RSystems
Case Studies

AI Operations

Operationalizing AI Across Every Department

How RSystems deployed Claude at every level of the business — with the identity, governance, and architecture to do it safely

RSystems NYC (internal)AI & AutomationIdentity & AccessGovernanceMCP ArchitectureAgentic AI

At a Glance

Client
RSystems NYC (internal)
Problem
Move beyond using AI as a chat assistant to deploying it as a genuine operational layer across the business — able to act inside real systems, automate real work, and do it all under the same identity and governance controls that protect everything else.
Approach
A structured Claude rollout built on managed identity, least-privilege role-based access, custom MCP servers, and full audit governance through the JumpCloud AI Gateway.
Outcome
AI agents that operate across the business's systems through natural language — authenticated, permissioned, and audited like any other user — automating work and augmenting the team across every department.

The Opportunity

Beyond the chat window

Most organizations' experience with AI stops at the chat window: a person types a question, gets an answer, and copies the result somewhere useful. That's valuable, but it's a fraction of what's possible. The larger opportunity is to let AI act — to read from and write to the actual systems a business runs on, and to automate or assist with the work that today requires a human to log in, click through, and carry data from one place to another.

The obstacle isn't the AI's capability. It's everything around it: identity, permissions, security, and governance. An agent that can act inside your business systems is only safe if it's subject to the same controls as a human employee — authenticated through your identity provider, scoped to only what it should access, and audited so every action is attributable. Without that scaffolding, agentic AI is a liability. With it, it's a genuine operational capability.

We built the scaffolding first, then rolled out the agents. This is how.

Identity

Agents are users too

The foundation of the entire rollout is a simple principle: an AI agent is treated as a managed identity, exactly like a person.

Each agent is a JumpCloud user. It has its own identity, its own role-based access controls at Google, Microsoft, and the other platforms it touches, and its own scoped permissions — granted and revoked centrally, the same way we manage human staff. Every agent is provisioned according to the principle of least privilege: it gets access to exactly what it needs to do its job and nothing more. An agent responsible for documentation has access to the documentation systems and nothing else. An agent that handles invoicing is permissioned for the accounting platform, not HR records. Because these are real managed identities, every action an agent takes is attributable to that identity, and access can be revoked instantly if anything looks wrong.

This is the difference between "we gave the AI an API key" and "we onboarded the AI like an employee." The second is governable. The first is a breach waiting to happen.

Governance

Every action audited

All of the agents' access to business systems is routed through the JumpCloud AI Gateway, which gives us centralized auditing and governance over what the agents are doing.

Every connection, every tool call, every action flows through a single governed path where it can be logged, reviewed, and controlled. AI activity across the business isn't a black box — it's a reviewable audit trail. For any organization that has to answer questions about who, or what, accessed a system and when, this is the control that makes agentic AI defensible rather than reckless.

Architecture

Custom MCPs as the connective tissue

What lets the agents actually do things is a set of custom MCP servers — the standardized way modern AI models connect to external tools and systems.

We host these at mcp.rsystems.nyc, with a dedicated endpoint for each tool and system the agents work with. Each MCP server is backed by OAuth, authenticated through JumpCloud OIDC — so when an agent connects to a system, it does so with proper, revocable, identity-bound authorization, not a static credential buried in a config file. The MCP layer translates an agent's natural-language intent into real, authenticated actions inside real systems.

The result is that the entire business becomes addressable in natural language. Instead of a person logging into a monitoring dashboard, an accounting system, or a network controller, an agent can be asked — in plain language — to check, retrieve, analyze, or act, carrying that request through the MCP layer into the live system under its own governed identity.

In Practice

What the agents do, across every department

With identity, governance, and connectivity in place, the agents take on work across the business. These capabilities are at varying stages — some live in production, others in active development or QA — but all are built on the same governed foundation:

  • Time tracking — capturing and recording time against work without manual entry.
  • Documentation — generating and maintaining technical and operational documentation that historically went stale because no one had time to keep it current.
  • Network analysis and troubleshooting — querying network monitoring systems in natural language, surfacing issues, and assisting with diagnosis.
  • Monitoring — watching systems and surfacing what matters to a human operator, augmenting the team rather than replacing the human in the loop.
  • Sales and marketing — supporting outreach, content, and pipeline work.
  • Invoicing and accounting — moving financial data through the systems that handle it, reducing manual reconciliation and entry.
  • HR and compliance — assisting with the recurring administrative and compliance work that consumes staff time.

In each case the pattern is the same: work that used to require a human to log in and operate a system can now be initiated in natural language and carried out — or accelerated — by an agent operating under its own permissioned, audited identity.

The Throughline

The same foundation built our website

This same approach built our own website. The RSystems site was developed using Claude Code, the agentic coding environment, on infrastructure connected to the same identity backbone — a story we tell in detail in its own case study.

AI, deployed properly, isn't a single tool. It's a capability that — once you've built the identity, governance, and connective architecture — extends across everything from how you build your website to how you run your back office.

Outcomes

What we built.

  • AI agents provisioned as managed JumpCloud identities, with least-privilege RBAC across Google, Microsoft, and other platforms
  • Centralized auditing and governance of all agent activity via the JumpCloud AI Gateway
  • Custom MCP servers hosted at mcp.rsystems.nyc, one per tool/system
  • OAuth-backed MCP authentication via JumpCloud OIDC — identity-bound, revocable authorization, no static credentials
  • Natural-language operation across business systems through the MCP layer
  • Agentic automation and augmentation (live and in active development) across time tracking, documentation, network troubleshooting, monitoring, sales and marketing, invoicing and accounting, and HR/compliance
  • The RSystems website itself, built with Claude Code on the same identity backbone

Thinking about AI for your organization?

Rolling out AI across a business takes more than a subscription — it takes the identity, governance, and architecture to do it safely. It's exactly the kind of work we do. If you're looking to operationalize AI across your organization, we can help.

Let's Talk