All use cases
Agentic

IT Access Review Agent

An agent reviews access requests against role and policy, approves routine ones under set guardrails, and routes ambiguous cases to a human with reasoning.

OktaServiceNowHuman-in-the-Loop

The problem

Access requests pile up in ITSM queues while IT admins context-switch between them. Most requests are routine and policy already has an answer, but a human still has to look at each one. Meanwhile the ambiguous requests, the ones that actually carry risk, get the same rushed treatment as the rest.

How it runs on Neblex

Access requests arrive from ServiceNow through a webhook and land with the agent as a judgment step inside a deterministic flow. The agent reads the request, looks up the requester role and current entitlements through the Okta connector, and checks the request against your access policy kept in Data Tables. Requests that clearly match policy are granted through Okta, with every action logged.

Anything ambiguous routes to a human instead. The reviewer sees the request, the policy check, and the agent reasoning in a task inbox with SLA timers and escalation, and approves or rejects with one decision. You choose which request types the agent may handle under guardrails and which always require sign-off, and sensitive grants can require approval without exception.

Every grant, rejection, and escalation is written to a tamper-evident hash-chained audit trail, giving auditors a complete record of who approved what and why. Role-based access controls who can change the policy tables or the agent itself, and SSO, SCIM, and 2FA govern access to the platform.

Step by step

1

Request enters the queue

A ServiceNow webhook hands each access request to the flow.

2

Agent checks policy

The agent compares the request against role definitions and policy rules in Data Tables, reading current state from Okta.

3

Routine requests are granted

Requests that clearly match policy are provisioned through Okta and logged.

4

Ambiguous requests escalate

Uncertain or sensitive requests route to a reviewer with the agent reasoning attached.

5

Human decides

The reviewer approves or rejects from the task inbox, with SLA timers and escalation keeping requests moving.

6

Tickets close with a trail

ServiceNow is updated and the full decision history sits in the hash-chained audit trail.

Platform capabilities used

  • Human-in-the-loop approvals with SLA timers
  • Okta and ServiceNow connectors as tools
  • Data Tables for access policy
  • Hash-chained audit trail
  • Role-based access control
  • Agent inside a deterministic flow

Common questions

Is it safe to let an agent grant access?

The agent only acts inside the guardrails you set. You define which request types it may handle under policy, everything else requires human approval before execution, and every grant is recorded in a tamper-evident hash-chained audit trail that auditors can verify.

What does the reviewer actually see?

The original request, the policy check, and the reasoning behind the agent recommendation, all in one approval task. Approvals live in a task inbox with SLA timers and escalation so requests do not stall.

Can this run inside our network?

Yes. On-Prem Workers run inside your network over an outbound-only connection, so the agent can reach internal systems without opening inbound firewall holes. You can also point the agent at self-hosted models on your own infrastructure.

Want this running on your stack?

Neblex Integration Fabric is in beta: full platform, free while in beta. Bring this workflow and we will map it to your systems.