source tool (if migration)
Target tool / config
Cohort definition (canary 10 users / 10% / department / all)
Rollback threshold (error rate %, complaint count)
Success criteria (metric thresholds)
Timeline (canary duration, ramp schedule)
Pre-deployment posture check:
#Custom Run Pre-Deployment Check that:
Confirms target tool is configured.
Confirms rollback procedure is documented.
Confirms monitoring is in place.
Confirms support team is briefed.
If any check fails → #Send Direct Message to admin with failures; do not proceed.
Stage 1: Canary cohort:
#Custom Resolve Cohort Members for the canary definition.
For each user: custom Apply Migration (e.g. add to new IdP, install EDR via Kandji, enforce MFA).
#Send Direct Message to each canary user with: what changed, what to expect, how to report issues.
schedule_action wake at 24h for canary monitoring:
#Custom Get Migration Metrics for error rate, user complaints, support ticket volume.
#Search Requests for tickets mentioning the rollout in the last 24h.
Decision gate after canary:
If error rate < threshold AND complaints < threshold → proceed to stage 2.
Else → #Send Direct Message to admin with metrics; pause for review.
Stage 2: Ramp to next cohort (e.g. 25% → 50% → 100%):
For each ramp stage, repeat steps 3-5.
schedule_action wakes per stage duration (typically 3-7 days).
Continuous monitoring during ramp:
#Send Channel Message to
#migration-{{name}}daily status updates.Track key metrics via #Run Query custom dashboards.
Rollback trigger (automatic):
If at any wake, error rate exceeds rollback threshold → fire custom Rollback Migration for all enrolled users.
#Send Channel Message to
#security-criticalwith rollback initiated.#Send Direct Message to admin with metrics and rollback confirmation.
Completion:
When 100% cohort reached + 7 days stable:
#Send Channel Message to
#securitywith the success report.#Custom Vanta Log Tool Deployment for compliance.
#Create Linear Issue in Security-Projects for the post-migration retro.
#Leave Internal Note capturing cohort progression, metrics, decisions.
User Access Reviews (UAR)
Playbooks
/
User Access Reviews (UAR)
User Access Reviews (UAR)
Created by
Console Team
Published
Security
Okta
Vanta
Linear
Trigger
Scheduled — quarterly on the 1st of Jan/Apr/Jul/Oct at 6:00 AM America/Chicago
Instructions
Determine the scope:
#Custom Vanta Get In-Scope Apps for SOX, SOC2, ISO 27001 controls.
#Custom Get Critical App List for any internal-classified critical apps not in Vanta.
For each in-scope app:
#Lookup Apps to resolve the app catalog entry.
#Lookup Groups filtered to that app to find all entitlement groups.
For each entitlement group: #Get Group Members to enumerate users.
Build the review matrix:
Group users by their direct manager.
For each manager, compile their team's access across all in-scope apps.
For each app, identify the app owner via custom Get App Owner.
Send manager attestations:
For each manager, #Lookup Users with
includeSlackId.#Send Direct Message with a summary: "You have {{N}} reports with access to {{M}} in-scope apps. Please review and attest by {{deadline}}."
Include a #Trigger Form per report with rows for each app/entitlement: "Keep / Modify / Revoke".
Send app-owner attestations:
For each app owner, #Send Direct Message with the full list of users on their app.
Include a #Trigger Form to attest the user set is correct.
schedule_action wakes at 7, 10, 13 days for non-completers:
On each wake, #custom Get UAR Completion Status to identify outstanding reviewers.
#Send Direct Message reminders with escalating urgency.
Day 14: #Send Channel Message to the reviewer's skip-level manager.
At deadline + 1 day, execute revocations:
For each "Revoke" response: #Remove from Group (Okta) or call the app-specific revoke action.
For each unattested user (no response): #Send Direct Message to user warning of impending revocation; revoke at deadline + 7 days if still unattested.
#Custom Vanta Upload Evidence with the full attestation log, decisions, and revocation timestamps.
#Send Channel Message to
#securitywith cycle summary: review rate, revoke count, app coverage.#Create Linear Issue in the Security-Audit project for the cycle's evidence package.
#Leave Internal Note capturing cycle dates and stats.
User Access Reviews (UAR)
Playbooks
/
User Access Reviews (UAR)
User Access Reviews (UAR)
Created by
Console Team
Published
Security
Okta
Vanta
Linear
Trigger
Scheduled — quarterly on the 1st of Jan/Apr/Jul/Oct at 6:00 AM America/Chicago
Instructions
Determine the scope:
#Custom Vanta Get In-Scope Apps for SOX, SOC2, ISO 27001 controls.
#Custom Get Critical App List for any internal-classified critical apps not in Vanta.
For each in-scope app:
#Lookup Apps to resolve the app catalog entry.
#Lookup Groups filtered to that app to find all entitlement groups.
For each entitlement group: #Get Group Members to enumerate users.
Build the review matrix:
Group users by their direct manager.
For each manager, compile their team's access across all in-scope apps.
For each app, identify the app owner via custom Get App Owner.
Send manager attestations:
For each manager, #Lookup Users with
includeSlackId.#Send Direct Message with a summary: "You have {{N}} reports with access to {{M}} in-scope apps. Please review and attest by {{deadline}}."
Include a #Trigger Form per report with rows for each app/entitlement: "Keep / Modify / Revoke".
Send app-owner attestations:
For each app owner, #Send Direct Message with the full list of users on their app.
Include a #Trigger Form to attest the user set is correct.
schedule_action wakes at 7, 10, 13 days for non-completers:
On each wake, #custom Get UAR Completion Status to identify outstanding reviewers.
#Send Direct Message reminders with escalating urgency.
Day 14: #Send Channel Message to the reviewer's skip-level manager.
At deadline + 1 day, execute revocations:
For each "Revoke" response: #Remove from Group (Okta) or call the app-specific revoke action.
For each unattested user (no response): #Send Direct Message to user warning of impending revocation; revoke at deadline + 7 days if still unattested.
#Custom Vanta Upload Evidence with the full attestation log, decisions, and revocation timestamps.
#Send Channel Message to
#securitywith cycle summary: review rate, revoke count, app coverage.#Create Linear Issue in the Security-Audit project for the cycle's evidence package.
#Leave Internal Note capturing cycle dates and stats.
User Access Reviews (UAR)
Playbooks
/
User Access Reviews (UAR)
User Access Reviews (UAR)
Created by
Console Team
Published
Security
Okta
Vanta
Linear
Trigger
Scheduled — quarterly on the 1st of Jan/Apr/Jul/Oct at 6:00 AM America/Chicago
Instructions
Determine the scope:
#Custom Vanta Get In-Scope Apps for SOX, SOC2, ISO 27001 controls.
#Custom Get Critical App List for any internal-classified critical apps not in Vanta.
