Logic Apps · Entra ID · RBAC · HR-driven onboarding automation

Azure Onboarding Automator. Identity and access automation for new employee onboarding.

Azure Onboarding Automator is a hands-on Azure identity automation project that uses Logic Apps, Microsoft Entra ID, security groups, RBAC thinking, email notifications, and monitoring evidence to standardize the new-starter process. It turns a manual HR/IT handoff into a repeatable workflow that creates users, assigns access, notifies stakeholders, and supports audit review through Logic App run history and Entra logs.

Azure Logic Apps Microsoft Entra ID RBAC + security groups Office 365 Outlook SharePoint / email trigger Azure Monitor AZ-104 aligned

Trigger: SharePoint list, email, or onboarding request Identity: Entra ID user creation + group assignment Evidence: run history, email confirmation, directory logs

Sections Overview Business Impact Workflow Identity Gallery Tech stack Snapshot Lessons

Onboarding automation control flow

Identity Automation Audit trail

Architecture snapshot HR request to identity provisioning.

HR / Manager request
→ SharePoint list or email trigger
→ Azure Logic App workflow
→ Create user in Microsoft Entra ID
→ Assign security group / access template
→ Send welcome + IT notification emails
→ Review Logic App run history + Entra logs

Overview

What Azure Onboarding Automator solves

New employee onboarding is often repetitive, inconsistent, and dependent on manual IT checks. This project demonstrates how Azure-native automation can convert a request from HR or a manager into a controlled identity workflow that creates the user, assigns the right access group, sends onboarding communication, and leaves an operational audit trail.

The problem

Manual onboarding creates delay, inconsistency, and access risk.

Without automation, IT teams often create accounts manually, copy access from existing users, forget group assignments, or rely on informal handoffs. That increases onboarding time and creates avoidable least-privilege and audit issues.

Manual user creation can lead to inconsistent naming, profile, and group standards.
Department-based access is easy to apply incorrectly when requests are handled manually.
HR, IT, and managers may not have a clear view of whether onboarding completed successfully.
Support teams need run history and logs to investigate failed onboarding attempts.

The solution

Automated identity provisioning with repeatable access patterns.

Azure Logic Apps orchestrates the process from request intake to user creation, group assignment, welcome email, and operational review. The design mirrors a real-world Azure Administrator workflow and aligns strongly with AZ-104 identity, governance, and monitoring skills.

Create user Assign group Notify HR/IT Monitor run history Audit evidence

Business impact

Business value delivered by Azure Onboarding Automator.

This project connects identity automation to measurable business value: faster onboarding, fewer manual access errors, stronger least-privilege controls, and clearer audit evidence for HR and IT operations.

Reduced new-starter onboarding effort by automating user creation, group assignment, and welcome email delivery.
Reduced manual permission errors by applying department or job-title based access patterns through a repeatable workflow.
Improved security posture by standardizing group membership instead of relying on ad-hoc access requests.
Improved operational visibility by using Logic App run history and Entra ID logs to review onboarding success or failure.
Standardized communication across HR, IT, managers, and new starters through automated email notifications.
Reduced support delays by providing clear onboarding evidence, including workflow execution status and account provisioning steps.
Created a scalable onboarding pattern that can be extended with approval steps, licence assignment, Teams notifications, and RBAC templates.

Workflow architecture

From onboarding request to ready-to-use account.

The workflow is designed around a simple enterprise pattern: HR or a manager submits a request, Logic Apps handles the orchestration, Entra ID becomes the identity source of truth, and the automation produces notifications and logs for review.

Automation flow

1

Onboarding request submitted

SharePoint list, email, or request endpoint

HR or a manager submits new-starter details such as display name, username, email, department, and job title.
2

Logic App workflow starts

Event-driven orchestration

The Logic App captures the trigger payload and passes dynamic values into downstream identity and notification actions.
3

User created in Microsoft Entra ID

Azure AD / Entra connector

The workflow creates the user profile using dynamic fields such as display name, UPN, mail nickname, and request metadata.
4

Access group assigned

Department or job-title based access

The workflow assigns the user to the correct security group so access follows a standard onboarding template.
5

Emails and audit trail generated

Outlook connector + run history

The new starter receives a welcome email, stakeholders are notified, and Logic App run history records the execution.

Validation flow

1
Submit a test onboarding request
Use a SharePoint entry or email trigger with realistic employee details.
2
Check Logic App run history
Confirm each action completed and inspect any failed connector steps.
3
Verify Entra ID user creation
Confirm the new user appears with the expected display name, username, and profile details.
4
Verify group assignment
Check that the user was added to the correct access group based on role or department.
5
Verify communication and logs
Confirm welcome email delivery and review Entra/Logic App evidence for auditability.

