In today’s highly competitive business environment, the automation of business processes is no longer a choice but an inevitable necessity✅. Consider the task of creating a new user in Microsoft 365 – it may be simple, but things can get tricky when we have to wait for manager approval and send multiple emails afterward. Imagine how interesting it would be if automation stepped in to handle all of that for us💡. In this blog, we’ll provide a step-by-step guide on creating an automated user onboarding flow that includes a manager approval process.

With just one click👆, you can easily invite new employees into your organization. Exciting updates are on the way for this flow and blog! We’ll be expanding the process by adding steps like assigning properties (Job title, Department, Office Location, etc.) to new users and seamlessly integrating them into M365 groups, and much more🚀. Get ready for a series of M365 automation processes with Power Automate that will simplify your workflows and make your user management easier🥁!

A Quick Glimpse of the Flow!

In this blog, we have created an “Instant cloud flow” to meet our requirements. Below, you will find a video demonstration that illustrates the process of importing the flow and running it in your Power Automate environment, providing a visual walkthrough for better understanding.

The flow comprises the following steps:

  • In the Power Automate portal, the person who triggers the flow should fill out the mandatory properties for creating the new user.
  • The flow will use an expression to generate a random password for the new user.
  • The next step is to add a validation case where we need to check if the User Principal Name (UPN) used for the new user already exists or not to proceed with the flow.
  • Then to get approval for user addition, an email will be sent to the manager.
  • Once the manager approves, the new user will be created, a manager will be assigned, and this will be notified to the manager by email.
  • If the manager rejects the approval request, a notification will be sent to the person who triggered the flow via email.

How to Automate User Onboarding with Power Automate?

To streamline the automation of Azure AD user provisioning tasks, we offer two approaches for you to choose from. Feel free to select the option that best suits your needs.

I. Import the Microsoft 365 User Provisioning Flow Directly

To simplify your task, we have prepared an exported package of our flow that you can directly import and utilize in your environment. Instead of starting from scratch, you can quickly access the flow package file through the link provided below.

  • In your Power Automate portal, you can find the ‘Import’ option in the ‘My Flows’ tab.
Importing user onboarding package zip
Import the user onboarding flow package zip
  • After clicking “Import package,” upload the package file downloaded from the link and edit the flow name as required, using the ‘Create as new’ option.
  • You can then click on ‘Select during import‘ and add the connections by authorizing with your desired Office 365 account.

Note: You will require a ‘User administrator’ or a ‘Global administrator’ account to authorize and use the Azure AD connection’s triggers and actions.

That’s it! Once done, turn on the flow and it’s ready to go! You can also customize the flow based on your organization’s requirements. At last, you can hit the ‘Run’ button on your ‘My flows’ page to start triggering the flow.

II. Step-by-Step Guide to Create User Onboarding Flow

Do you want to know how to create the flow from scratch? No worries! Follow the steps below to construct the flow on your own.

  1. Start Creating the User Onboarding Flow
  2. Generate a Unique Password for the New User
  3. Get the User Profile of the Manager
  4. Check If the User Already Exists
  5. Getting Approval from the Manager for User Onboarding
  6. Condition for Onboarding Flow

Prerequisites for Creating the Flow

Before creating the flow, one should have,

  • An Office 365 account with a Power Automate license
  • Connections to Azure AD, Office 365 Outlook, Office 365 Users, and Approvals resources to make use of their triggers and actions.

A connection is an intermediary for an API that links services to Microsoft Power tools. It offers users pre-built actions and triggers to create their apps and workflows by connecting their accounts.

  • If you are creating the flow for the first time, you’ll be prompted for signing into connections, you can just proceed signing into them, to use the triggers and actions from each service.
  • User administrator privilege to make sure Azure AD connection-based actions such as ‘Create User’ and ‘Assign Manager’ work seamlessly as these are administrative actions.

Now let’s get into the steps!

Step 1: Start Creating the User Onboarding Flow

Ready with the prerequisites, start to create a flow by following the steps below.

  1. Login into your Power Automate portal, and click on the ‘Create’ tab.
  2. Choose ‘Instant cloud flow’ and give a name for your flow.
  3. Select “Manually trigger a flow” as the flow’s trigger and give the details that are required to create the user. We have used the basic user details like First Name, Last Name, Display Name, Mail Nickname, User UPN, Manager Name, and Manager UPN.
Enter new user's details
Enter New User’s Details for User Onboarding

Step 2: Generate a Unique Password for the New User

The next step is to create a password for the new user. Generating unique passwords for new users is made easier with the “Variable” operation.

  1. Click on the new step and search for the ‘Variable’ operation; then select the action – ‘Initialize variable’.
  2. Here the variable is the password; So, choose the type as ‘String.’
  3. The password length must be up to 14 characters with uppercase, lowercase, and non-alphanumeric characters. So, give an expression like “rand (10000, 99999),” along with uppercase and lowercase characters in the value field.
Generate password for new user.
Generate Password for New User

Step 3: Get the User Profile of the Manager

Now that the password generation step is set, next, we need to assign a manager for the new user, who needs to approve the creation of that new user. Here are the steps to get the manager’s account info.

