Security Access Review
Reviews who has access to what across your identity provider, flags dormant accounts and risky permissions, prepares an approval-ready removal list, and keeps an audit log — recommend-only, never auto-revokes.
About this agent
Stale access is the breach you don't see coming.
The admin who left six months ago but still has an account. The contractor with billing rights nobody remembers granting. The privileged login with no MFA. Access quietly accumulates, and on a small team there's never a free afternoon to go clean it up — until an audit, an incident, or a close call forces the question.
This worker answers that question on a schedule, so you never have to set the afternoon aside. It reads your full user roster from WorkOS, Supabase Auth, Stytch, or Google Workspace, measures dormancy by real last-login data, resolves the permissions people actually have (including the ones inherited through groups), and ranks every finding by severity with the evidence attached. Then it hands you an approval-ready removal list where each line is a single yes-or-no decision.
It is recommend-only by design. It never revokes, disables, or changes a single account — it prepares the list, protects your break-glass and service accounts, logs every recommendation to an immutable audit trail, and lets you pull the trigger. Least privilege, on autopilot, without ever locking you out.
Connects to: WorkOS / Supabase Auth / Stytch / Google Workspace · Google Sheets (optional audit log)
What it runs for you
Automations that run on a schedule or when something happens, so you don't have to lift a finger.