Do you have a clunky, old onboard automation workflow with a confusing interface and probably requires Java that your HR team hates to use? If so, it’s time to learn how to rid yourself of your “onboarding solution” altogether with Power Automate (formerly known as Microsoft Flow).
The employee onboarding experience is one that’s ripe for automation of some kind. Why? Because it follows the same pattern and is frequently repeated (if an organization is hiring often).
Typically, onboarding tasks follow the same flow. Examples may look like:
- Create a user account
- Get approval from a department manager for access
- Add accounts to various Active Directory groups
- ….and so on
You need a system. You need an onboarding automation system so that HR management and management employees don’t have to deal with the logistics.
Whether you’re in a small business or enterprise, organizations of all sizes can save time and money by onboarding new employees with automation.
We’re going to get technical. You’re going to learn one example of building onboarding tools to collect data, process that data and ultimately save a ton of time with Power Automate.
Table of Contents
In this article, you’re going to learn one instance of many Microsoft Flow examples (Power Automate). Remember this is only a single use-case for employee onboarding with Power Automate. Power Automate has thousands of connectors that enable you to perform hundreds of tasks. The onboarding tasks will all depend on your particular environment.
For this particular use case, you will build an onboarding automation workflow to see an entire flow of tasks run based on a single row in an Excel document. This Excel document will contain a row containing an example employee with the department as shown below.
Based on the Excel worksheet row, the flow you’ll build will:
- Generate a random password for an Azure Active Directory (AAD) user account.
- Create an AAD user based on a first/last name of the emp
- Add the AAD user to a specific group based on the Excel document row.
- Look up the manager for the department.
- Assign a manager to the AAD user.
- Send out an email to the department manager asking for access approval to a a fictional system.
- Wait for approval.
- Grant access to the fictional system.
- Notify the new employee’s team in Microsoft Teams they have a new team member.
If you plan to follow along with building this exact example flow in Power Automate, be sure you have these items in place before you start:
- An Office 365 subscription
- An Azure Active Directory tenant linked to an Office 365 account
- An Azure AD group called Accounting
- An Azure AD user called Alice Bertram assigned as the group owner of the Account Azure AD group.
- An Azure Automation account
- An Azure Automation credential called Azure AD Admin containing a username and password of an Azure AD user account with permission to read and create Azure AD resources
- A Microsoft Teams account
- Have the Microsoft Excel Flow Office-Addin installed
At the time of this writing, the Flow Office add-in is a little buggy. There were times when it wouldn’t sign in immediately for me. Or, when it would sign in, it would show a white screen where the flow is supposed to show up. Your mileage may vary.
Creating the Trigger Excel Spreadsheet
Since in this tutorial, you’ll be using an Excel spreadsheet as a trigger, first ensure you’ve got one created. If you’re following along with the tutorial, you’ll need to create the spreadsheet up exactly how the below instructions are expecting it.
- In Excel Online, create a spreadsheet called NewEmployees.xlsx. Be sure to save it to a OneDrive account.
- Create a row with headers called First Name, Last Name and Department.
- Provide a first name, last name and example department in the second row.
- Highlight the first and second row’s data and click on Insert and then on Table. You should be prompted to create table. Check the My table has headers box. You must create a table to let Power Automate understand what data to pass to the flow.
Creating Azure Automation Runbooks to Invoke PowerShell
Unfortunately, Power Automate will probably not contain actions for every step you need to take in a flow. For example, Power Automate has Azure AD actions to create a user. As you can see below though, the action requires a password.
But chances are you don’t want to assign the same password for every Azure AD user you create. You need to create a random password.
There is no “create random password” step in Power Automate. You must create your own. You need some “filler” actions. A great way to create these ad-hoc actions is with PowerShell. Unfortunately, though, Power Automate doesn’t have a direct way to invoke PowerShell code.
To invoke PowerShell code from Power Automate, you must create an “interim” service using Azure Automation runbooks. Since Power Automate natively supports invoking and reading Azure Automation runbooks output, they’re a great way to invoke ad-hoc PowerShell code.
To follow in the employee onboarding example in this tutorial, you’ll need to create three Azure Automation runbooks. Click on each link below to download an export of each one.
Important: Be sure to replace the tenant ID in each runbook to your own!
Setting up Connections
One crucial component of Power Automate is a concept called connectors. Connectors are objects inside of Power Automate that let it authenticate to various services. Instances of those connectors are called connections. Think of a connection as a credential for a particular service.