For each in-scope app:
#Lookup Apps to resolve the app catalog entry.
#Lookup Groups filtered to that app to find all entitlement groups.
For each entitlement group: #Get Group Members to enumerate users.
Build the review matrix:
Group users by their direct manager.
For each manager, compile their team's access across all in-scope apps.
For each app, identify the app owner via custom Get App Owner.
Send manager attestations:
For each manager, #Lookup Users with
includeSlackId.#Send Direct Message with a summary: "You have {{N}} reports with access to {{M}} in-scope apps. Please review and attest by {{deadline}}."
Include a #Trigger Form per report with rows for each app/entitlement: "Keep / Modify / Revoke".
Send app-owner attestations:
For each app owner, #Send Direct Message with the full list of users on their app.
Include a #Trigger Form to attest the user set is correct.
schedule_action wakes at 7, 10, 13 days for non-completers:
On each wake, #custom Get UAR Completion Status to identify outstanding reviewers.
#Send Direct Message reminders with escalating urgency.
Day 14: #Send Channel Message to the reviewer's skip-level manager.
At deadline + 1 day, execute revocations:
For each "Revoke" response: #Remove from Group (Okta) or call the app-specific revoke action.
For each unattested user (no response): #Send Direct Message to user warning of impending revocation; revoke at deadline + 7 days if still unattested.
#Custom Vanta Upload Evidence with the full attestation log, decisions, and revocation timestamps.
#Send Channel Message to
#securitywith cycle summary: review rate, revoke count, app coverage.#Create Linear Issue in the Security-Audit project for the cycle's evidence package.
#Leave Internal Note capturing cycle dates and stats.
Vendor Intake & Onboarding
Playbooks
/
Vendor Intake & Onboarding
Vendor Intake & Onboarding
Created by
Console Team
Published
Finance
DocuSign
NetSuite
Plain
+2
Trigger
Requester asks to onboard a new paid vendor.
Instructions
#Trigger Form for vendor legal name + DBA, contact, service description, annual spend, payment terms, currency, cost center, data processing flag, DPA need.
#Lookup Users with
includeManager.Initial approvals:
#Request Approval from cost-center owner.
#Request Approval from finance ops.
Tax docs:
#Custom DocuSign Send W-9 Request (or W-8 international).
schedule_action wake at 7 days if not received → AP chases via DM.
Security review:
#Custom Trigger Sec-18 Vendor Security Review; wait for sign-off.
Legal review:
Fire Legal-7 Vendor Legal Review Intake.
If DPA needed → fire Legal-8 DPA Handling.
Banking validation:
#Custom Plaid Verify Bank Account or custom Bill.com Verify ACH with micro-deposits.
For wires: custom Verify Wire Routing.
Create vendor records:
Approval workflows:
Notify:
#Send Direct Message to requester with vendor IDs, payment terms, first-invoice instructions.
#Send Direct Message to AP team.
#Send Channel Message to
#finance-vendor-log.
#Leave Internal Note with all artifacts.
Vendor Intake & Onboarding
Playbooks
/
Vendor Intake & Onboarding
Vendor Intake & Onboarding
Created by
Console Team
Published
Finance
DocuSign
NetSuite
Plain
+2
Trigger
Requester asks to onboard a new paid vendor.
Instructions
#Trigger Form for vendor legal name + DBA, contact, service description, annual spend, payment terms, currency, cost center, data processing flag, DPA need.
#Lookup Users with
includeManager.Initial approvals:
#Request Approval from cost-center owner.
#Request Approval from finance ops.
Tax docs:
#Custom DocuSign Send W-9 Request (or W-8 international).
schedule_action wake at 7 days if not received → AP chases via DM.
Security review:
#Custom Trigger Sec-18 Vendor Security Review; wait for sign-off.
Legal review:
Fire Legal-7 Vendor Legal Review Intake.
If DPA needed → fire Legal-8 DPA Handling.
Banking validation:
#Custom Plaid Verify Bank Account or custom Bill.com Verify ACH with micro-deposits.
For wires: custom Verify Wire Routing.
Create vendor records:
Approval workflows:
Notify:
#Send Direct Message to requester with vendor IDs, payment terms, first-invoice instructions.
#Send Direct Message to AP team.
#Send Channel Message to
#finance-vendor-log.
#Leave Internal Note with all artifacts.
Vendor Intake & Onboarding
Playbooks
/
Vendor Intake & Onboarding
Vendor Intake & Onboarding
Created by
Console Team
Published
Finance
DocuSign
NetSuite
Plain
+2
Trigger
Requester asks to onboard a new paid vendor.
Instructions
#Trigger Form for vendor legal name + DBA, contact, service description, annual spend, payment terms, currency, cost center, data processing flag, DPA need.
#Lookup Users with
includeManager.Initial approvals:
#Request Approval from cost-center owner.
#Request Approval from finance ops.
Tax docs:
#Custom DocuSign Send W-9 Request (or W-8 international).
schedule_action wake at 7 days if not received → AP chases via DM.
Security review:
#Custom Trigger Sec-18 Vendor Security Review; wait for sign-off.
Legal review:
Fire Legal-7 Vendor Legal Review Intake.
If DPA needed → fire Legal-8 DPA Handling.
Banking validation:
#Custom Plaid Verify Bank Account or custom Bill.com Verify ACH with micro-deposits.
For wires: custom Verify Wire Routing.
Create vendor records:
Approval workflows:
Notify:
#Send Direct Message to requester with vendor IDs, payment terms, first-invoice instructions.
#Send Direct Message to AP team.
#Send Channel Message to
#finance-vendor-log.
#Leave Internal Note with all artifacts.
Vendor Legal Review Intake
Playbooks
/
Vendor Legal Review Intake
Vendor Legal Review Intake
Created by
Console Team
Published
Legal
Vanta
Ironclad
Trigger
Requester asks to bring on a new vendor.
Instructions
#Trigger Form to collect:
Vendor legal name.
Service description.
Annual spend estimate.
Will vendor process PII / PHI / financial data / IP?
Vendor jurisdiction.
Need standard contract or do they require theirs?
Specific concerns / non-standard requests.
#Lookup Users on requester.
Chain to security:
Wait for security tier assessment.
Legal-specific intake:
DPA need: yes if processing PII/PHI; auto-trigger Legal-8 in parallel.
IP exposure: yes if vendor receives/develops IP; require IP clause review.
Payment terms: standard net 30 unless vendor pushes back.
Jurisdiction: review governing law and venue.
Risk tier: based on data sensitivity + jurisdiction + spend.
Route by tier:
Tier 1 → paralegal queue.
Tier 2 → commercial counsel.
Tier 3 → senior counsel + privacy counsel.
Create Ironclad workflow:
#Custom Ironclad Create Workflow with type "Vendor Review" and risk tier.