  1. Click on the new step and search for the “Office 365 users” connector.
  2. Under this Connector, select the “Get user profile (V2)” action.
  3. Get the manager UPN from the manually provided details in the first step using dynamic content and enter it in the ‘User (UPN)’ field.
Get manager's details
Get the Manager’s Details

In Power Automate, the dynamic contents are the kind of values produced by triggers and actions that are used in the flow. It lets the user choose fields referred to in previous steps.

Note: Assigning a manager to the new user also helps in creating organization charts in Microsoft 365, which provide a clear understanding of the company structure. This shows who the new hire will work with, making it easier for them to integrate more effectively into their teams.

Step 4: Check If the User Already Exists

Before proceeding with the flow, it is important to validate whether the User Principal Name (UPN) provided the new user already exists or not. By verifying if the user UPN is already in use, this step ensures a smooth flow execution without any fail.

  1. First select “Search for users(V2)” action from “Office 365 users” connector.
  2. In search term field, enter “User UPN” from dynamic content.
Search for User UPN in tenant
Validate if the user UPN already exists
  1. To ensure that the flow proceeds only when the user UPN doesn’t exist in your tenant, we can introduce a conditional control step. This step will check if the user UPN already exists and allow the flow to continue only if the user UPN doesn’t exist.
  1. In condition action’s value field, we shall use an expression using length function, which helps to find out whether the given string or array has values or not.
  1. If the array has a value, it indicates that the user UPN already exists; otherwise, it signifies that the user UPN doesn’t exist. So, we can give the condition as, the expression’s value is greater than 0.
Condition to validate the user UPN.
Condition to validate User UPN

6. If the condition is true, then an email will be sent to the person who triggered the flow, notifying that the user UPN they entered already exists in the tenant.

Email notification about the User UPN existence.
Email notification about User UPN existence

7. If the condition is false, then the flow will proceed with next step of user onboarding process in ‘If no’.

Step 5: Getting Approval from the Manager for User Onboarding

Next, we need to set an approval request step where an approval for user creation is requested from the manager under whom the new user will be created.

  1. Choose the “Start and wait for an approval” action under the ‘Approval’ operation.
  2. Here, select the ‘Approval type’ as “Custom Responses – Wait for one response”.
  3. Then, give response options as ‘Approve’ and ‘Reject’. We can give one or more options by clicking “+ Add new item”.
  4. Once done, you shall provide a title for the approval request and body content to be shown for the request approver. We can provide the user’s basic details which the manager can review and decide on approving the user creation. The user details can be provided with the help of the dynamic contents that can be taken from the initial steps.
  5. In the ‘Assigned to’ field, we shall give the manager’s ‘Mail’ which we obtained in third step.
Approval request for the User Onboarding.
Approval request for user onboarding

This operation initiates an email to the manager, prompting for approval. Upon receiving the manager’s response, the workflow progresses accordingly. Additionally, approval requests will be visible in Teams, enabling managers to approve them seamlessly within the Teams platform.

Approval notification appearance in Outlook & Teams.
Approval notification for onboarding a user – in Outlook & Teams

Step 6: Condition for Onboarding Flow

We’ll add conditions to configure the flow based on the manager’s approval response.

  1. Click on the new step, search for the ‘Control’ operation and select the ‘Condition’ action.
  2. Give the condition as ‘Outcome’ equal to ‘Approve’.
  3. If the manager approves, the flow will continue its run with the “If yes” flow. Else, the “If no” flow will run.
Condition for User Onboarding process.
Condition for User Onboarding Flow

If Manager Approves the User Creation,

Once the manager approves the new user creation, the Azure AD user will be created, and the manager will be assigned to them. At the same time, the manager will be notified via email about this assignment. Here’s how it can be done.

  1. In the “If yes” flow, choose the “Create user” action in the “Azure AD” Connector.
  2. Here, fill in the new user’s details from the list using dynamic content.
Enter required data to create user.
Enter Required Properties of User

3. In the new step, for assigning a manager, select “Assign manager” action in the “Azure AD” Connection, and give ‘User ID’ and ‘Manager ID’ using dynamic content.

Assign a manager for the new user.
Assign a Manager for New User

4. At the same time, the manager should be notified about this. So, in the parallel branch, add the “Send an email (V2)” action and customize the email. You can specify a specific email address or group as the sender of the email by entering the group email of the user onboarding in the ‘From (send as)‘ field.

User creation and manager assignment email notification.
User Onboarding Success Notification Email to the Manager

If Manager Rejects the User Onboarding,

If the manager rejected the user creation, the person who runs the flow must know about it.

  1. Select the “Send an email (V2)” action under the “Office 365 Outlook” Connector.
  2. Customize the email as you want and in ‘to’ enter the user’s email who triggered the flow from dynamic content.
User onboarding rejection email notification.
User Onboarding Rejection Email Notification

And now our flow is ready to run.

You can run the flow by clicking the ‘Run’ button on your ‘My flows’ page. You can also share this flow with the other people in your organization by adding them as an owner for this flow. So, they’ll be able to access the run history, and can run this flow upon onboarding needs.

We hope this blog brings you valuable insights on how to create a manager-approved employee onboarding flow with Power Automate. Also, there are other solutions like PowerShell and lifecycle workflows to create automated M365 onboarding. Similarly, you can also use Power Automate as a free tool to send password expiry emails to M365 users.

Do share with us your thoughts on using this power platform to automate your Microsoft 365 processes, in the comments section below.