User Onboarding
Provision new team members across multiple services: Google Workspace (email), Slack, Linear, and GitHub.
Prerequisites
Google Workspace (GAM)
Verify GAM is installed and authenticated:
export PATH="$HOME/bin/gamadv-xtd3:$PATH" gam version gam info domain
If GAM is not installed:
bash <(curl -s -S -L https://raw.githubusercontent.com/taers232c/GAMADV-XTD3/master/src/gam-install.sh) gam oauth create
Slack
Slack invite requires manual action via the admin console (automated invites require Enterprise Grid plan).
The skill will open the Slack invite page using browser automation tools if available.
Linear
Linear user invites are done via the team settings page using browser automation.
Linear workspace: https://linear.app/certiv/settings/members
GitHub
GitHub organization invites use the gh CLI tool.
Verify gh CLI is installed and authenticated:
gh auth status gh org list
If not authenticated:
gh auth login
GitHub organization: Certiv-ai
Workflow
Step 1: Gather User Information
Ask the user for (use AskUserQuestion tool):
Required:
- •First name
- •Last name
- •Username (used for email and Slack)
- •Personal email (for sending onboarding credentials)
Optional:
- •Organizational unit (Google Workspace)
- •Google groups to add
- •Slack channels to add
Step 2: Parse Arguments
If arguments are provided in format "First Last as username":
- •Extract first name, last name, and username
- •Example: "Paul Szabo as szabop" → First: Paul, Last: Szabo, Username: szabop
Step 3: Provision Google Workspace
Check if user exists
export PATH="$HOME/bin/gamadv-xtd3:$PATH" gam info user <username>@<domain> 2>&1
Generate password
openssl rand -base64 12
Create user
export PATH="$HOME/bin/gamadv-xtd3:$PATH" gam create user <username>@<domain> \ firstname "<first_name>" \ lastname "<last_name>" \ password "<password>" \ changepassword on \ org "<ou_path>"
Add to groups (if specified)
export PATH="$HOME/bin/gamadv-xtd3:$PATH" gam update group <group@domain> add member <username>@<domain>
Step 4: Provision Slack
Slack API invites require Enterprise Grid plan. For Pro/Free plans, use browser automation or manual invite.
Method A: Browser Automation (Preferred)
Use the Claude-in-Chrome MCP tools to automate the invite:
- •Open the Slack invite page:
mcp__claude-in-chrome__navigate to https://certiv-workspace.slack.com/admin/invites
- •
Fill in the email field and submit the invite form
- •
Confirm the invite was sent
Method B: Manual Invite
If browser automation is unavailable, provide the user with instructions:
Slack Invite Required:
- •Open: https://certiv-workspace.slack.com/admin/invites
- •Enter email: <email>
- •Click "Send"
Or use invite link if workspace has one enabled.
Step 5: Provision Linear
Linear workspace invites require manual action through the app.
Invite Steps
- •Open Linear and press
Cmd+K(orCtrl+K) to open command palette - •Type "invite" and select "Invite people to workspace"
- •Enter the user's email address:
<username>@certiv.ai - •Select role: Member
- •Click "Send invites"
Alternative:
- •Go to Linear → Workspace menu (top left) → Settings → General → Members
- •Or navigate directly: https://linear.app/certiv/settings/teams/CER/members
Note: The new user must first be invited to the WORKSPACE before they can be added to specific teams. Once they accept the invite, they'll appear in the team members list.
Step 6: Provision GitHub
Invite the user to the GitHub organization using the gh CLI.
Check Authentication
gh auth status
Invite to Organization
gh api orgs/Certiv-ai/invitations -X POST -f email="<username>@certiv.ai" -f role=direct_member
Roles available:
- •
direct_member- Regular member (default) - •
admin- Organization administrator - •
billing_manager- Billing manager only
Alternative: Browser Method
If the gh CLI is not available or the API call fails:
- •Open: https://github.com/orgs/Certiv-ai/people
- •Click "Invite member"
- •Enter email:
<username>@certiv.ai - •Select role: Member
- •Click "Send invitation"
Verify Invitation Sent
gh api orgs/Certiv-ai/invitations --jq '.[].email'
Step 7: Send Welcome Email
Send a welcome email to the new user's personal email with their onboarding information.
Important: Send to personal email, not Certiv email - they need the password to access their Certiv account!