#Send Direct Message to assigned counsel with full context.
#Send Direct Message to requester with assigned counsel, expected SLA, info legal may ask for.
schedule_action wake at SLA windows (3 / 7 / 14 days).
On legal sign-off + security cleared, notify requester to proceed with Fin-5.
#Resolve Request on legal sign-off.
Vendor Legal Review Intake
Playbooks
/
Vendor Legal Review Intake
Vendor Legal Review Intake
Created by
Console Team
Published
Legal
Vanta
Ironclad
Trigger
Requester asks to bring on a new vendor.
Instructions
#Trigger Form to collect:
Vendor legal name.
Service description.
Annual spend estimate.
Will vendor process PII / PHI / financial data / IP?
Vendor jurisdiction.
Need standard contract or do they require theirs?
Specific concerns / non-standard requests.
#Lookup Users on requester.
Chain to security:
Wait for security tier assessment.
Legal-specific intake:
DPA need: yes if processing PII/PHI; auto-trigger Legal-8 in parallel.
IP exposure: yes if vendor receives/develops IP; require IP clause review.
Payment terms: standard net 30 unless vendor pushes back.
Jurisdiction: review governing law and venue.
Risk tier: based on data sensitivity + jurisdiction + spend.
Route by tier:
Tier 1 → paralegal queue.
Tier 2 → commercial counsel.
Tier 3 → senior counsel + privacy counsel.
Create Ironclad workflow:
#Custom Ironclad Create Workflow with type "Vendor Review" and risk tier.
#Send Direct Message to assigned counsel with full context.
#Send Direct Message to requester with assigned counsel, expected SLA, info legal may ask for.
schedule_action wake at SLA windows (3 / 7 / 14 days).
On legal sign-off + security cleared, notify requester to proceed with Fin-5.
#Resolve Request on legal sign-off.
Vendor Legal Review Intake
Playbooks
/
Vendor Legal Review Intake
Vendor Legal Review Intake
Created by
Console Team
Published
Legal
Vanta
Ironclad
Trigger
Requester asks to bring on a new vendor.
Instructions
#Trigger Form to collect:
Vendor legal name.
Service description.
Annual spend estimate.
Will vendor process PII / PHI / financial data / IP?
Vendor jurisdiction.
Need standard contract or do they require theirs?
Specific concerns / non-standard requests.
#Lookup Users on requester.
Chain to security:
Wait for security tier assessment.
Legal-specific intake:
DPA need: yes if processing PII/PHI; auto-trigger Legal-8 in parallel.
IP exposure: yes if vendor receives/develops IP; require IP clause review.
Payment terms: standard net 30 unless vendor pushes back.
Jurisdiction: review governing law and venue.
Risk tier: based on data sensitivity + jurisdiction + spend.
Route by tier:
Tier 1 → paralegal queue.
Tier 2 → commercial counsel.
Tier 3 → senior counsel + privacy counsel.
Create Ironclad workflow:
#Custom Ironclad Create Workflow with type "Vendor Review" and risk tier.
#Send Direct Message to assigned counsel with full context.
#Send Direct Message to requester with assigned counsel, expected SLA, info legal may ask for.
schedule_action wake at SLA windows (3 / 7 / 14 days).
On legal sign-off + security cleared, notify requester to proceed with Fin-5.
#Resolve Request on legal sign-off.
Vendor Risk + Payment Hold
Playbooks
/
Vendor Risk + Payment Hold
Vendor Risk + Payment Hold
Created by
Console Team
Published
Finance
Vanta
Linear
NetSuite
+2
Trigger
Detection — webhook from Vanta status change OR scheduled OFAC screen
Instructions
Inputs: Vanta failing review, OFAC match, or legal contract-dispute flag.
Hold scope:
Sanctions match → immediate full hold.
Security review fail → hold new payments.
Contract dispute → hold disputed invoices only.
Place hold:
Notify:
#Send Channel Message to
#finance-vendor-holds.DM AP team.
For each cost-center owner with active spend: DM with hold + alternatives.
For OFAC:
#Send Channel Message to
#finance-criticaland#legal-compliance.
Resolution:
schedule_action wake daily to check.
On clearance: remove holds, DM AP + owners, channel log.
During hold: incoming bills route to
#finance-vendor-holdsinstead of normal approval.
Vendor Risk + Payment Hold
Playbooks
/
Vendor Risk + Payment Hold
Vendor Risk + Payment Hold
Created by
Console Team
Published
Finance
Vanta
Linear
NetSuite
+2
Trigger
Detection — webhook from Vanta status change OR scheduled OFAC screen
Instructions
Inputs: Vanta failing review, OFAC match, or legal contract-dispute flag.
Hold scope:
Sanctions match → immediate full hold.
Security review fail → hold new payments.
Contract dispute → hold disputed invoices only.
Place hold:
Notify:
#Send Channel Message to
#finance-vendor-holds.DM AP team.
For each cost-center owner with active spend: DM with hold + alternatives.
For OFAC:
#Send Channel Message to
#finance-criticaland#legal-compliance.
Resolution:
schedule_action wake daily to check.
On clearance: remove holds, DM AP + owners, channel log.
During hold: incoming bills route to
#finance-vendor-holdsinstead of normal approval.
Vendor Risk + Payment Hold
Playbooks
/
Vendor Risk + Payment Hold
Vendor Risk + Payment Hold
Created by
Console Team
Published
Finance
Vanta
Linear
NetSuite
+2
Trigger
Detection — webhook from Vanta status change OR scheduled OFAC screen
Instructions
Inputs: Vanta failing review, OFAC match, or legal contract-dispute flag.
Hold scope:
Sanctions match → immediate full hold.
Security review fail → hold new payments.
Contract dispute → hold disputed invoices only.
Place hold:
Notify:
#Send Channel Message to
#finance-vendor-holds.DM AP team.
For each cost-center owner with active spend: DM with hold + alternatives.
For OFAC:
#Send Channel Message to
#finance-criticaland#legal-compliance.
Resolution:
schedule_action wake daily to check.
On clearance: remove holds, DM AP + owners, channel log.
During hold: incoming bills route to
#finance-vendor-holdsinstead of normal approval.
Vendor Security Review
Playbooks
/
Vendor Security Review
Vendor Security Review
Created by
Console Team
Published
Security
Vanta
Linear
Trigger
IT or someone requests a new SaaS app/vendor.
Instructions
#Trigger Form to collect:
Vendor name
Vendor URL
Use case (what data, what users, what integration)
Data sensitivity (none / PII / financial / customer-data / PHI / IP)
Number of users
Integration scope (SSO only / SCIM / API / data residency)
Business owner / requester
#Lookup Users on the requester.
Pull vendor attestations:
#Custom Vanta Get Vendor Profile for the vendor.
