Origin
This came from a conversation between Pranay, one of our founders, and an IT manager at one of our customers. He asked us not to use his name. He said he'd been the Jordan in this story before he was the IT lead - and that the Friday 4:52pm email still makes him anxious.
The email arrives Friday at 4:52pm.
"Quick heads up - Jordan starts Monday! Super excited to have him on the team. Can you make sure everything is set up?"
You know what this email is. It's not a heads up. It's a starting gun.
Monday morning. Jordan is at his desk at 9am. Laptop set up. Email works. Slack is ready. He's in the onboarding doc. So far so good.
By 10am, Jordan's manager is in your DMs. "Hey - has Jordan been given access to Notion? He can't find the workspace."
You're already on it. You have seven tabs open. Jordan is third in the queue behind two access requests from last week: one from someone who changed roles and needs different Salesforce permissions, one from a contractor who needs GitHub access for a project that started two weeks ago.
You log into Notion's admin panel. Find the right workspace. Add Jordan. Set his role. Close the tab. Then Figma. Then Linear. GitHub (he's on the standard plan, no SCIM). Miro. Loom. The internal wiki engineering set up three years ago that IT inherited. The analytics dashboard. The design review tool someone in product adopted last quarter that you found out about when they asked you to add Jordan to it.
It's Wednesday. Jordan has most of his access. He's missing two tools he doesn't know he needs yet, which you'll find out about when his manager pings again.
This is not a slow IT team. This is a provisioning architecture that was never designed for what you're being asked to do.
Of the 107 applications in your environment, 23 are connected to your SSO. When you provision someone in Okta or Entra, those 23 apps get access automatically. That part works.
The other 84 - the ones on standard plans that don't include SCIM, the ones that predate your SSO, the ones teams adopted without going through IT - require a human to log into each admin panel, find the right role, create the account, and close the tab. One at a time.
A new hire who needs access to 30 applications will get 6 automatically. The other 24 are a queue.
At 10 to 15 minutes per application, that's 4 to 6 hours of IT time per new hire. For a company hiring five people a month, that's a full day of IT bandwidth every week, before any other tickets land.
There's a name for what's missing: birthright access.
The idea is simple. On Day 1, every new employee automatically receives every application their role requires. Not a queue someone has to work through. Access that exists before the first standup, because employment itself is the authorization.
Most companies don't have this. They have SSO for the apps that support it and a queue for everything else. The queue is IT's problem. The queue is why Jordan is waiting. The queue is why you have seven tabs open on a Monday morning.
When a new hire is still waiting for tools on Wednesday, it doesn't look like an architecture problem from the outside. It looks like IT is slow.
The manager thinks it. Sometimes they say it. Jordan doesn't know enough yet to know what's normal, but he notices. His first impression of how the company operates is formed in the first week. If that week involves chasing access, the impression is set.
This is not a you problem. The provisioning architecture doesn't cover 80% of the stack automatically, so someone has to cover it manually. That someone is you. And that's what's worth fixing.
Birthright access closes this. Not by making IT faster. By making the queue not exist.
HR marks Jordan as active in the HRIS. That trigger reaches every application his role requires: the 23 behind your SSO and the 84 that aren't. By the time Jordan opens his laptop, it's done. Notion, Figma, Linear, GitHub. All of it. No tabs. No queue. No DM at 10am.
IT didn't touch it. IT was working on something that actually required IT.
The new hire's first week is their first impression of the company. Make it one where everything works on Day 1, not because IT worked harder, but because the stack is finally, completely covered.
This is what birthright access looks like in practice. We'd show you how it works across your stack. No deck. Just the product.