You can create these connections while you’re creating a flow. But if you know what connectors you need ahead of time, it’s easier to create all of them at once. For this tutorial, you’ll need to create five of them:
- Azure AD
- Azure Automation
- Excel Online (Business)
- Microsoft Teams
Below you’ll see each of the connections you’ll need to configure under Data —> Connections in the Power Automate dashboard.
To limit the length of this tutorial, we’re not going to cover how to create connections. To set up connections, be sure to check out the Manage connections in Power Automate Microsoft documentation.
Importing the Flow
To save you tons of time building your own onboarding automation workflow, download the prebuilt flow for this tutorial here. Power Automate allows you to easily import and export flows at will. Sharing export packages is a great way to share flows.
To import the flow in the Power Automate dashboard:
- Click on My flows and then on Import as shown below.
2. On the Import package screen, click on the Upload button.
3. Select the package you’ve downloaded. Once it’s uploaded, you’ll then be presented with a few configuration options to set as shown below. Since my connections won’t be the same as yours, you must now replace each connection from the example package with your connections.
Click on Select during import for each Related resource. When the Import setup window comes up, click on the connection you should have created earlier. The connection should show up under the Create new link.
If hadn’t created the connections ahead of time, you can create a new connection by clicking on it.
4. Once you’ve mapped all of the resources in the example package to your own, click on Import. The package should then begin importing. Once done, you should see a message like below.
5. Click on Open flow to inspect the imported flow. Here you will see each step in this pre-configured flow.
6. Now click on the following steps and modify them to match your own environment:
- The Excel Online trigger
- Find Azure AD Group ID – Start Job
- Find Azure AD Group ID – Get Output
- Get Employee Department Manager – Start Job
- Generate Random User Password
- Get Random User Password
- Get Department Group ID – Start Job
- Get Department Group ID – Get Output
- The email under Account System Approval in the Send approval to dept manager and wait for approval step.
- Notify the Team
Running the Flow
Once you’ve modified each step to match your own connections and Azure Automation runbooks, it’s time to test out the flow!
- Assuming you’ve already installed the Flow Office Add-in, in Excel Online, click on the Data tab and then click on Flow.
2. Ensure an employee is in the first row of the table with a department. Click anywhere in the row and then click on the play button to the right of the New Employee Onboarding flow. You can see an example of what this looks like below.
3. If this is the first time you’re running this flow from Excel, you may see the following confirmation step. If so, click Continue.
4. When the Run now button appears, click on that to start the flow. Power Automate will read the row you’ve selected, pass that information to the flow and begin the sequence of steps.
5. When started, click on the Flow Runs Page to now monitor the flow’s execution.
Monitoring the Flow
Once you’ve kicked off the flow, Power Automate creates a job on the Flow Runs page as you can see below.
If you click on the job link, you should then see the job is running and notice each step as it progresses.
Since the flow had a manual approval step, you should see that the workflow is paused. It should should be paused on the Send approval to dept manager and wait for approval step. At this step, Power Automate has sent an email to the fictional department manager Alice Bertram.
Alice needs to manually approve access to a fictional line of business application.
This flow will pause in this state until Alice approves this request.
Since the flow has an approval step in the flow, the department manager, Alice, has gotten an email. That email looks something like below.
Alice must click on the Approve button (link) to approve this request. When she does, she will be taken to the flow page with an approval window as shown below. Let’s say Alice is good with this approval, ensures the dropdown is set to Approve and clicks on the Confirm button.
Alice’s approval will be recorded.
Now go back to the flow’s run history by clicking on My flows, clicking the vertical dots to the right of the flow name and then click on Run history.
Click on this flow and you should then see the approval step has a green check mark. The green check mark indicates it has run and was successful.
Finally, the remaining Microsoft Teams step would announce to the department’s team a new employee has joined.
You’ve learned how to create an employee onboarding flow with Power Automate. The example provided in this tutorial is just that – an example. You can create and link together a near endless amount of tasks with Power Automate. Employee onboarding is just a single example of what’s possible with automation.
Use this tutorial’s outcome for yourself, tweak it to match your environment and start automating all the things!
More from Adam The Automator & Friends
Find out how many of your Active Directory users are using leaked passwords by running a free read-only scan with Specops Password Auditor.
Why not write on a platform with an existing audience and share your knowledge with the world?
We've put together a list of the resources we, at ATA, can wholeheartedly recommend.