A long time ago in an IT department not so far away… IT admins were drowning in endless onboarding tasks manually setting up accounts, provisioning access, and sending welcome emails. It was a dark time for productivity.
But then, a new hope emerged Lifecycle Workflows in Entra ID Governance! This powerful tool automates identity tasks, allowing IT teams to focus on more important matters like securing the galaxy. Today, we’ll explore how to use this automation to streamline the onboarding process for our newest recruit… Luke Skywalker.
Navigating the Entra Portal
To begin our journey, we must enter the sacred archives also known as the Entra portal. From here, navigate to Identity Governance > Lifecycle Workflows to check a few critical settings:
- Workflow Schedule – Determines how often our automation will run.
- Email Domain – Defines the sender address for system generated emails.
With these settings in place, we are ready to create our onboarding workflow.
Selecting Our Workflow Type
Microsoft offers many workflow templates, but for this, we select Onboard New Hire Employee.
After selecting it, we configure the basics. One key setting: the workflow activates when the employee employeeHireDate is set. No need for manual intervention, automation will take care of it.
Defining the Scope
Every Padawan must meet certain conditions before their training begins. Our workflow enforces the following rule:
- It only runs if the new employee is in the “Lightsaber R&D” department.
Automating the Workflow
This workflow ensures our new employee is ready to go on Day 1 by completing the following tasks by default:
Activating the new employee’s account
Sending a welcome email – A friendly email to introduce them to the Rebel Alliance.
Adding the user to a group membership – In my example I am using the W365 group, which automatically provisions the employees W365 Cloud PC.
Adding an Email for the Employees Manager
While the default workflow gets the job done, let’s enhance it by notifying the employees manager.
The Manager receives an email containing:
- The Employees’ name
- The Employees’ start date
- A Temporary Access Pass (TAP) used for initial authentication and device setup.
These settings are controlled by the TAP settings in my authentication methods in my tenant.
With everything set, we hit Create, and the automation is ready to execute.
The Arrival of a New Jedi: Luke Skywalker
Today’s new employee is Luke, newly assigned to the Rebel Alliance’s Lightsaber R&D department.
As soon as his hire date is set, the workflow activates:
Master Yoda, his manager, receives an email with Luke’s onboarding details and TAP code.
Luke, eager to begin his training, powers on his new PC and starts the Autopilot process.
He enters his credentials, followed by the TAP provided by Yoda.
He configures Windows Hello, setting up biometrics for secure authentication.
He registers his Authenticator app, ensuring secure access to Rebel systems.
Back on the device, Luke sets up his PIN.
Finally, he visits http://aka.ms/mfasetup to set up additional security methods, such as passkeys.
May the Automation Be with You
By using Lifecycle Workflows, we’ve transformed onboarding from a tedious, repetitive chore into an automated, hands-free experience. Gone are the days of manual account activations, frantic last-minute access requests, and endless email chains.