If exists: pull SOC2 / ISO 27001 / GDPR DPA / security questionnaire status.
If new vendor: #Web Research the vendor's trust/security page.
Tier the risk:
Low: no sensitive data, well-known vendor with SOC2 II, <50 users.
Medium: PII or financial, SOC2 II + DPA available.
High: customer-data, PHI, or IP; SOC2 II + DPA + security questionnaire + pen-test report required.
Critical: requires full vendor risk assessment + legal review + executive sign-off.
Run the security questionnaire if needed:
#Custom Send Vendor Security Questionnaire with the standard template.
schedule_action wake at 14 days to check response.
Route for approval:
Low → auto-approve with security info note.
Medium → #Request Approval from security engineer.
High → #Request Approval chained: security engineer → security lead → privacy/legal (if PII/PHI).
Critical → security lead → privacy → legal → CISO/CTO.
On full approval:
#Custom Vanta Add Approved Vendor with the risk tier and review artifacts.
#Create Linear Issue in the IT project for the actual onboarding (link to IT-7 if SSO setup is needed).
#Send Direct Message to the requester with: approval, next steps, restrictions if any.
On denial:
#Send Direct Message to the requester with the reason and alternative suggestions.
#Leave Internal Note capturing risk tier, attestations, approval trail.
Vendor Security Review
Playbooks
/
Vendor Security Review
Vendor Security Review
Created by
Console Team
Published
Security
Vanta
Linear
Trigger
IT or someone requests a new SaaS app/vendor.
Instructions
#Trigger Form to collect:
Vendor name
Vendor URL
Use case (what data, what users, what integration)
Data sensitivity (none / PII / financial / customer-data / PHI / IP)
Number of users
Integration scope (SSO only / SCIM / API / data residency)
Business owner / requester
#Lookup Users on the requester.
Pull vendor attestations:
#Custom Vanta Get Vendor Profile for the vendor.
If exists: pull SOC2 / ISO 27001 / GDPR DPA / security questionnaire status.
If new vendor: #Web Research the vendor's trust/security page.
Tier the risk:
Low: no sensitive data, well-known vendor with SOC2 II, <50 users.
Medium: PII or financial, SOC2 II + DPA available.
High: customer-data, PHI, or IP; SOC2 II + DPA + security questionnaire + pen-test report required.
Critical: requires full vendor risk assessment + legal review + executive sign-off.
Run the security questionnaire if needed:
#Custom Send Vendor Security Questionnaire with the standard template.
schedule_action wake at 14 days to check response.
Route for approval:
Low → auto-approve with security info note.
Medium → #Request Approval from security engineer.
High → #Request Approval chained: security engineer → security lead → privacy/legal (if PII/PHI).
Critical → security lead → privacy → legal → CISO/CTO.
On full approval:
#Custom Vanta Add Approved Vendor with the risk tier and review artifacts.
#Create Linear Issue in the IT project for the actual onboarding (link to IT-7 if SSO setup is needed).
#Send Direct Message to the requester with: approval, next steps, restrictions if any.
On denial:
#Send Direct Message to the requester with the reason and alternative suggestions.
#Leave Internal Note capturing risk tier, attestations, approval trail.
Vendor Security Review
Playbooks
/
Vendor Security Review
Vendor Security Review
Created by
Console Team
Published
Security
Vanta
Linear
Trigger
IT or someone requests a new SaaS app/vendor.
Instructions
#Trigger Form to collect:
Vendor name
Vendor URL
Use case (what data, what users, what integration)
Data sensitivity (none / PII / financial / customer-data / PHI / IP)
Number of users
Integration scope (SSO only / SCIM / API / data residency)
Business owner / requester
#Lookup Users on the requester.
Pull vendor attestations:
#Custom Vanta Get Vendor Profile for the vendor.
If exists: pull SOC2 / ISO 27001 / GDPR DPA / security questionnaire status.
If new vendor: #Web Research the vendor's trust/security page.
Tier the risk:
Low: no sensitive data, well-known vendor with SOC2 II, <50 users.
Medium: PII or financial, SOC2 II + DPA available.
High: customer-data, PHI, or IP; SOC2 II + DPA + security questionnaire + pen-test report required.
Critical: requires full vendor risk assessment + legal review + executive sign-off.
Run the security questionnaire if needed:
#Custom Send Vendor Security Questionnaire with the standard template.
schedule_action wake at 14 days to check response.
Route for approval:
Low → auto-approve with security info note.
Medium → #Request Approval from security engineer.
High → #Request Approval chained: security engineer → security lead → privacy/legal (if PII/PHI).
Critical → security lead → privacy → legal → CISO/CTO.
On full approval:
#Custom Vanta Add Approved Vendor with the risk tier and review artifacts.
#Create Linear Issue in the IT project for the actual onboarding (link to IT-7 if SSO setup is needed).
#Send Direct Message to the requester with: approval, next steps, restrictions if any.
On denial:
#Send Direct Message to the requester with the reason and alternative suggestions.
#Leave Internal Note capturing risk tier, attestations, approval trail.
VIP Fast-Track
Playbooks
/
VIP Fast-Track
VIP Fast-Track
Created by
Console Team
Published
IT
Okta
PagerDuty
Trigger
Console Trigger — REQUEST_STARTED
Instructions
#Lookup Users on the requester with
includeGroupsandincludeManager.Determine VIP status — requester is VIP if any of:
In the
vipOkta group (execs, board).Title matches
^(CEO|CFO|CTO|COO|VP|SVP|Chief).In active on-call rotation via #Get PagerDuty Oncall Users.
In
customer-facing-activegroup (CSMs in an active meeting).
If not VIP → exit without modification (let normal routing apply).
If VIP:
#Escalate Request with priority
URGENTand a sub-15-minute SLA tag.#Custom PagerDuty Page to the IT on-call engineer and backup.
#Reroute Request to a private VIP-only channel.
#Send Channel Message to
#it-vipwith the request link, requester title, underlying ask.#Assign User to the request (the IT on-call engineer).
#Send Direct Message to the requester acknowledging fast-track and giving them the on-call engineer's name + ETA.
#Leave Internal Note capturing VIP determination reason and on-call assignment.
Continue handling the underlying request — do NOT resolve here; the on-call engineer takes over.
VIP Fast-Track
Playbooks
/
VIP Fast-Track
VIP Fast-Track
Created by
Console Team
Published
IT
Okta
PagerDuty
Trigger
Console Trigger — REQUEST_STARTED
Instructions
#Lookup Users on the requester with
includeGroupsandincludeManager.Determine VIP status — requester is VIP if any of:
In the
vipOkta group (execs, board).Title matches
^(CEO|CFO|CTO|COO|VP|SVP|Chief).In active on-call rotation via #Get PagerDuty Oncall Users.
