Field notes from customer deployments. What the platform-ops FTE actually does week to week, how many hours it takes at 200, 500, 1500, and 5000 seats, and the three signals you're under-staffed.
Publisher disclosure: This site is published by ASCENDING, which builds Jarvis AI — a competing platform. The hours-per-week ranges below come from customer-program conversations we ran through 2025-2026 with both Glean customers and customers running other AI-search platforms. Where the pattern is the same across vendors, I've said so.
The first Glean deployment I sat in on, the customer was a 1,400-person SaaS company. The order form had been signed for six weeks. They had a CSM, a deployment guide, and a Slack channel with their AE. What they didn't have, and hadn't been told they needed, was a person on their side whose calendar had time on it. Not "an owner." A person with hours. By month four they were running an unofficial 0.6 FTE on it, pulled out of IT operations, no role change, no headcount approval. The connector queue was three weeks deep. Access-request tickets piled up in a separate Jira board nobody outside IT could see. Governance reviews were "we'll get to it." The platform worked. The platform was also held together by one tired person, on the side of the desk that wasn't their actual job. That's the role this article is about. Every deployment I've seen since has run into the same gap in roughly the same shape.
The admin role nobody quotes
Platform admin work for a knowledge-search system is the running cost of keeping connectors healthy, access correct, content classification current, and the model-output review loop staffed. None of it appears as a line item on the Glean order form, and very little of it appears in the deployment-services SOW either. Glean's sales motion bills the deployment as configuration: set up the connectors, point the index at SharePoint, train the team, ship it. What it actually requires, post-deployment, is somewhere between 10 hours a week and four full-time engineers depending on org size, and the gap between those two numbers is where most business cases either survive or collapse. The cost line that should appear in the TCO model usually doesn't, because the AE building the proposal isn't the person who'll do the work. The work falls to IT operations by default, then becomes a named role around 500 seats, then becomes a small platform team past 1500. None of that is on the order form.
The fully-loaded cost is real. A platform admin in this segment runs $100,000-$150,000 base plus benefits in the US, more on either coast. Burden the salary at the standard 1.3-1.4x and you're somewhere between $130,000 and $210,000 annually per FTE. That number belongs in the Glean business case, and it usually isn't there.
What the role actually does week to week
I keep a running list from customer conversations. The work splits into five categories, and the ratio shifts by org size, but the categories are stable.
Connector maintenance. Glean's connector catalog is one of the better ones in the segment — Confluence, SharePoint, Slack, Salesforce, Jira, Google Drive, Box, the long tail. Connectors break. Permissions models drift. A new Slack workspace gets added in a regional office and isn't connected. SharePoint's permissions inheritance gets reconfigured during an O365 migration and your access-control map goes stale overnight. Somebody has to notice. Somebody has to fix it.
Access provisioning and de-provisioning. New hires get added. Departures need to be de-provisioned, ideally on the same day as their Workday termination — and somebody has to verify it ran. Role changes propagate from HR systems, except when they don't. We've seen six-month-old terminations still showing up in Glean access logs at customers who thought their identity sync was clean.
Governance review. This is the category that grows fastest as you climb the seat tiers. Reviewing what the model surfaces. Auditing for sensitive-document exposure. Maintaining the redaction rules. Triaging when a user flags a bad answer. At 200 seats this is mostly ad hoc — somebody peeks at the logs once a week. At 5,000 seats it's a recurring meeting with a documented agenda and a separate part-time governance reviewer.
Content classification tuning. Glean's ranking is signal-driven, and you have to feed the signal. Promote the canonical doc when there are seven copies of the same policy in three SharePoint sites. De-prioritize the 2019 wiki page that keeps surfacing instead of the 2024 one. Mark the four engineering blog posts as the right answer for the question everyone keeps asking. This is editorial work disguised as platform work, and it never stops.
Model-output review. When the agent surface launches, and at most Glean customers in 2026 it has, somebody owns the pre-execution policy review. Which tool calls are allowed for which agents. What gets logged. Who reviews the failures. This is where the role overlaps with security and where it stops being purely IT.
Staffing model by org size
Here's the pattern I've seen, across both Glean deployments and other comparably-sized AI-search platforms. The numbers are not vendor-specific — they're a function of the work, not the brand.
| Org size (seats) | Hours/week | FTE | Annual cost (fully-loaded) | Where the work goes |
|---|---|---|---|---|
| ~200 | 10-15 hrs | 0.25-0.4 FTE | $35K-$80K | IT generalist, no dedicated owner |
| ~500 | 20-30 hrs | 0.5-0.75 FTE | $75K-$160K | Dedicated part-time admin; one named owner |
| ~1500 | 50-65 hrs | 1.25-1.5 FTE + part-time governance | $200K-$310K | One FTE platform admin, ~0.25 FTE governance reviewer |
| ~5000 | 130-160 hrs | 3-4 FTE platform team + part-time legal/governance | $475K-$840K | Small platform team; legal/compliance involvement |
A few notes on the rows.
At 200 seats, there's no dedicated FTE. The work falls to an IT generalist who already has six other systems on their plate. Connector breaks get noticed when somebody complains. Access reviews happen quarterly if at all. This is fine — until it isn't. The signals that you've outgrown the model are in the next section.