Using GAM (Preferred)
export PATH="$HOME/bin/gamadv-xtd3:$PATH" gam sendemail <personal_email> subject "Welcome to Certiv - Your Account Information" message " Hi <first_name>, Welcome to Certiv! Your accounts have been created and you're ready to get started. === YOUR ACCOUNTS === 📧 EMAIL Address: <username>@certiv.ai Temporary Password: <password> Sign in: https://mail.google.com ⚠️ You must change your password on first login 💬 SLACK Workspace: certiv-workspace.slack.com Check your email for an invitation to join 📋 LINEAR (Project Management) Check your email for an invitation to join URL: https://linear.app/certiv 🐙 GITHUB Check your email for an invitation to join Organization: https://github.com/Certiv-ai === GETTING STARTED === 1. Sign into Google (mail.google.com) with your new email and temporary password 2. Change your password when prompted 3. Accept the Slack invitation from your email 4. Accept the Linear invitation from your email 5. Accept the GitHub invitation from your email 6. Set up 2-factor authentication for all accounts === NEED HELP? === If you have any questions or issues, reach out to IT support. Welcome aboard! "
Using Google Workspace MCP Tools (Alternative)
If the mcp__google_workspace__send_gmail_message tool is available:
mcp__google_workspace__send_gmail_message user_google_email: "admin@certiv.ai" to: "<personal_email>" subject: "Welcome to Certiv - Your Account Information" body: [welcome message content]
Email Template Variables
Replace these placeholders in the email:
- •
<personal_email>- The user's personal email address - •
<username>- The user's username (e.g., szabop) - •
<first_name>- The user's first name - •
<password>- The temporary password generated earlier
Step 8: Summary Report
Provide a comprehensive summary:
## User Onboarded Successfully ### Google Workspace | Field | Value | |-------|-------| | Email | username@certiv.ai | | Name | First Last | | Temporary Password | `[password]` | | Groups | group1, group2 | ### Slack | Field | Value | |-------|-------| | Invite sent to | username@certiv.ai | | Status | Pending acceptance | ### Linear | Field | Value | |-------|-------| | Invite sent to | username@certiv.ai | | Role | Member | | Status | Pending acceptance | ### GitHub | Field | Value | |-------|-------| | Organization | Certiv-ai | | Invite sent to | username@certiv.ai | | Role | direct_member | | Status | Pending acceptance | ### Welcome Email | Field | Value | |-------|-------| | Sent to | personal@email.com (personal email) | | Contains | Account credentials, setup instructions | ### Next Steps for User 1. Check email for welcome message with credentials 2. Sign into Google and change password 3. Accept Slack invite from email 4. Accept Linear invite from email 5. Accept GitHub invite from email 6. Set up 2-factor authentication
Quick Commands Reference
Google Workspace
export PATH="$HOME/bin/gamadv-xtd3:$PATH" # List users gam print users # User info gam info user <email> # Reset password gam update user <email> password "$(openssl rand -base64 12)" changepassword on # List groups gam print groups # Add to group gam update group <group> add member <email>
Slack
Slack invite page: https://certiv-workspace.slack.com/admin/invites
Note: Automated Slack invites via API require Enterprise Grid plan. Pro/Free plans must use the admin console.
Linear
Invite via command palette: Cmd+K → type "invite" → "Invite people to workspace"
Team members page: https://linear.app/certiv/settings/teams/CER/members
Note: Users must first be invited to the workspace before they can be added to teams. Use
Cmd+Kand search for "invite" to find the invite dialog.
GitHub
# Check auth status
gh auth status
# Invite user to organization
gh api orgs/Certiv-ai/invitations -X POST -f email="user@certiv.ai" -f role=direct_member
# List pending invitations
gh api orgs/Certiv-ai/invitations --jq '.[].email'
# List organization members
gh api orgs/Certiv-ai/members --jq '.[].login'
# Remove a pending invitation (if needed)
gh api orgs/Certiv-ai/invitations/{invitation_id} -X DELETE
Organization members page: https://github.com/orgs/Certiv-ai/people
Error Handling
Google Workspace Errors
- •"User already exists": Offer to update or choose different username
- •"Invalid org unit": List available OUs with
gam print orgs - •"Authentication error": Run
gam oauth create
Security Notes
- •Never display passwords in final output (show once, then redact)
- •Use
changepassword onto force Google password change on first login