Automate employee onboarding tasks before their first day of work with Azure portal (preview)
This tutorial provides a step-by-step guide on how to automate pre-hire tasks with Lifecycle workflows using the Azure portal.
This pre-hire scenario will generate a temporary access pass for our new employee and send it via email to the user's new manager.
- Azure AD Premium P2
For more information, see: License requirements
Before you begin
Two accounts are required for this tutorial, one account for the new hire and another account that acts as the manager of the new hire. The new hire account must have the following attributes set:
- employeeHireDate must be set to today
- department must be set to sales
- manager attribute must be set, and the manager account should have a mailbox to receive an email
For more comprehensive instructions on how to complete these prerequisite steps, you may refer to the Preparing user accounts for Lifecycle workflows tutorial. The TAP policy must also be enabled to run this tutorial.
Detailed breakdown of the relevant attributes:
|Used to notify manager of the new employees temporary access pass||Both|
|manager||This attribute that is used by the lifecycle workflow||Employee|
|employeeHireDate||Used to trigger the workflow||Employee|
|department||Used to provide the scope for the workflow||Employee|
The pre-hire scenario can be broken down into the following:
- Prerequisite: Create two user accounts, one to represent an employee and one to represent a manager
- Prerequisite: Editing the attributes required for this scenario in the portal
- Prerequisite: Edit the attributes for this scenario using Microsoft Graph Explorer
- Prerequisite: Enabling and using Temporary Access Pass (TAP)
- Creating the lifecycle management workflow
- Triggering the workflow
- Verifying the workflow was successfully executed
Create a workflow using pre-hire template
Use the following steps to create a pre-hire workflow that will generate a TAP and send it via email to the user's manager using the Azure portal.
Sign in to Azure portal
On the right, select Azure Active Directory.
Select Identity Governance.
Select Lifecycle workflows (Preview).
Next, you will configure the basic information about the workflow. This information includes when the workflow will trigger, known as Days from event. So in this case, the workflow will trigger two days before the employee's hire date. On the onboard pre-hire employee screen, add the following settings and then select Next: Configure Scope.
Next, you will configure the scope. The scope determines which users this workflow will run against. In this case, it will be on all users in the Sales department. On the configure scope screen, under Rule add the following settings and then select Next: Review tasks. For a full list of supported user properties, see: Supported user properties and query parameters
Run the workflow
Now that the workflow is created, it will automatically run the workflow every 3 hours. Lifecycle workflows will check every 3 hours for users in the associated execution condition and execute the configured tasks for those users. However, for the tutorial, we would like to run it immediately. To run a workflow immediately, we can use the on-demand feature.
Be aware that you currently cannot run a workflow on-demand if it is set to disabled. You need to set the workflow to enabled to use the on-demand feature.
To run a workflow on-demand, for users using the Azure portal, do the following steps:
- On the workflow screen, select the specific workflow you want to run.
- Select Run on demand.
- On the select users tab, select add users.
- Add a user.
- Select Run workflow.
Check tasks and workflow status
At any time, you may monitor the status of the workflows and the tasks. As a reminder, there are three different data pivots, users runs, and tasks which are currently available in public preview. You may learn more in the how-to guide Check the status of a workflow (preview). In the course of this tutorial, we will look at the status using the user focused reports.
Enable the workflow schedule
After running your workflow on-demand and checking that everything is working fine, you may want to enable the workflow schedule. To enable the workflow schedule, you may select the Enable Schedule checkbox on the Properties (Preview) page.