In
customer-facing-activegroup (CSMs in an active meeting).
If not VIP → exit without modification (let normal routing apply).
If VIP:
#Escalate Request with priority
URGENTand a sub-15-minute SLA tag.#Custom PagerDuty Page to the IT on-call engineer and backup.
#Reroute Request to a private VIP-only channel.
#Send Channel Message to
#it-vipwith the request link, requester title, underlying ask.#Assign User to the request (the IT on-call engineer).
#Send Direct Message to the requester acknowledging fast-track and giving them the on-call engineer's name + ETA.
#Leave Internal Note capturing VIP determination reason and on-call assignment.
Continue handling the underlying request — do NOT resolve here; the on-call engineer takes over.
VIP Fast-Track
Playbooks
/
VIP Fast-Track
VIP Fast-Track
Created by
Console Team
Published
IT
Okta
PagerDuty
Trigger
Console Trigger — REQUEST_STARTED
Instructions
#Lookup Users on the requester with
includeGroupsandincludeManager.Determine VIP status — requester is VIP if any of:
In the
vipOkta group (execs, board).Title matches
^(CEO|CFO|CTO|COO|VP|SVP|Chief).In active on-call rotation via #Get PagerDuty Oncall Users.
In
customer-facing-activegroup (CSMs in an active meeting).
If not VIP → exit without modification (let normal routing apply).
If VIP:
#Escalate Request with priority
URGENTand a sub-15-minute SLA tag.#Custom PagerDuty Page to the IT on-call engineer and backup.
#Reroute Request to a private VIP-only channel.
#Send Channel Message to
#it-vipwith the request link, requester title, underlying ask.#Assign User to the request (the IT on-call engineer).
#Send Direct Message to the requester acknowledging fast-track and giving them the on-call engineer's name + ETA.
#Leave Internal Note capturing VIP determination reason and on-call assignment.
Continue handling the underlying request — do NOT resolve here; the on-call engineer takes over.
Vulnerability Assessment & Impact
Playbooks
/
Vulnerability Assessment & Impact
Vulnerability Assessment & Impact
Created by
Console Team
Published
Security
Kandji
CrowdStrike
AWS
+3
Trigger
Requester pastes a CVE ID or vulnerability description, or asks "what's our exposure to X?"
Instructions
Parse the CVE ID or vuln description.
If a CVE ID:
#Web Research the NVD page for CVE details (CVSS, affected products, fix versions).
If a vuln description:
#Web Research to find the matching CVE(s) and affected software.
#Trigger Form to collect (with smart defaults from the parse):
Confirmed CVE list
Affected products / versions
Severity threshold for action (Critical only / High+ / Medium+)
Scope (devices / cloud / SaaS / all)
Run queries in parallel:
#List AWS Inspector Findings filtered by the CVE.
#Custom Wiz Query Vulnerabilities for cloud and container exposure.
#CrowdStrike: Get Device Vulnerabilities (Spotlight) for endpoint exposure.
#List Devices (Kandji) + custom Kandji Filter By App Version for affected client software.
Aggregate the exposed assets:
For each finding, capture: asset, owner (via custom Get Asset Owner), severity, reachability (internet-facing?), data-classification.
Score by reachability:
Internet-facing + sensitive-data + critical-CVE → P0.
Internal-facing + critical-CVE → P1.
Internal-facing + high-CVE → P2.
Else → P3.
Create remediation tickets:
Group by owning team.
For each team: #Create Linear Issue with: CVE summary, affected assets, severity, recommended fix, SLA (P0 = 24h, P1 = 7d, P2 = 30d).
#Send Direct Message to team lead with the issue link.
Compose the impact report:
#Send Channel Message to
#securitywith: total findings, by-priority breakdown, owning-team distribution, ticket links.#Send Direct Message to the requester with the same report and the deep links.
schedule_action wake at the SLA windows (24h, 7d, 30d) to check remediation status.
On wake: for unresolved P0/P1 issues, #Send Channel Message to
#security-leadsescalating.#Leave Internal Note capturing the assessment.
Vulnerability Assessment & Impact
Playbooks
/
Vulnerability Assessment & Impact
Vulnerability Assessment & Impact
Created by
Console Team
Published
Security
Kandji
CrowdStrike
AWS
+3
Trigger
Requester pastes a CVE ID or vulnerability description, or asks "what's our exposure to X?"
Instructions
Parse the CVE ID or vuln description.
If a CVE ID:
#Web Research the NVD page for CVE details (CVSS, affected products, fix versions).
If a vuln description:
#Web Research to find the matching CVE(s) and affected software.
#Trigger Form to collect (with smart defaults from the parse):
Confirmed CVE list
Affected products / versions
Severity threshold for action (Critical only / High+ / Medium+)
Scope (devices / cloud / SaaS / all)
Run queries in parallel:
#List AWS Inspector Findings filtered by the CVE.
#Custom Wiz Query Vulnerabilities for cloud and container exposure.
#CrowdStrike: Get Device Vulnerabilities (Spotlight) for endpoint exposure.
#List Devices (Kandji) + custom Kandji Filter By App Version for affected client software.
Aggregate the exposed assets:
For each finding, capture: asset, owner (via custom Get Asset Owner), severity, reachability (internet-facing?), data-classification.
Score by reachability:
Internet-facing + sensitive-data + critical-CVE → P0.
Internal-facing + critical-CVE → P1.
Internal-facing + high-CVE → P2.
Else → P3.
Create remediation tickets:
Group by owning team.
For each team: #Create Linear Issue with: CVE summary, affected assets, severity, recommended fix, SLA (P0 = 24h, P1 = 7d, P2 = 30d).
#Send Direct Message to team lead with the issue link.
Compose the impact report:
#Send Channel Message to
#securitywith: total findings, by-priority breakdown, owning-team distribution, ticket links.#Send Direct Message to the requester with the same report and the deep links.
schedule_action wake at the SLA windows (24h, 7d, 30d) to check remediation status.
On wake: for unresolved P0/P1 issues, #Send Channel Message to
#security-leadsescalating.#Leave Internal Note capturing the assessment.
Vulnerability Assessment & Impact
Playbooks
/
Vulnerability Assessment & Impact
Vulnerability Assessment & Impact
Created by
Console Team
Published
Security
Kandji
CrowdStrike
AWS
+3
Trigger
Requester pastes a CVE ID or vulnerability description, or asks "what's our exposure to X?"
Instructions
Parse the CVE ID or vuln description.
If a CVE ID:
#Web Research the NVD page for CVE details (CVSS, affected products, fix versions).
If a vuln description:
#Web Research to find the matching CVE(s) and affected software.