At 500 seats, you cross the threshold where a dedicated half-time owner becomes cheaper than the alternative. The alternative is unattributed-time-pulled-from-IT-ops, which shows up nowhere on the org chart and burns the most senior infrastructure engineer's capacity. Customers who name an owner at 500 seats run smoother deployments; customers who don't run deployments that look smooth until the first compliance event.
At 1500 seats, the governance review work has grown large enough that the platform admin can no longer do both. Bring in a part-time reviewer for the policy and redaction queue, frequently from legal-operations, sometimes from security. The FTE math hardens.
At 5000 seats, you're running a platform. Three to four engineers, a connector engineer, a governance reviewer, and a thread into legal and security. This is not optional. We've seen 5000-seat deployments held together by 1.5 FTE for a year and the deferred work bill always comes due — usually in the form of a connector security incident, an access-control finding, or a model-output dispute that escalates to general counsel.
Three signals you're under-staffed
The hours model above is a target, not a guarantee. You can tell whether you're hitting it by watching three signals.
Connector incidents resolved slower than your SLA. If your help-desk has a 48-hour SLA for connector issues and the median time-to-resolve on Glean-tagged tickets is 5-7 days, you're under-staffed. Connector breaks compound — every day a connector is down is a day of bad answers, lost search signal, and users routing around the platform.
Access-review cadence drifting past quarterly. Most compliance regimes (SOC 2, ISO 27001, HITRUST) expect access reviews on at least a quarterly cadence. If your last documented access review was six months ago, the missing reviews aren't going to be caught at the next audit — they're going to be caught at the audit after the next one, and they'll be findings.
Model-output complaints sitting in a separate inbox nobody owns. This is the silent one. Users flag bad answers via a "report issue" button or a separate email alias. If those reports route into a queue with no named owner, no documented triage, and no weekly review meeting, your governance posture is theater. Auditors notice; users notice faster.
What changes if you switch to a Jarvis-class governed platform
Disclosure first: I work on the customer-programs side at ASCENDING, which builds Jarvis. So read this section knowing the bias is in the byline. I'm trying to tell you what's actually different about the work, not pitch the product.
The admin role doesn't disappear on a governed, MCP-native platform. It changes shape. Three concrete differences I've seen at Jarvis customers running comparable seat counts:
The connector maintenance category gets smaller because the MCP Gateway standardizes the integration surface. Instead of bespoke connector code per source, sources expose MCP servers with consistent observability. When a tool breaks, it's diagnosable in one place rather than five. The governance-review category gets bigger in name but smaller in hours, because the per-call audit emitted by the gateway means the reviewer is checking emitted policy snapshots instead of reconstructing them from log fragments. Net effect at ~1500 seats, in customer conversations I sat in on through Q1 2026: roughly the same FTE total, but the failure modes shift from "connector debt" to "policy clarity," which most platform teams consider an upgrade. The break-fix queue shrinks. The policy queue grows. Most platform leads I've talked to would rather argue about policy than chase a SharePoint permissions bug at 11pm.
The number doesn't go to zero. It rarely does. The honest version of the pitch is that the kind of work moves toward review and away from break-fix — and that's usually worth doing on its own.
For the broader pricing teardown including the admin FTE line in TCO, see Glean pricing in 2026 and the cheaper paths to the same outcome. For the year-two negotiation lever this admin staffing line gives you, see the Glean renewal checklist.
FAQ
Why doesn't Glean quote the admin FTE upfront? Because it's not their cost. The platform-ops headcount belongs to the customer, runs out of the customer's budget, and shows up nowhere on the Glean order form. AEs are not incentivized to surface a $200K cost they don't control. It's not bad faith — it's just the structure of the sale.
Can you outsource the admin role to Glean's professional services team? Partially. Glean offers managed services for deployment and ongoing tuning. The fee is non-trivial; customers I've spoken to report figures in the $100K-$250K annual range depending on scope. It doesn't cover access provisioning, governance review, or model-output triage, which stay on your side. Outsourcing the technical pieces still leaves the policy and governance work in-house.
At what seat count does a dedicated FTE become unavoidable? The threshold sits around 500-700 seats in practice. Below that, an IT generalist with 30% of their time on it can keep up. Above that, the work is steady enough that splitting it across people creates more handoff cost than running a single owner.
Is this staffing model specific to Glean? No. The hours-per-week pattern is roughly the same for Microsoft 365 Copilot, Onyx, Guru, and Jarvis at equivalent seat counts. The work category mix shifts. Copilot deployments spend more on Purview policy tuning. Onyx deployments spend more on connector engineering. The total hours sit in the same band.
What happens if you under-staff for the first year? You ship a deployment that looks fine on quarterly reviews and accumulates technical debt nobody is tracking. The bill comes due as a compliance finding, a security incident, or a user-experience drop that's hard to attribute. By the time it surfaces, you're 12-18 months in and the catch-up cost is higher than the prevention cost would have been.
About ASCENDING
ASCENDING is an AWS Advanced Consulting Partner founded in 2018 in Fairfax, Virginia. We build Jarvis AI, a governance-first, MCP-native agent platform, including the MCP Gateway and Jarvis Registry referenced above. We publish this site as an independent industry resource; when an article compares Jarvis to a competitor, the disclosure stays on the page.