HR Joiners Solution

Introduction

The HR Joiners PowerPlay solution provides a clean and easy way for you to automate your user onboarding and save time for your service agents.

Below, you'll find a demonstration of the HR Joiners Solution in action:

What does it do?

With the HR Joiners solution, your customers can submit an onboarding request through a DeskDirector ticket as they normally would. After their ticket has been submitted, the PowerPlay HR Joiners solution takes over and will:

• Create the necessary account in your Entra environment
• Configure the user as defined in the submitted form
• Apply any required security permissions for the user
• Confirm once the account has been created

Deployment

In this section, we'll cover how to go through the deployment process for the HR Joiners Solution.

For the deployment to work, you will need to deploy the solution library, then deploy either the ALM or self-service solution.

Prerequisites

To deploy this solution, in addition to the standard ServOrg and CustOrg requirements, you will need;

• Download the Microsoft ManagePermissionsGrant.ps1 script. (We recommend storing this alongside your other Tokity PowerPlay scripts. This will assume you are using C:\PowerPlay for this purpose.)
• Access to a computer where you have administrator-level permissions to run an elevated PowerShell prompt.

Solution Library Deployment

1. Open your Admin Portal and head to Integrations > Solution Library:
2. Select the Managed Solutions tab and open the HR Joiners solution:

   

   On this page, you can also see a version history as well as a list of features that will be deployed.
3. Select Deploy:

   

4. Follow the on-screen prompts to select a Queue/Board, Status, and Priority

   

5. Confirm by selecting Deploy. (This step can take some time to complete. Please do not close out of this page.)

   

6. Confirm under Advanced > Events and Client Portal > Forms to make sure your assets have deployed correctly.
   You should see two events and a form created by the HR Joiners deployment.

Solution Marketplace Deployment

1. Head to the PowerPlay Marketplace and select Download Solution for the HR Joiners solution:

   

2. Select Request ALM Deployment:

   

3. Navigate to your open tickets on the DD4DD Support Portal, and you should see a ticket with a name similar to PowerPlay App Deployment Request: HR Joiners.
4. Open the ticket and scroll down to the automated system comment. You should see that it has started the deployment for you:

   

5. On this page, you will also see that an additional form has been added for you to select a CustOrg to deploy to. Please fill this out, and then submit.
6. With the CustOrg selected, the deployment will commence, and you will receive an update on the ticket advising you when the deployment has been successful.
7. To confirm, open Power Apps and navigate to the Solutions tab. Under managed, you should see a successful deployment for HR Joiners.

Post-deployment Steps

Connections & Connection References

1. Under your ServOrg environment, navigate to the Default Solution and open the Connection references tab in the Objects panel
2. Update the IECB HR Leavers - DeskDirector connection reference to use the connection you configured in your post-deployment steps.
3. Update the IECB HR Leavers - Office 365 reference to use the connection you configured in your post-deployment steps.

Environment Variables

1. Under your ServOrg environment, navigate to the Default Solution and open the Environment variables tab in the Objects panel
2. There is a set of environment variables that you now need to set:
   1. IECB HR Joiners - Approval Required:
      Set this to on if you want your HR Leavers forms to request approval from your client's approvers before being actioned
   2. IECB HR Joiners - Board ID:
      Set this to the ID for the Queue or Board that you want your offboarding request tickets to land on
   3. IECB HR Joiners - Email Template ID:
      As part of the Solution Library deployment in your DeskDirector Admin Portal, an email template will have been created for you. You can find this in your Admin Portal under Email Delivery > Custom Template > Flow template. Select the HR Joiners - Send User Credentials template and copy the ID from the URL bar:

      

   4. IECB HR Joiners - Event ID - Ticket Submission and the IECB HR Joiners - Event ID - Form on Existing Ticket:
      Similar to the previous environment variable, you can find these IDs in the URLs for each HR Joiners event in your Admin Portal under Advanced > Events:

      

   5. IECB HR Joiners - Status IDs:
      You'll have to set 3 environment variables for your Closed, Completed, and In Progress status IDs. To find these:
      1. Head to your Admin Portal and open the System > Service Configuration
      2. Press F12 to open the web development tools and select the Network tab. (You can resize if needed to make things easier to see.)

         

      3. In your Admin Portal now, select the Statuses tab:

         

      4. You should see an entry now in your Network tab for statuses?state=active. Select this and then on the response tab, press Ctrl + F:

         

      5. Search for "name": "<YOUR STATUS NAME HERE>" (including any quotation marks) and then copy the entityId number for each of your status environment variables in PowerApps.

Enabling Cloud Flows

Now that we've finished importing our Solution and all the environment variables have been set, we need to enable the relevant Cloud Flows to get everything up and running.

1. Open Power Apps and navigate to the Solutions tab in your ServOrg environment
2. Select IECB-ServOrg-App-HR-Joiners and enable the following flows in order under the Cloud flows tab in the Objects panel:
   1. Enable [HttpReq] HR Joiners - Process Entra Account Creation Request
   2. Enable [HttpReq] HR Joiners - Update Usage Location Dynamic List
   3. You can then enable the rest of the remaining flows in the Cloud flows tab

Security & Service Orchestrator

Now that the flows are enabled, we can apply the appropriate security role, share the App, and then load the configuration into Service Orchestrator.

1. Under the Security roles tab in the Objects panel, you should see an HR Joiners User security role
2. Log in to the Power Platform Admin Center and load it into your ServOrg environment, and open the Users modal
3. For each account you want to add this role to:
   1. Search for the account
   2. For the relevant account in the list, click ⁝ (More Options) > Manage security roles
   3. Apply the HR Joiners Users security role
   4. Click Save
4. From the Apps tab in your Objects panel under the IECB-ServOrg-App-HR Joiners Solution back in Power Apps, select ⁝ (More Options) > Details for the HR Joiners App, and copy the Web link for the app
5. Navigate back to your Managed Solutions in your ServOrg and open the Service-Orchestrator-Library, then play the Service Orchestrator App
6. In the Service Orchestrator (once it loads, select Configuration Details and paste your HR Joiners web link under the HR Joiners playbook
7. Navigate back to your IECB-ServOrg-App-HR Joiners Solution and play the HR Joiners App.

You should see that the app has loaded as expected.

Granting Permissions for Entra Connector

1. Open an elevated PowerShell prompt and navigate to the directory where you have downloaded your ManagePermissionGrant.ps1 script (if using the same location mentioned in this article, this will be with the following command: cd C:\PowerPlay) and execute the script (& .\ManagePermissionGrant.ps1)
2. Use the Azure Global environment
3. Authenticate with an admin account from your ServOrg's tenant
4. Open Commonly used Apps and select Microsoft Graph
5. In the Scope table, select:
   1. Directory.ReadWrite.All
   2. GroupMember.ReadWrite.All
   3. RoleManagement.ReadWrite.Directory
   4. User.ReadWrite.All
   5. User.EnableDisableAccount.All
6. Double-check your required permissions, then select No and log in with your admin account for your ServOrg's tenant
7. Select No when it asks you whether you want to delete any existing grants
   This will mean the permissions we have granted will be added on top of the existing permissions rather than deleting the already existing ones.
8. Select Yes to confirm