This project demonstrates how to automate the employee onboarding process using Azure Logic Apps. The workflow automates user creation in Azure Entra ID / AD, assigns roles, and provisions necessary resources for new hires.
-
Trigger and Initialize Variables
- Triggered by an email indicating a new hire.
- Initializes variables to store email content.
-
Parsing Email Content
- Parses the email body to extract the new hire's details.
-
Creating User in Entra ID
- Creates a new user in Entra ID with the parsed information.
-
Assigning User to Groups
- Uses conditional logic to assign the user to the appropriate group based on their job position.
-
Provisioning Resources and Sending Welcome Email
- Provisions necessary Azure resources.
- Sends a welcome email to the new hire with login credentials.
-
Monitoring and Review
- Monitors the workflow execution and reviews logs for troubleshooting.
- Azure Subscription
- Access to Entra ID / AD
- Azure Logic Apps
-
Clone the Repository
git clone https://github.com/yourusername/azure-logic-apps-onboarding.git cd azure-logic-apps-onboarding
-
Import Logic App Definition
- Navigate to the Azure Portal.
- Create a new Logic App.
- Import the
logic-app-definition.json
file from this repository.
-
Configure Connections
- Set up connections for Entra ID and Outlook within the Logic App.
-
Run the Workflow
- Test the workflow by sending an email with the new hire details.
First Name: John
Last Name: Doe
Email: john.doe@example.com
Job Position: Cloud Engineer
Department: IT
Before deploying this logic app, replace the following placeholders in the logic-app-definition.json
file with the actual values from your Azure environment:
{client-id}
{tenant-id}
{group-id-cloud-engineer}
{group-id-data-analyst}
{subscription-id}
{resource-group-name}
{client-secret}
-
Parsing HTML Email Content:
- Challenge: Azure Logic Apps read email content as HTML, making it difficult to parse plain text information.
- Solution: Use string manipulation functions to extract necessary details from the HTML content.
-
Authorization Issues:
- Challenge: Facing "Authorization Denied" errors when attempting to add users to groups or assign roles.
- Solution: Ensure that the service principal used by the logic app has the necessary permissions, such as
Group.ReadWrite.All
andDirectory.ReadWrite.All
.
-
Role Assignment via HTTP Call:
- Challenge: Configuring HTTP actions to assign roles and permissions.
- Solution: Use the
HTTP
action to get an OAuth token and make API calls to Azure Resource Manager (ARM).
- Project was inspired by @madebygps
- Original repository