A new hire starts Monday.
By Wednesday, still no access.
ChartPull's API and webhooks tell your systems who joined, who left, and who moved -- automatically. No more tickets. No more delays.
Same-day
Access provisioning (vs 4-day average)
100%
Offboarding compliance
Continuous
Security monitoring (vs quarterly audits)
New Hire Access -- Automatic
Someone joins the company on Monday. By Monday morning, they have Jira, Slack, GitHub, and the right permissions. You didn't lift a finger.
{
"type": "employee.created",
"data": {
"id": "user_8f3k2m",
"email": "jane.doe@acme.com",
"name": "Jane Doe",
"title": "Senior Engineer",
"department": "Engineering",
"manager": {
"id": "user_2x9p4n",
"email": "john.smith@acme.com",
"name": "John Smith"
}
},
"timestamp": "2026-02-23T09:15:00Z"
}Webhook fires the moment they appear
A new user shows up in Google Workspace. ChartPull fires an employee.created webhook instantly.
You know their team, their manager, their chain
The webhook body includes department, title, manager, and full reporting chain. Everything your automation needs.
Tools provision themselves
Your script reads "Engineering" and gives them Jira, the right Slack channels, and GitHub org access. Done.
Approval chains build themselves
Need a purchase approved? The /org-tree API knows the manager chain. Route it automatically.
Permission Audit
Your auditor asks: "Can you prove everyone's access matches their role?" With ChartPull, the answer is yes -- in minutes, not weeks. ChartPull's reporting and export features make compliance audits effortless.
GET /api/v1/org-tree?root=user_cto&depth=10
// Returns all employees under the CTO
// Cross-reference with your IAM system
// Flag any permission mismatchesPull everyone under a leader
GET /api/v1/org-tree returns all direct and indirect reports under any leader. The CTO, the VP of Eng, anyone.
Compare against your IAM
Stack the org tree next to your identity provider roles, AWS IAM policies, or GCP permissions. See what doesn't match.
Catch the mismatches
The intern with production access. The ex-contractor who still has a login. You'll find them.
Export a compliance-ready report
Export the results as a CSV. Hand it to your SOC 2 auditor. Done before lunch.
Offboarding Automation
Someone leaves. Their access needs to be revoked everywhere -- Slack, GitHub, AWS, email. Manually? That takes a day. With webhooks? Instant.
{
"type": "employee.deleted",
"data": {
"id": "user_7k2m9p",
"email": "departed@acme.com",
"name": "Alex Rivera",
"department": "Marketing",
"manager": {
"id": "user_3n8f2k",
"name": "Sarah Chen"
}
}
}Webhook fires when they're removed
The moment someone is removed from the Google Workspace directory, ChartPull sends an employee.deleted webhook.
SSO sessions killed instantly
Active sessions across every connected app -- terminated. No waiting for tokens to expire.
Licenses and access revoked
SaaS licenses released. GitHub org membership removed. Cloud accounts deactivated. All automatic.
Email archived, Drive transferred
Trigger email archival, transfer Google Drive ownership to their manager, and create the offboarding record.
SSO Integration
Your team already logs in through Okta or Azure AD. ChartPull fits right into that flow. No new passwords. No new training.
Standard SAML 2.0 metadata
ChartPull exposes a SAML metadata URL. Copy it into your identity provider. That's the setup.
Works with what you already use
Okta, Azure AD, Google Workspace, OneLogin -- any SAML 2.0 provider. No special configuration.
Users sign in the way they already do
Same login flow they use for everything else. No separate account. No password to forget.
Your policies, enforced
MFA, conditional access, session timeout -- whatever you've set up in your IdP applies to ChartPull automatically.
Stop provisioning manually
15 REST endpoints. Real-time webhooks. SAML 2.0 SSO. Your org data, piped into the tools you already use.