#Trigger Form to collect (with smart defaults from the parse):
Confirmed CVE list
Affected products / versions
Severity threshold for action (Critical only / High+ / Medium+)
Scope (devices / cloud / SaaS / all)
Run queries in parallel:
#List AWS Inspector Findings filtered by the CVE.
#Custom Wiz Query Vulnerabilities for cloud and container exposure.
#CrowdStrike: Get Device Vulnerabilities (Spotlight) for endpoint exposure.
#List Devices (Kandji) + custom Kandji Filter By App Version for affected client software.
Aggregate the exposed assets:
For each finding, capture: asset, owner (via custom Get Asset Owner), severity, reachability (internet-facing?), data-classification.
Score by reachability:
Internet-facing + sensitive-data + critical-CVE → P0.
Internal-facing + critical-CVE → P1.
Internal-facing + high-CVE → P2.
Else → P3.
Create remediation tickets:
Group by owning team.
For each team: #Create Linear Issue with: CVE summary, affected assets, severity, recommended fix, SLA (P0 = 24h, P1 = 7d, P2 = 30d).
#Send Direct Message to team lead with the issue link.
Compose the impact report:
#Send Channel Message to
#securitywith: total findings, by-priority breakdown, owning-team distribution, ticket links.#Send Direct Message to the requester with the same report and the deep links.
schedule_action wake at the SLA windows (24h, 7d, 30d) to check remediation status.
On wake: for unresolved P0/P1 issues, #Send Channel Message to
#security-leadsescalating.#Leave Internal Note capturing the assessment.
Web-Sourced Troubleshooting
Playbooks
/
Web-Sourced Troubleshooting
Web-Sourced Troubleshooting
Created by
Console Team
Published
IT
Kandji
Trigger
Requester reports an issue with a vendor SaaS or OS ("Xcode failing on macOS 15", "Office keeps prompting for activation", "Chrome extension X not working").
Instructions
#Lookup Users on the requester.
#List Devices (Kandji) to get OS version and model.
#Trigger Form to collect:
Application or service
Exact error message
When it started
What they've tried
#Search Knowledge Base first for the symptom + application.
If no KB hit or stale: #Web Research with a focused query like
{{app}} {{error}} {{os_version}}targeting vendor docs.Synthesize the top fixes from web + KB into 3–5 steps.
Walk the user through them in #Send Direct Message, asking "did that work?" after each.
If a Kandji-side fix is needed: #Create Kandji Custom Script or custom Kandji Reinstall Library Item.
On resolution → #Resolve Request and offer to save the fix back into a new KB article.
If unresolved → #Escalate Request with the full diagnostic trail in #Leave Internal Note.
Web-Sourced Troubleshooting
Playbooks
/
Web-Sourced Troubleshooting
Web-Sourced Troubleshooting
Created by
Console Team
Published
IT
Kandji
Trigger
Requester reports an issue with a vendor SaaS or OS ("Xcode failing on macOS 15", "Office keeps prompting for activation", "Chrome extension X not working").
Instructions
#Lookup Users on the requester.
#List Devices (Kandji) to get OS version and model.
#Trigger Form to collect:
Application or service
Exact error message
When it started
What they've tried
#Search Knowledge Base first for the symptom + application.
If no KB hit or stale: #Web Research with a focused query like
{{app}} {{error}} {{os_version}}targeting vendor docs.Synthesize the top fixes from web + KB into 3–5 steps.
Walk the user through them in #Send Direct Message, asking "did that work?" after each.
If a Kandji-side fix is needed: #Create Kandji Custom Script or custom Kandji Reinstall Library Item.
On resolution → #Resolve Request and offer to save the fix back into a new KB article.
If unresolved → #Escalate Request with the full diagnostic trail in #Leave Internal Note.
Web-Sourced Troubleshooting
Playbooks
/
Web-Sourced Troubleshooting
Web-Sourced Troubleshooting
Created by
Console Team
Published
IT
Kandji
Trigger
Requester reports an issue with a vendor SaaS or OS ("Xcode failing on macOS 15", "Office keeps prompting for activation", "Chrome extension X not working").
Instructions
#Lookup Users on the requester.
#List Devices (Kandji) to get OS version and model.
#Trigger Form to collect:
Application or service
Exact error message
When it started
What they've tried
#Search Knowledge Base first for the symptom + application.
If no KB hit or stale: #Web Research with a focused query like
{{app}} {{error}} {{os_version}}targeting vendor docs.Synthesize the top fixes from web + KB into 3–5 steps.
Walk the user through them in #Send Direct Message, asking "did that work?" after each.
If a Kandji-side fix is needed: #Create Kandji Custom Script or custom Kandji Reinstall Library Item.
On resolution → #Resolve Request and offer to save the fix back into a new KB article.
If unresolved → #Escalate Request with the full diagnostic trail in #Leave Internal Note.
Weekly Finance Digest
Playbooks
/
Weekly Finance Digest
Weekly Finance Digest
Created by
Console Team
Published
Finance
Workday
Ramp
NetSuite
+2
Trigger
Scheduled — every Monday at 9:00 AM America/Chicago
Instructions
Pull in parallel:
#Custom NetSuite Get Spend by Cost Center (last 7 days).
#Custom NetSuite Get AR Aging Summary with buckets (0-30/31-60/61-90/90+).
#Custom Ramp Get Top Vendors by Spend (last 30 days).
#Custom Get Upcoming Renewals for next 90 days.
#Run Query for expense report volume + turnaround.
Compute callouts: cost centers over budget WTD, top 3 fastest-growing categories, customers overdue >$50k, vendors with renewal in 30 days.
Compose digest with sections: spend snapshot, AR aging, top vendors, upcoming renewals, expense compliance, cash position.
#Send Channel Message to
#financewith full digest.#Send Channel Message to
#finance-leadswith leadership cuts.For each cost center over budget: DM the owner with their cut.
#Custom Snapshot Finance Weekly for trend analysis.
Weekly Finance Digest
Playbooks
/
Weekly Finance Digest
Weekly Finance Digest
Created by
Console Team
Published
Finance
Workday
Ramp
NetSuite
+2
Trigger
Scheduled — every Monday at 9:00 AM America/Chicago
Instructions
Pull in parallel:
#Custom NetSuite Get Spend by Cost Center (last 7 days).
#Custom NetSuite Get AR Aging Summary with buckets (0-30/31-60/61-90/90+).
#Custom Ramp Get Top Vendors by Spend (last 30 days).
#Custom Get Upcoming Renewals for next 90 days.
#Run Query for expense report volume + turnaround.
Compute callouts: cost centers over budget WTD, top 3 fastest-growing categories, customers overdue >$50k, vendors with renewal in 30 days.
Compose digest with sections: spend snapshot, AR aging, top vendors, upcoming renewals, expense compliance, cash position.
#Send Channel Message to
#financewith full digest.#Send Channel Message to
#finance-leadswith leadership cuts.For each cost center over budget: DM the owner with their cut.
