Admin Bot
Company:
Kalamazoo Valley Community College
Contributors:
Joshua Sprow
Christopher Laponsie
Nick Yahr
Description
Admin Bot is an internal identity lifecycle automation system designed to manage employee and student account provisioning, deprovisioning, group assignment, and access control across the institution’s technology ecosystem.
Built in Golang, the system integrates with Google Workspace, Azure, on-premises Active Directory, and Ellucian Banner to synchronize identity data across platforms. The system operates on a scheduled cron-based workflow, detecting new hires, terminations, enrollment changes, and role updates to automatically provision, update, or disable accounts accordingly.
Admin Bot assigns role and attribute based group memberships, including Microsoft licensing, course-based access for students, and instructional group assignments for faculty. By orchestrating identity updates across systems, it ensures cross-platform consistency while eliminating manual administrative processes.
All operations are logged and monitored through Grafana, providing audit visibility, traceability, and operational observability.
Contributions
Admin Bot was originally developed by a small team of engineers. I inherited the system when I joined at 2023 and have since assumed primary ownership and long-term maintenance responsibilities.
Since taking over, I have implemented several key enhancements to improve reliability and functionality. These include refactoring and updating the termination action logic to ensure consistent deprovisioning across integrated systems, implementing automated emeritus status handling for eligible personnel, and developing synchronization logic for the active student group used by other IT services to manage downstream access controls.
I have also updated and refined the provisioning workflows to improve consistency and reduce synchronization errors between Google Workspace, Azure, Active Directory, and Banner.
As the current active maintainer, I oversee ongoing development, monitoring (via Grafana), deployment, and operational stability of this production identity lifecycle system.