Azure Automated Onboarding Project

bmeinert8

Brian Meinert

Posted on October 31, 2023

Azure Automated Onboarding Project

Project Overview

Another week, another Azure project in the books for my portfolio and cloud engineering journey. I'd first like to start by giving a ton of credit to Gwyneth Peña-Siguenza for all of her incredible videos, project ideas, and educational content she puts out. She has been a ton of help to me on my journey through all of this content, and I recommend anyone who's looking to either get into cloud or advance their cloud careers to check out her channel. Now let's get into this project!

The idea of this project is to create an onboarding process for a new member, from an email that is received, or information comes in from a Microsoft list. That info is then taken in by an Azure logic app, creates a new user account in Entra ID, adds them to the proper group with proper permissions and roles, and finally sending an email to the user administrator to review the account and permissions before enabling the account. I did this project a little differently than it was suggested, as I don't have a work or school account, I did not have the proper permissions to trigger the logic app off an email or Microsoft list. Instead, I used an HTTP request that I generated to the app using the VSCode Thunder Client extension.

Project Steps

To get started with this project, the resources you'll need are:

  • Azure Account (you can get one for free if you don't have one.)

  • Azure Tennant

  • VSCode or any other code editor to write some JSON

  • VSCode Thunder Client

  • Entra ID Group

  • Azure Logic App

The first step of this project, once you have an Azure account and tenant said up, is to go in and create a group in your Microsoft Entra ID. For this project, I just created a basic group to add a new user to. If you have an AD p2 license, you can create a dynamic group where you can have people dynamically added based on something like a job role and have a set of specific roles assigned to that group.

Once we have that group created, its time to get into building the logic app.

Logic app creation window

In the creation, since this isn't going to be a live running app I selected the consumption-based plan instead so I'm only paying for whenever the workflow runs. As soon as the logic app is created, our next step is to hop into the logic designer pane and begin creating our app.

To kick off the app I selected the "When a HTTP request is recieved" trigger. insdie the trigger, it'll ask for a Request Body JSON Schema.
*Note that when you create the trigger your HTTP POST URL will be blank. Do not worry it'll generate the URL when you save the app.
HTTP Request Trigger

To create the JSON Schema, there are a couple different ways to go about this task. If you know how to write JSON, you can create the file in VSCode or whatever text editor you use. If not, you can use a site such as this free JSON to JSON Schema Converter. You could also just write it out in the body itself. Since I was creating a repository for this project in GitHub to display, I created my JSON Schema in VScode. Once you have your JSON schema written go ahead and add it to the trigger.
JSON Schema

Now that we have our trigger completed, the next step I took was to create the actions. for this logic app, I had three actions that were to take place. The first action was to create a user in our Microsoft Entra ID tenant. To fill in the boxes of the create user action, I used dynamic content and concat functions to pull data from the JSON in the HTTP request. Also, for security purposes, I did not enable the newly created account, in case of a chance of a malicious user. The account must first be approved and then enabled by the admin.

Logic app with create user step added

Now with the new user created it, I set up another action to add user to a group which I created in my Micorosft Entra ID earlier. Now remember if you have a P2 liscence and dynamic groups, you may not need to do this step based on what the conditions are for your dynamic group (ex. add everyone with Job title containing network administrator) and you have that condition declared and met in the creation of the user. To add the user to the group, there are 2 things you need, the first is the Group ID which you can grab from your Microsoft Entra ID tenant, and the User Id. The User Id, like previously in the Create User, can be dynamically grabbed from the create user action.

Logic app with add user to group added

With the new user created and added to our specified group, the final step in building the logic app was to add the final action of sending an email to the admin to review and activate the account.

Fully created Logic app

With the logic app completed and saved, it was time to head over to VSCode, open up the thunder client and see everything go into action. with the Post URL copied from the logic app and placed in the thunder client, I then added the JSON body of the required parameters that the app requested, and sent the request.

Thunder Client Request

with the request sent, in the overview section of the logic app, I verified that the run was successful, checked the Entra ID for the new user and also made sure the user was in the group, followed by checking my email to make sure that I got the email to verify and activate the account.
Succesful runs

Closing Statements

This was a great mini project to build, and I had a ton of fun creating and learning about logic apps as well. If you are looking for something fun to create and add to your portfolio I highly recommend giving this one a shot! Best of luck on your journey and creations, and as always, thank you for taking the time to give this a read!

💖 💪 🙅 🚩
bmeinert8
Brian Meinert

Posted on October 31, 2023

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related

Azure Automated Onboarding Project
azure Azure Automated Onboarding Project

October 31, 2023