Microsoft Azure: Onboarding Automator
Overview
While preparing for the AZ-104: Microsoft Azure Administrator certification, I decided to go beyond theory and create a hands-on, real world project: Onboarding Automator.
This solution automates new employee onboarding using Azure native tools such as Logic Apps, Azure Active Directory (Entra ID), and Role-Based Access Control (RBAC). It not only helped reinforce my learning, but also replicates a real-world scenario I'm likely to face as an Azure Administrator.
Manual onboarding is often repetitive, error-prone, and time consuming. This project was designed to:
- Eliminate repetitive manual tasks
- Ensure consistent and secure access control
- Automatically log onboarding actions and notify key stakeholders
Azure Services Used
| Service | Purpose |
|---|---|
| Azure Logic Apps | Orchestration of onboarding workflows |
| Azure AD (Entra ID) | Identity creation, group assignment, role-based access |
| ARM Templates / Bicep | Resource provisioning and access control |
| Microsoft Forms / HTTP Endpoint | Trigger for HR submission or onboarding request |
| Azure Monitor | Logging and monitoring onboarding steps |
| Outlook / Teams Connector | Notifying HR, IT, and Managers |
Azure Active Directory
Azure Active Directory (Azure AD) serves as the central identity and access management system in this project. It's responsible for storing user identities, managing group memberships, and enforcing role-based access control (RBAC). Since I already had an existing Azure AD tenant configured with core groups and directory settings, there was minimal setup required here. I ensured key security groups were in place to align onboarding with departmental access policies.
Azure Logic App Workflow
Azure Logic Apps is a cloud-based workflow automation service that integrates with various Microsoft and third-party services. It is a powerful cloud service for automating workflows across services and systems. In this project, I built an onboarding automation system that provisions new employees based on trigger events from SharePoint or email, integrating tightly with Microsoft Entra ID.
I created a Logic App workflow that triggers automatically when:
- A new SharePoint list entry is created
- A specific email is submitted
- A specific email is received
This multi-source trigger design allows flexibility in how onboarding requests are initiated, perfect for real-world enterprise environments where different teams use different tools.
Create User in Entra ID
Using the Azure AD connector, the Logic App creates a new user in Microsoft Entra ID, dynamically filling in their profile using values from the trigger:
- Display name
- Username (UPN)
- Mail Nickname
Assign to Group Based on Job Title
Within the Logic App workflow, the Azure AD connector can be utilized to create a new user account. Essential information required for account creation, such as the employee's name and email address, is extracted from the trigger event. This process ensures that each new employee is provisioned with an Azure AD account. Additionally, the workflow can assign the user to relevant groups or roles. For example, if the trigger event identifies the employee as part of the Sales department, the Logic App will automatically assign them to the "Sales Users" group or grant Sales-specific roles to ensure appropriate access permissions.
Send Welcome Email
As part of the user onboarding workflow, an Azure Logic App is used to automatically send a personalized welcome email using the Office 365 Outlook connector. Once a user is successfully created and assigned to the appropriate group, the Logic App triggers the "Send an email" action.
- Send a personalized welcome email to the new user
- Include login credentials and access instructions
- Provide helpful onboarding resources and links
- List key contact information for support
The email content is populated using dynamic content from the request, providing a custom experience for every new user.
Monitoring and Review
The final step involves monitoring the automation process using the following tools:
- Logic App Run History – to track each execution step and status
- Azure AD Sign-in Logs – to verify successful user login attempts
- Azure Monitor Dashboards (optional) – for centralized visibility and alerts
These tools support auditing, troubleshooting, and the rapid resolution of any onboarding errors.
Conclusion
Working on this project has been an invaluable learning experience, offering practical, hands-on application of the concepts I've studied over the past few weeks.
Throughout the project, I achieved several key learning outcomes. I developed a solid understanding of Azure Active Directory (Azure AD) setup, enabling efficient management of user identities and access controls. I enhanced my ability to design automation workflows using Azure Logic Apps, including selecting appropriate triggers and actions tailored to specific events.
I also became proficient in automating user account creation in Azure AD by leveraging Azure AD connectors within Logic Apps and extracting relevant data from trigger events. Additionally, I learned to assign predefined roles and groups based on job positions or departments, significantly improving access control.
I gained the ability to automatically provision Azure resources, such as virtual machines and permissions using the Azure Resource Manager connector in Logic Apps. I also developed the skills to create personalized welcome emails for new hires, enriching the onboarding experience.
Another important outcome was learning to monitor and review the entire onboarding process using Logic App run history and Azure AD logs. This enables quick identification and resolution of issues, as well as ongoing workflow improvements.
Overall, this project significantly improved process efficiency by reducing manual intervention while enhancing scalability, consistency, and security in onboarding. I also acquired valuable integration skills, allowing me to connect various Azure services and external systems making it easier to adapt and optimize automation workflows as business needs evolve.
This solution is scalable, customizable, and production-ready, ideal for any enterprise looking to simplify and standardize new employee onboarding.