Image Preview
1 / 1
Get In Touch
Get In Touch
HomeCase StudiesEmployee Onboarding App
Employee OnboardingHR ManagementAutomationGraph APIPower AutomateSharePoint1 min readApril 2026

Employee Onboarding App

The company was managing employee onboarding and offboarding manually, with HR administrators juggling multiple systems, manual folder creation and inconsistent processes. We built an Employee Lifecycle Management app that automates the entire journey from new starter to retirement — automatically creating Microsoft 365 accounts, assigning licences and groups, generating SharePoint folders from templates, managing onboarding tasks and deprovisioning accounts on departure.

RL
Rob Lees
Founder & Principal Consultant
Sector
Business Size 200+
Technology
Graph APIPower AutomateSharePoint
Delivery Time 12 weeks
The Challenge

Manual onboarding processes creating delays and security risks

The company’s employee onboarding and offboarding processes were entirely manual, requiring HR administrators to coordinate across multiple systems with no centralised workflow. When a new employee started, HR had to manually create user accounts in Microsoft 365, assign licences, add users to SharePoint groups, create employee record folders and ensure all onboarding tasks were completed. This manual coordination was time-consuming, error-prone and created inconsistent experiences for new starters.

SharePoint folder creation was particularly problematic. HR administrators manually created folder structures for each employee, copying templates and ensuring correct permissions were applied. This process was slow and inconsistent, with variations in structure making it difficult to locate employee records later. Onboarding tasks were tracked informally with no structured system to ensure all steps were completed, leading to missed steps and delays in getting employees fully set up and productive.

Offboarding presented even greater risks. When employees left, accounts had to be manually deactivated, licences removed and access revoked across multiple systems. Delays in this process created security vulnerabilities, with former employees potentially retaining access to company systems and data. There was no automated way to ensure accounts were deprovisioned consistently or that all systems were updated when someone departed, creating both compliance and cost issues through unused licences.

  • ⚙️

    Manual Microsoft 365 provisioning

    HR manually creating user accounts, assigning licences and configuring SharePoint group memberships for every new starter.

  • 📂

    Inconsistent folder structures

    Employee record folders created manually with variations in structure, permissions and organisation across the business.

  • No task tracking workflow

    Onboarding tasks tracked informally with no visibility of completion status, leading to missed steps and delays.

  • 🔒

    Security risks on departure

    Former employees potentially retaining access due to manual deprovisioning delays, creating security and compliance vulnerabilities.

Key Outcomes
Account CreationAutomated
HR Admin Time−70%
Folder CreationTemplate-based
DeprovisioningInstant
Task TrackingReal-time
Time to Go-Live12 weeks
Technology Used
Model-Driven AppPower AutomateMicrosoft Graph APISharePointMicrosoft FormsAzure AD
The Solution

Complete employee lifecycle automation from onboarding to departure

We designed and built an Employee Lifecycle Management app that automates the entire employee journey. When HR adds a new starter, the system automatically creates their Microsoft 365 account, assigns licences and groups, generates SharePoint folders from templates, creates onboarding tasks and adds the employee to integrated systems. On departure, accounts are automatically deactivated, licences removed and access revoked across all connected systems.

  • 01

    Automated Account Provisioning — Microsoft Graph API

    When HR adds a new employee to the Model-Driven App, Power Automate triggers workflows via Microsoft Graph API to create the user account in Azure AD, generate a temporary password (reset required on first login), assign the appropriate Microsoft 365 licences and add the user to the correct SharePoint groups based on their role and department. All provisioning happens automatically within minutes of the employee being added to the system.

    Microsoft Graph APIAzure ADAuto ProvisioningLicence Assignment
  • 02

    Template-Based Folder Creation — SharePoint Integration

    The system automatically creates employee record folders in SharePoint using predefined templates, ensuring consistent structure and permissions across all employees. HR no longer manually builds folder structures — the app creates folders, applies the correct permissions and provides HR with the folder location for storing employee documentation. This ensures compliance, consistency and rapid access to employee records.

