Why n8n, and why now
n8n is an open-source workflow automation platform that runs on your own infrastructure — or ours, in the case of TruPoint’s hosted n8n instances. It’s similar to Zapier or Make, but with one critical difference: your data doesn’t leave your environment.
For Canadian SMBs in regulated industries, that distinction matters. Automating a workflow that touches employee data, client records, or financial information through a US-hosted SaaS tool creates a cross-border data flow that PIPEDA governs. Running it on a Canadian private cloud instance doesn’t.
Here are the five workflows we deploy most often for TruPoint clients.
1. Employee onboarding
What it does: When HR creates a new employee record, n8n triggers a chain: creates the M365 account with the correct license and group memberships, creates the Intune device enrollment token, sends the employee a welcome email with setup instructions, creates the NinjaOne asset record, and opens a service desk ticket for the TAM to review at 30/60/90 days.
Why it matters: Manual onboarding takes 2–4 hours per employee and creates gaps — the wrong license, a missed group, a device that never gets enrolled. The workflow runs in under 3 minutes and creates a full audit trail.
2. Employee offboarding
What it does: Triggered by HR or a manager, n8n revokes M365 access and license, blocks sign-in and invalidates all sessions in Entra, wipes or retires the Intune device, exports mailbox to a compliance archive, removes from all distribution lists, and closes the NinjaOne agent.
Why it matters: This is the most security-critical workflow we automate. Every hour between an employee’s last day and their account deactivation is an open window. Insurers score offboarding speed as a direct indicator of access control maturity.
3. Microsoft 365 hygiene monitor
What it does: Runs nightly and flags any M365 tenant condition that drifts from your hardened baseline — inactive accounts with active licenses, guest accounts older than 30 days, shared mailboxes without MFA, external sharing enabled on sensitive SharePoint sites.
Why it matters: M365 tenants drift. A new project creates a SharePoint site with external sharing on. A departing employee leaves their license active for 90 days. The hygiene monitor catches these before they become findings in an audit or an incident in a SOC alert.
4. Vendor risk intake
What it does: When a business unit wants to add a new SaaS tool, they fill out a simple form. n8n creates a vendor risk ticket, pings the vCISO (or the IT lead) to review the vendor’s SOC II report or security questionnaire, logs the decision in the ISMS, and adds the tool to the approved SaaS register if approved.
Why it matters: Shadow IT is the #1 source of data leakage in SMBs. Having a lightweight intake process — that takes the requester two minutes — routes all new tools through a review without creating bureaucratic friction.
5. SOC runbook bot
What it does: When the SOC SIEM fires a specific alert type (ransomware indicator, impossible travel, mass download), n8n looks up the alert type, fetches the matching runbook from the ISMS, and sends it to the on-call analyst via Teams with a pre-filled incident ticket. After the incident is closed, n8n logs the response time against the SLA.
Why it matters: Response speed under pressure depends on not having to search for the runbook. Getting the right playbook in front of the right person in under 30 seconds cuts mean time to contain — and creates the SLA evidence your insurer wants.
Marcus Chen is the Director of Service Delivery at TruPoint Technology. TruPoint’s n8n instances run on our Canadian private cloud at dc.trupoint.ca.