Power Automate – Onboarding of new employees – part 1

One thing I’ve seen when new companies get new employees, is that there are usually something missing when they begin. This might be a computer, an account in the HR or CRM system or something similar. This is usually because the processes are not defined, made available or communication between departments just isn’t catching this. What I’ve seen is that these issues are the same for smaller and larger companies. The same is true for offboarding, maybe even mores o.

This article is bringing up a scenario for new hires, but it could easily be for external user access. For the latter there are some cool things covered with the Azure AD Premium P2 license that I want to cover at a later point.

To get a good business process you need to identify the steps required for an onboarding to be successful. This usually requires involvement from several departments, including IT, HR and others. If some of the departments lack information, steps are usually going to be missed and somethings won’t be ready when the employee arrives. So where to start? Do you start when you have all steps noted in the process and all ironed out? Or can you change this as you go along?
Business Processes change from time to time, and this goes for onboarding as well. There are new systems that replace other systems, changes to accessories etc. Brainstorming and getting some of the process might be a good place to start. Especially if defining the process will take time. Then it’s a good thing that Power Automate can be changed on the fly and components can be added or removed as required.

Part 1 of this article will walk you through information gathering, the approval process and user creation. These processes and content will vary from company to company, I’m only demonstrating what could be done. I’m showing cloud-only options and using only default integrations in the first part, however you can use premium features as well to do some amazing stuff.

There are several ways to gather the required information. You can send it in an email, you can add it to a sharepoint list or you can juse a form.

I’ve opted for Microsoft Form to gather the required information. I’ve only asked for employee information and applications and services required. Asset options are not covered in this article, however it can be added into the process. The information I’ve requested is

• First Name
• Surname
• Title
• Department
• Email
• Phone
• Location
• Manager
• Manager email address
• Birthday (some might require social security number for payroll)
• Start date (hire date)
• Application and Services

The flow looks like this.
I’m running a task for each response to the form. I get the answers for the current one, identifies the manager by the manager email address from the form and send an approval to the manager. The approval can be sent to a group if this could be approved by more people. In this case it’s to the manager of the new employee. When the approval task is approved (or denied) the flow continues based on the answer. If it is a success it creates the Azure AD user account and assign a manager to that user. Depending on the selection of applications made parallel tasks will kick start the process to onboard the user to those other systems or assign license, groups or teams. If Office applications are selected a group assignment will be granted and a license will be deployed to the user.

The different task in more detail

We use the trigger When a response is submitted for forms.
Start with getting the Id for the form. You can find this by opening the form and look at the URL. You will find the ID beweteen the id= and the &.
https://forms.office.com/Pages/DesignPageV2.aspx?origin=NeoPortalPage&subpage=design&id=dvfLizEZQUuTA3KUiNt_GA-rwVKcId1FowaeVWj8qmRUMTRPUVRXU1dEMlVCQ0c4VkZSRkFJMkRBMCQlQCN0PWcu&analysis=false

Next we select the action named Get response detail. Entering the dynamic content List of response will put the object into an for each loop, that will trigger for the registered response. It will not trigger for previous responses.

Now you have the answers from the form, we will now get some required information from the form.
We start by getting the manager of the user, we use the action named Get user profile (V2). We supply the UPN, in this case we ask for the manager email address in the form for this reason.

The approval process is next, and this can be as complicated as you would like to. The action is named Start and wait for an approval.
The Details provided is written in markdown language, and we use information from the form. The images shows how the Power Automate and Teams Approval app displays the information. The Approval form in teams has two buttons on the form Approve and Deny, these are defined in the Response option Items in the action.

Next is our first control action to verify the approval process. We select the dynamic content Outcome from the approval process and check it matches the Approve condtion we specified in the approval action.

There are connectors to Azure AD that we are going to utilize next. And the first place where we will need to use some of the expressions provided.

Now we create the Azure AD user. Use the action named Create User from the Azure AD connector.
We use some expressions to provide the password in the connector, in this case there are also a different requirement on the mail nickname and I’ve added an expression to support that. Most companies use firstname.lastname@domain.com or firstname@domain.com. Here you are free to use dynamic content or combination with expressions.

For the Password part we need to create a password in line with the Microsoft policy. I’ve opted to use a substring of the guid expression. The guid creates a random key and the substring selects a part of that guid string and places it as a password. You can make this as complex as you would like to, for this demo I didn’t make it to advanced. The other items are picked up from the form, and the user is created.

So the last step when creating the user is to assign a manager to that user. This is it’s own action in the Azure AD connector named Assign manager. We use the dynamic Id from the user we created in the last steop in the first section, and we use the Id from the Manager (Get User Profile V2) when we put in the manager.

The user has been created and have been assigned a manager. Hoorray!! Or? The user doesn’t have a license, and no assigned groups. These are the nexts steps. Stay tuned for part 2.