One IT Agent — Architecture
Zennify IT · Last updated 2026-04-10
Triggers
Manual
Phase 1 — active now
Scheduled
Phase 2 — Cowork, 30 min
Webhook
Phase 3 — Jira events
Self-service
Phase 4 — Slack form
Data sources
ZENIT
IT Central — service desk
ZHR
HR — onboarding/offboarding
Ziggy — master orchestrator
1 → Scan ZENIT + ZHR (JQL)
2 → Classify into 19 categories
3 → Dispatch or execute directly
4 → Jira comment + Slack summary
Idempotency check on every ticket · never stops on single failure
Connectors
Atlassian MCP
Okta MCP
Zapier (Google, SF, webhooks)
Slack connector
Dispatch paths
Sub-agents
Contractor onboarding
Okta → SF PSA → Slack
Contractor offboarding
Deactivate + Google suspend
Employee onboarding
ZHR FTE flow
Employee offboarding
14-day grace, Drive transfer
Jira provisioner
Project + Confluence + groups
Jira client access
External client provisioning
Okta reset
Password / MFA / unlock
Software access
Okta groups + manual flag
Direct actions
VPN (NordLayer via Okta group)
Slack admin (channel rename/owner)
Google Workspace
Jira/Confluence internal access
Claude license + support
Salesforce PSA / timecard
Human escalation
Hardware → Smadatek
Sales support → Sales Ops
M365 → manual
AWS → manual
Unknown → Jesse Barker
Outputs (after every run)
Jira comment
On every ticket touched
#one-it-agent-activity
Slack summary after every run
Run log
Google Sheets — Phase 2
Orchestrator
Built sub-agent
Connector
Data source
Direct action
Escalation
Future phase
Phase 1 — current
Manual trigger + core automation
Manual "run IT agent" trigger via Claude.ai
Scan ZENIT + ZHR, classify 19 categories
Direct actions: VPN, Slack admin, Google Workspace, Jira internal access, Claude license
Sub-agents: contractor onboarding/offboarding, employee onboarding/offboarding, Jira provisioner, Jira client access, Okta reset, software access
Jira comments + Slack run summary after every run
Idempotency check — skip already-processed tickets
Dry run validated against live ZENIT tickets (2026-04-07)
Phase 2 — next up
Scheduled runs + infrastructure
Cowork scheduled trigger — every 30 min, Mon–Fri 7am–6pm MT
Google Workspace sub-agent (Shared Drive, Groups, Voice)
Run log → Google Sheets via Zapier webhook
Service account migration (zennai-agent@zennify.com)
Phase 3 — future
Event-driven architecture
Jira webhook on ticket creation fires orchestrator instantly
Zapier / n8n → Claude API → single-ticket processing
Real-time Slack notification on ticket creation
Auto-assignment of ZENIT tickets to the agent
License audit sub-agent — periodic unused license scan
VPN provisioning sub-agent (if NordLayer API available)
Phase 4 — future
Self-service portal
Slack Workflow Builder form as primary intake
Form auto-creates ZENIT ticket + fires agent immediately
"I need access to X" → form → done in under 1 min
Eliminates manual Jira ticket creation for common requests
Dedicated Slack bot app (replaces personal OAuth)
Dedicated service accounts for Jira, Slack, Salesforce
Current and planned agents in the Ziggy network.
Z
Ziggy
Master orchestrator
Active — Phase 1
Scans ZENIT + ZHR for open tickets, classifies each into one of 19 categories, dispatches to sub-agents or executes direct actions, posts Jira comments and a Slack run summary after every run. Idempotency-checked on every ticket.
CO
Contractor onboarding
ZHR — vContractor = true
Built
Okta user creation → Salesforce PSA setup → Slack channel invites → Jira comment
CF
Contractor offboarding
ZHR — External Contractor, due ≤ today
Built
Okta deactivate → Google Workspace suspend → Salesforce PSA cleanup
EO
Employee offboarding
ZHR — FTE, due ≤ today
Built
14-day grace period, email forwarding, Google Drive transfer before Okta deactivation
JP
Jira provisioner
ZENIT — JIRA_PROJECT_SETUP
Built
Full Jira project + Confluence space creation with client groups and role-based permissions
JC
Jira client access
ZENIT — JIRA_CLIENT_ACCESS
Built
Atlassian invite → client group lookup/create → role assignment → Browse Users group → Confluence guest
EI
Employee onboarding
ZHR — vContractor ≠ true
Built
FTE onboarding — Okta user (staged), Google Workspace, Employees group, standard app provisioning, hardware request
OR
Okta reset
ZENIT — OKTA_RESET
Built
Password reset, MFA factor reset, and account unlock via Okta API. Supports locked-out, expired-password, and new-device scenarios.
SA
Software access
ZENIT — SOFTWARE_ACCESS
Built
Okta group assignment for 9 managed apps, manual-flag for 6 non-Okta apps. Multi-user and multi-app ticket support. Escalates to #ziggy when manual action needed.
Phase 2–3 planned agents: Google Workspace agent · License audit agent · VPN provisioning agent