    SharePointTemplate FoldersAuto PermissionsConsistent Structure
  • 03

    Onboarding Task Management & System Integration

    The app automatically assigns onboarding tasks to HR administrators, tracking completion status in real-time and ensuring nothing is missed. The system provides HR with the information needed to add employees to other business systems (where API integration wasn’t cost-justified) and automatically adds new starters to the company’s audit system for employee health and safety audits. Microsoft Forms integration enables automated introductory health checks to be sent to new employees for HR monitoring.

    Task AutomationMicrosoft FormsAudit IntegrationStatus Tracking
  • 04

    Automated Deprovisioning — Instant Account Deactivation

    When an employee is marked as retired in the app, Power Automate immediately deactivates their Microsoft 365 account, removes assigned licences, revokes SharePoint group memberships and removes them from integrated third-party systems. This eliminates security risks from delayed offboarding, ensures unused licences are reclaimed instantly and provides HR with a complete audit trail of when accounts were deprovisioned and by whom.

    Auto DeactivationLicence RemovalAccess RevocationAudit Trail
Delivery

Twelve weeks from discovery to go-live

A comprehensive programme integrating Microsoft Graph API, SharePoint and third-party systems to automate the complete employee lifecycle. Delivered through iterative sprints with extensive security testing and validation.

01
Weeks 1–2
Discovery & Security Planning
Workshops with HR and IT teams. Existing onboarding and offboarding processes mapped. Microsoft Graph API permissions and security model designed. Integration requirements for third-party systems validated.
02
Weeks 3–6
Core App Build & Graph API Integration
Model-Driven App built for employee management. Microsoft Graph API integration configured for Azure AD provisioning, licence assignment and SharePoint group management. Employee data model designed in Dataverse with security roles configured.
03
Weeks 7–9
SharePoint Templates & Task Automation
SharePoint folder templates designed and automation built for folder creation and permissions. Onboarding task workflows configured with automated assignments. Microsoft Forms integration for health checks implemented. Audit system integration completed.
04
Weeks 10–11
Deprovisioning & Third-Party Integration
Automated deprovisioning workflows built for account deactivation, licence removal and access revocation. Third-party system integrations configured for employee removal on retirement. Comprehensive security testing completed.
05
Week 12
UAT, Training & Go-Live
User acceptance testing with HR and IT teams covering full employee lifecycle. Security and compliance validation. Training delivered to HR administrators. Production deployment with monitoring of first live provisioning and deprovisioning cycles.

Security-First Design

The platform was built with enterprise security and compliance at its core. All Microsoft Graph API calls use delegated permissions with appropriate scopes. Account provisioning follows the principle of least privilege, and deprovisioning workflows ensure immediate access revocation to eliminate security risks from departing employees. Complete audit trails track every provisioning and deprovisioning action.

🔄Automated Lifecycle

  • Azure AD account creation
  • Automatic licence assignment
  • SharePoint group membership
  • Template-based folder creation
  • Onboarding task workflows
  • Health check integration
  • Instant deprovisioning
The Results

Secure, consistent employee lifecycle management at scale

−70%

HR Admin Time

Manual account creation, folder setup and system coordination eliminated. HR focuses on employee support, not administrative tasks.

Instant

Account Provisioning

New employee accounts created automatically with licences, groups and folders configured within minutes of being added to the system.

100%

Folder Consistency

Every employee record folder follows the same template structure with correct permissions, ensuring compliance and easy retrieval.

Zero

Security Delays

Departing employees’ accounts deactivated instantly with licences reclaimed and access revoked across all systems automatically.

Auto

Task Tracking

Onboarding tasks assigned automatically with real-time visibility of completion status, ensuring nothing falls through the cracks.

Complete

Audit Trail

Full history of every provisioning and deprovisioning action with timestamps and user details for compliance and security audits.

Your project

Still running inspections on paper?

Book a free 30-minute discovery call. We will map your current inspection process, show you what a digital solution looks like and give you a clear view of what is achievable — with no commitment required.

Free 30-min discovery call No obligation Response within 1 business day