| --- |
| title: Employee Offboarding Security Agent |
| emoji: π |
| colorFrom: red |
| colorTo: indigo |
| sdk: gradio |
| sdk_version: 5.9.1 |
| app_file: app.py |
| pinned: false |
| license: mit |
| short_description: Automated offboarding with zero-touch security revocation |
| python_version: "3.10" |
| --- |
| |
| # π Employee Offboarding Security Agent |
|
|
| > π **[Live n8n Workflow](https://aravind5.app.n8n.cloud/workflow/4RedIMdEj6sEOk0P)** |
|
|
| An n8n-powered automation agent that handles the full employee offboarding lifecycle β revoking access, transferring files, generating audit reports, and notifying compliance teams β with zero manual steps. |
|
|
| ## What It Does |
|
|
| HR triggers offboarding for a departing employee and the agent automatically: |
|
|
| 1. **Revokes Google Workspace access** β suspends the account and blocks sign-in |
| 2. **Deactivates Slack account** β removes from all channels and workspaces |
| 3. **Removes GitHub org membership** β revokes repos, teams, and SSH keys |
| 4. **Transfers Google Drive files** β moves all files to the manager's Drive |
| 5. **Generates an offboarding audit report** β full timeline with compliance flags |
| 6. **Sends compliance confirmation email** β notifies IT Security and Legal teams |
|
|
| ## n8n Workflow Architecture |
|
|
| ```mermaid |
| flowchart TD |
| A[HR Trigger\nWebhook / Form] --> B[Validate Employee\nData] |
| B --> C{Risk Level\nAssessment} |
| C -->|HIGH| D[Immediate\nRevocation] |
| C -->|MEDIUM| E[Scheduled\nRevocation] |
| C -->|LOW| F[Standard\nOffboarding] |
| D --> G[Google Workspace\nSuspend Account] |
| E --> G |
| F --> G |
| G --> H[Slack\nDeactivate User] |
| H --> I[GitHub\nRemove from Org] |
| I --> J[Google Drive\nTransfer Files to Manager] |
| J --> K[Additional Systems\nSalesforce / Jira / AWS / Figma] |
| K --> L[Generate\nAudit Report] |
| L --> M[Send Email\nIT Security] |
| L --> N[Send Email\nLegal / Compliance] |
| M --> O[Log to\nCompliance Database] |
| N --> O |
| O --> P[Offboarding\nComplete β
] |
| ``` |
|
|
| ## Setup Instructions |
|
|
| ### 1. Clone or fork this Space |
|
|
| ```bash |
| git clone https://huggingface.co/spaces/your-username/employee-offboarding-security-agent |
| cd employee-offboarding-security-agent |
| ``` |
|
|
| ### 2. Install dependencies |
|
|
| ```bash |
| pip install -r requirements.txt |
| ``` |
|
|
| ### 3. Configure Secrets |
|
|
| In your Hugging Face Space settings, add the following secret: |
|
|
| | Secret Name | Description | Required | |
| |---|---|---| |
| | `OPENAI_API_KEY` | OpenAI API key for GPT-4o-mini | Yes (for Tab 2) | |
|
|
| Navigate to: **Space Settings β Variables and Secrets β New Secret** |
|
|
| ### 4. Run locally |
|
|
| ```bash |
| python app.py |
| ``` |
|
|
| ### 5. Deploy to HF Spaces |
|
|
| Push to your Space repository β it will build and deploy automatically. |
|
|
| ## n8n Integration |
|
|
| To connect this UI to a real n8n workflow: |
|
|
| 1. Import the offboarding workflow JSON into your n8n instance |
| 2. Configure credentials: Google Workspace, Slack, GitHub, SMTP |
| 3. Set the webhook URL in the `N8N_WEBHOOK_URL` environment variable |
| 4. The "Run Offboarding" tab will POST to your n8n webhook |
|
|
| ## Supported Systems |
|
|
| | System | Action | |
| |---|---| |
| | Google Workspace | Suspend account, revoke OAuth tokens | |
| | Slack | Deactivate user, remove from channels | |
| | GitHub | Remove org membership, revoke SSH keys | |
| | Google Drive | Transfer all files to manager | |
| | Salesforce | Reassign opportunities and contacts | |
| | Jira | Reassign open tickets | |
| | AWS | Deactivate IAM user, revoke access keys | |
| | Figma | Remove from org and projects | |
| | Notion | Remove workspace membership | |
|
|
| ## Compliance Features |
|
|
| - **SOX compliance** audit logging for Finance department employees |
| - **GDPR data handling** documentation for all offboardings |
| - **Elevated security** protocol for admin and C-suite departures |
| - **CRM handoff** for Sales and Customer Success roles |
| - Full **immutable audit trail** with timestamps |
|
|
| ## License |
|
|
| MIT |
|
|