#Custom Snapshot Finance Weekly for trend analysis.
Weekly Finance Digest
Playbooks
/
Weekly Finance Digest
Weekly Finance Digest
Created by
Console Team
Published
Finance
Workday
Ramp
NetSuite
+2
Trigger
Scheduled — every Monday at 9:00 AM America/Chicago
Instructions
Pull in parallel:
#Custom NetSuite Get Spend by Cost Center (last 7 days).
#Custom NetSuite Get AR Aging Summary with buckets (0-30/31-60/61-90/90+).
#Custom Ramp Get Top Vendors by Spend (last 30 days).
#Custom Get Upcoming Renewals for next 90 days.
#Run Query for expense report volume + turnaround.
Compute callouts: cost centers over budget WTD, top 3 fastest-growing categories, customers overdue >$50k, vendors with renewal in 30 days.
Compose digest with sections: spend snapshot, AR aging, top vendors, upcoming renewals, expense compliance, cash position.
#Send Channel Message to
#financewith full digest.#Send Channel Message to
#finance-leadswith leadership cuts.For each cost center over budget: DM the owner with their cut.
#Custom Snapshot Finance Weekly for trend analysis.
Weekly Forecast Roll-Up
Playbooks
/
Weekly Forecast Roll-Up
Weekly Forecast Roll-Up
Created by
Console Team
Published
RevOps
HubSpot
Trigger
Scheduled — every Monday at 9:00 AM America/Chicago
Instructions
Identify AEs in scope:
#List HubSpot Owners filtered to active AEs.
For each AE, pull forecast data:
#Search Open HubSpot Deals by Owner with Forecast Category filtered to current quarter.
Bucket by: Commit / Best Case / Pipeline / Omitted.
Sum amounts per bucket.
Compute team-level rollups:
By manager.
By region.
By segment.
Run trend analysis:
#Run Query with
REQUEST_COUNTmeasurement isn't quite right here — use custom Compare to Last Week action that diffs forecast vs last Monday.Calculate: week-over-week delta, attainment vs quota, gap-to-quota.
Identify missing inputs:
For each AE with no forecast updates in 7 days → flag.
For each AE with deals in current quarter missing close date / amount / stage → flag.
Compose the digest:
Top of report: total commit, best case, pipeline, gap-to-quota.
By region/segment: same breakdown.
Top deals (>$X): list with status, last activity.
Flagged gaps: AEs missing inputs, deals missing fields.
Trend: WoW delta with sparkline (via #Run Query chart).
#Send Channel Message to
#revopswith the full digest.#Send Channel Message to
#sales-leadershipwith the leadership-level rollup (no individual flags).For each flagged AE:
#Send Direct Message with: their specific gaps, action items, due-by date.
For managers:
#Send Direct Message with their team's rollup + flags.
Save the snapshot:
#Custom Snapshot Forecast Weekly writes to a snapshot table for trend analysis.
#Leave Internal Note in a weekly tracking issue.
Weekly Forecast Roll-Up
Playbooks
/
Weekly Forecast Roll-Up
Weekly Forecast Roll-Up
Created by
Console Team
Published
RevOps
HubSpot
Trigger
Scheduled — every Monday at 9:00 AM America/Chicago
Instructions
Identify AEs in scope:
#List HubSpot Owners filtered to active AEs.
For each AE, pull forecast data:
#Search Open HubSpot Deals by Owner with Forecast Category filtered to current quarter.
Bucket by: Commit / Best Case / Pipeline / Omitted.
Sum amounts per bucket.
Compute team-level rollups:
By manager.
By region.
By segment.
Run trend analysis:
#Run Query with
REQUEST_COUNTmeasurement isn't quite right here — use custom Compare to Last Week action that diffs forecast vs last Monday.Calculate: week-over-week delta, attainment vs quota, gap-to-quota.
Identify missing inputs:
For each AE with no forecast updates in 7 days → flag.
For each AE with deals in current quarter missing close date / amount / stage → flag.
Compose the digest:
Top of report: total commit, best case, pipeline, gap-to-quota.
By region/segment: same breakdown.
Top deals (>$X): list with status, last activity.
Flagged gaps: AEs missing inputs, deals missing fields.
Trend: WoW delta with sparkline (via #Run Query chart).
#Send Channel Message to
#revopswith the full digest.#Send Channel Message to
#sales-leadershipwith the leadership-level rollup (no individual flags).For each flagged AE:
#Send Direct Message with: their specific gaps, action items, due-by date.
For managers:
#Send Direct Message with their team's rollup + flags.
Save the snapshot:
#Custom Snapshot Forecast Weekly writes to a snapshot table for trend analysis.
#Leave Internal Note in a weekly tracking issue.
Weekly Forecast Roll-Up
Playbooks
/
Weekly Forecast Roll-Up
Weekly Forecast Roll-Up
Created by
Console Team
Published
RevOps
HubSpot
Trigger
Scheduled — every Monday at 9:00 AM America/Chicago
Instructions
Identify AEs in scope:
#List HubSpot Owners filtered to active AEs.
For each AE, pull forecast data:
#Search Open HubSpot Deals by Owner with Forecast Category filtered to current quarter.
Bucket by: Commit / Best Case / Pipeline / Omitted.
Sum amounts per bucket.
Compute team-level rollups:
By manager.
By region.
By segment.
Run trend analysis:
#Run Query with
REQUEST_COUNTmeasurement isn't quite right here — use custom Compare to Last Week action that diffs forecast vs last Monday.Calculate: week-over-week delta, attainment vs quota, gap-to-quota.
Identify missing inputs:
For each AE with no forecast updates in 7 days → flag.
For each AE with deals in current quarter missing close date / amount / stage → flag.
Compose the digest:
Top of report: total commit, best case, pipeline, gap-to-quota.
By region/segment: same breakdown.
Top deals (>$X): list with status, last activity.
Flagged gaps: AEs missing inputs, deals missing fields.
Trend: WoW delta with sparkline (via #Run Query chart).
#Send Channel Message to
#revopswith the full digest.#Send Channel Message to
#sales-leadershipwith the leadership-level rollup (no individual flags).For each flagged AE:
#Send Direct Message with: their specific gaps, action items, due-by date.
For managers:
#Send Direct Message with their team's rollup + flags.
Save the snapshot:
#Custom Snapshot Forecast Weekly writes to a snapshot table for trend analysis.
#Leave Internal Note in a weekly tracking issue.
Weekly HR Digest
Playbooks
/
Weekly HR Digest
Weekly HR Digest
Created by
Console Team
Published
HR
Workday
Linear
Trigger
Scheduled — every Monday at 9:00 AM America/Chicago
Instructions
Pull data sources in parallel:
#Custom Workday Query New Hires for hires starting this week.