Identity and access controls

How identity provisioning and access assignment work.

The project uses Microsoft Entra ID as the central identity system. Logic Apps connects the request data to account creation and group assignment so access is applied consistently instead of manually copied from another user.

User provisioning

Creates the Entra ID user from submitted onboarding details.
Uses dynamic values for display name, username, UPN, and mail nickname.
Supports HR or manager-driven onboarding requests from common Microsoft 365 tools.
Leaves execution evidence in Logic App run history for troubleshooting.

Access assignment

Assigns the new user to the correct department or role-based security group.
Supports a least-privilege access model by using predefined access templates.
Reduces the chance of incorrect access caused by manual onboarding steps.
Can be extended later with licence assignment, approval gates, and RBAC role assignment.

Evidence gallery

Key highlights from the onboarding automation build.

These screenshots show the main project evidence: identity setup, Logic App workflow actions, group assignment logic, and the automated welcome email experience.

Overview

Onboarding automation overview

Represents the end-to-end employee onboarding automation scenario.

Identity

Entra ID identity foundation

Shows the tenant and directory layer used for user creation and access management.

Workflow

Access assignment logic

Shows the automation step used to apply access based on the onboarding request.

Provisioning

User creation action

Evidence of the workflow creating or configuring the new starter account.

Notification

Welcome email confirmation

Shows the communication step that notifies the new user or stakeholders.

Tech stack

Azure-native tools used in the onboarding workflow.

The project focuses on practical Azure Administrator skills: identity management, workflow automation, access assignment, monitoring, and Microsoft 365 integration.

Automation and triggers

Azure Logic Apps for workflow orchestration.
SharePoint list trigger for HR-driven onboarding requests.
Email trigger for alternative onboarding intake.
Dynamic content mapping between request data and identity actions.

Identity and access

Microsoft Entra ID for user identity creation.
Security groups for department or role-based access.
RBAC thinking for least-privilege access assignment.
ARM/Bicep extension path for infrastructure and access templates.

Monitoring and communication

Logic App run history for step-by-step execution review.
Azure Monitor for visibility and future alerting.
Entra ID logs for sign-in and directory audit evidence.
Office 365 Outlook connector for welcome and stakeholder emails.

Project snapshot

Azure Onboarding Automator

An Azure identity automation project that provisions new users, assigns group-based access, sends onboarding emails, and provides workflow evidence through Logic App run history and Entra ID logs.

Logic Apps Entra ID Security groups RBAC thinking Outlook connector Azure Monitor

Trigger model

SharePoint list, email, or onboarding request

Identity action

Create user in Microsoft Entra ID

Access action

Assign security group based on role or department

Communication

Welcome email and stakeholder notification

Audit evidence

Logic App run history and Entra ID logs

Role alignment

Azure Administrator, Identity, M365, Cloud Support

Challenges & lessons learned

What I learned building Azure Onboarding Automator.

This project strengthened practical Azure Administrator skills by connecting identity, automation, access control, notifications, and monitoring into one workflow.

Designing onboarding as a repeatable workflow instead of a manual checklist

›

The project showed how Logic Apps can turn repeated service desk tasks into a controlled workflow with clear input, actions, outputs, and run history.

Benefit: fewer manual steps and more consistent onboarding outcomes.
Trade-off: request data needs to be structured correctly before automation can trust it.
Outcome: a practical automation pattern that maps well to real IT operations.

Understanding why group-based access is safer than copying permissions manually

›

Assigning access through groups makes onboarding more consistent and easier to audit than manually applying permissions to each user.

Security groups act as reusable access templates.
Department or job-title logic keeps access decisions structured.
This supports least privilege and reduces accidental over-permissioning.

Using run history and logs as operational evidence

›

The value of automation is not only that it runs, but that it can be reviewed, troubleshot, and evidenced later.

Logic App run history shows exactly where a workflow succeeded or failed.
Entra ID logs support identity validation and audit review.
Azure Monitor can be added to centralize alerting and visibility.

How this can evolve into a production-ready onboarding platform

›

The current version proves the core workflow. Future improvements could make it more enterprise-ready.

Add manager approval before user creation or privileged access assignment.
Add automatic Microsoft 365 licence assignment.
Add Teams notifications for IT and HR.
Add Bicep-defined access templates and environment-specific configuration.