#Custom Workday Query Anniversaries for tenure anniversaries (1/3/5/10 year) this week.
#Custom Workday Query Birthdays for birthdays this week.
#Run Query with measurement
REQUEST_COUNTfiltered to PTO/leave categories for the previous 7 days, grouped by category.#Custom Workday Query Open Headcount for current open requisitions.
Pick the policy reminder of the week from a rotating list (KB articles tagged
weekly-reminder).For new hires:
For each, #Lookup Users to get profile data and team.
Compose intro: name, title, team, location, fun fact (from intake form).
For anniversaries and birthdays:
Sort by date this week.
Group by team for readability.
Compose the digest markdown with sections:
This week's new hires (with photos if available)
Anniversaries
Birthdays
Policy reminder
PTO summary chart (insight URL)
Open headcount status
#Send Channel Message to
#peoplewith the composed digest.#Leave Internal Note in an internal Linear weekly issue capturing the digest contents for audit.
Weekly HR Digest
Playbooks
/
Weekly HR Digest
Weekly HR Digest
Created by
Console Team
Published
HR
Workday
Linear
Trigger
Scheduled — every Monday at 9:00 AM America/Chicago
Instructions
Pull data sources in parallel:
#Custom Workday Query New Hires for hires starting this week.
#Custom Workday Query Anniversaries for tenure anniversaries (1/3/5/10 year) this week.
#Custom Workday Query Birthdays for birthdays this week.
#Run Query with measurement
REQUEST_COUNTfiltered to PTO/leave categories for the previous 7 days, grouped by category.#Custom Workday Query Open Headcount for current open requisitions.
Pick the policy reminder of the week from a rotating list (KB articles tagged
weekly-reminder).For new hires:
For each, #Lookup Users to get profile data and team.
Compose intro: name, title, team, location, fun fact (from intake form).
For anniversaries and birthdays:
Sort by date this week.
Group by team for readability.
Compose the digest markdown with sections:
This week's new hires (with photos if available)
Anniversaries
Birthdays
Policy reminder
PTO summary chart (insight URL)
Open headcount status
#Send Channel Message to
#peoplewith the composed digest.#Leave Internal Note in an internal Linear weekly issue capturing the digest contents for audit.
Weekly HR Digest
Playbooks
/
Weekly HR Digest
Weekly HR Digest
Created by
Console Team
Published
HR
Workday
Linear
Trigger
Scheduled — every Monday at 9:00 AM America/Chicago
Instructions
Pull data sources in parallel:
#Custom Workday Query New Hires for hires starting this week.
#Custom Workday Query Anniversaries for tenure anniversaries (1/3/5/10 year) this week.
#Custom Workday Query Birthdays for birthdays this week.
#Run Query with measurement
REQUEST_COUNTfiltered to PTO/leave categories for the previous 7 days, grouped by category.#Custom Workday Query Open Headcount for current open requisitions.
Pick the policy reminder of the week from a rotating list (KB articles tagged
weekly-reminder).For new hires:
For each, #Lookup Users to get profile data and team.
Compose intro: name, title, team, location, fun fact (from intake form).
For anniversaries and birthdays:
Sort by date this week.
Group by team for readability.
Compose the digest markdown with sections:
This week's new hires (with photos if available)
Anniversaries
Birthdays
Policy reminder
PTO summary chart (insight URL)
Open headcount status
#Send Channel Message to
#peoplewith the composed digest.#Leave Internal Note in an internal Linear weekly issue capturing the digest contents for audit.
Wire Transfer Approval
Playbooks
/
Wire Transfer Approval
Wire Transfer Approval
Created by
Console Team
Published
Finance
NetSuite
Bill
Trigger
Wire >$10k requested
Instructions
#Trigger Form for recipient, amount, currency, bank details, purpose, cost center, urgency.
Anti-fraud checks:
#Custom Get Historical Wires to Recipient to compare bank details.
Out-of-band verification for new bank details:
#Custom Send Email Verification Request to a known vendor contact at a previously-verified address (NOT the email submitting the new details — BEC protection).
schedule_action wake at 24h for response.
Verification fails → #Send Channel Message to
#finance-fraud-logand reject.
Required docs:
#Trigger Form for PO, invoice, signed wire instructions.
Approval chain:
#Request Approval from controller.
#Request Approval from CFO (dual-signature).
For >$100k: also CEO.
On full approval:
Confirmation:
#Send Direct Message to requester.
#Send Channel Message to
#finance-wire-log.
schedule_action wake at 2 business days to confirm delivery.
#Leave Internal Note with full audit trail.
Wire Transfer Approval
Playbooks
/
Wire Transfer Approval
Wire Transfer Approval
Created by
Console Team
Published
Finance
NetSuite
Bill
Trigger
Wire >$10k requested
Instructions
#Trigger Form for recipient, amount, currency, bank details, purpose, cost center, urgency.
Anti-fraud checks:
#Custom Get Historical Wires to Recipient to compare bank details.
Out-of-band verification for new bank details:
#Custom Send Email Verification Request to a known vendor contact at a previously-verified address (NOT the email submitting the new details — BEC protection).
schedule_action wake at 24h for response.
Verification fails → #Send Channel Message to
#finance-fraud-logand reject.
Required docs:
#Trigger Form for PO, invoice, signed wire instructions.
Approval chain:
#Request Approval from controller.
#Request Approval from CFO (dual-signature).
For >$100k: also CEO.
On full approval:
Confirmation:
#Send Direct Message to requester.
#Send Channel Message to
#finance-wire-log.
schedule_action wake at 2 business days to confirm delivery.
#Leave Internal Note with full audit trail.
Wire Transfer Approval
Playbooks
/
Wire Transfer Approval
Wire Transfer Approval
Created by
Console Team
Published
Finance
NetSuite
Bill
Trigger
Wire >$10k requested
Instructions
#Trigger Form for recipient, amount, currency, bank details, purpose, cost center, urgency.
Anti-fraud checks:
#Custom Get Historical Wires to Recipient to compare bank details.
Out-of-band verification for new bank details:
#Custom Send Email Verification Request to a known vendor contact at a previously-verified address (NOT the email submitting the new details — BEC protection).
schedule_action wake at 24h for response.
Verification fails → #Send Channel Message to
#finance-fraud-logand reject.
Required docs:
#Trigger Form for PO, invoice, signed wire instructions.
Approval chain:
#Request Approval from controller.
#Request Approval from CFO (dual-signature).
For >$100k: also CEO.
On full approval:
Confirmation:
#Send Direct Message to requester.
#Send Channel Message to
#finance-wire-log.
schedule_action wake at 2 business days to confirm delivery.
#Leave Internal Note with full audit trail.
What would you do with more time?
Resources
What would you do with more time?
Resources
What would you do with more time?
Resources