Today in How to Automate, we will learn the basic steps of onboarding automation. We will see how you can onboard a new employee automatically through Mindflow.
As your organization grows, batches of new employees will come. For the IT team, it means repeating the same process x times. The process itself is not complicated. It merely sums up as login into your identity provider, creating the user, assigning to them the different privileges and/or assigning them to the different groups they shall be within, logging in into the different admin sections of the tools you use to create the profile or invite the new user, sending a warm, welcoming email, indicating the first steps to onboard, the mandatory tasks they have to perform first, such as setting new passwords, 2FA, accepting security policies, perform their cybersecurity awareness training, etc.
A lot of tasks to perform! This load is still manageable when you have one or two monthly onboardings. However, when new comings are piling up on top of other tasks, sometimes more urgent, the IT team could not have time to perform the necessary tasks thoroughly.
This can result in errors, omissions, or insufficient time to perform other tasks. One way to reduce the load is to start automating basic steps. This is what we are going to do with Mindflow today.
To do so, we will orchestrate two tools: Slack and Google Workspace through Google Admin Directory SDK API and Gmail API.
The goals of onboarding automation with Mindflow
Before we dive into the technical how-to, we want to emphasize the onboarding automation goals as we will build it.
We want to automate the first steps and centralize the initial inputs — names, email addresses, and phone numbers — in a single point so the person responsible for the onboarding task doesn’t have to type them in different places. It also saves the time to either compose the email by yourself or fetch the template, personalize it, and send/post it on the targeted communication channel.
Following the successful implementation of this Flow, the person responsible for the onboarding will be able to create the user on Google Workspace, invite the user to the Slack workspace and the desired Channel, and send them the onboarding details and tasks to be performed to complete their onboarding.
On top of these basic steps, this Flow can easily be updated to include more third-party tools, such as Hubspot, Salesforce, or Intercom for sales folks, Notion as your workspace, or even replace Google API calls with Azure ones to create the user in the Azure Active Directory. You can replace Slack communications with emails from Gmail API or Outlook API. Suppose you have an MDM such as Kandji, Hexnode, or JAMF. In that case, there is also the possibility to automate the provisioning of the asset from Mindflow to enable future employees to get work done ASAP.
These Flows upgrades will be the subject of future How to Automate, so stay tuned!
Meanwhile, let’s quickly peek at the final Flow before starting the work.
Creating the onboarding automation flow on Mindflow
This section is divided into sub-sections to reflect the different milestones: setting up the required configuration before building and creating steps and configuration.
Setting up the prerequisites
As we will use Slack and Google Workspace, we must ensure the following elements are met before diving into concrete stuff.
The first thing you want to ensure is the API credentials and scopes. Let’s detail this for each tool.
- Slack
Go to https://api.slack.com/apps/YOUR_ORG_ID/oauth?. Under Bot Token Scopes, add:
- channels:read
- chat:write
Under User Token Scopes, add
- admin.users:write.
This will allow us to invite users to the workspace and enable our bot to contact them directly.
In this Flow, we are using two Google APIs. Google Admin Directory SDK API and Gmail API. For the Admin API, we will need the following OAuth Scope:
https://www.googleapis.com/auth/admin.directory.user
For the Gmail API, we will need one of the following scopes:
https://mail.google.com/https://www.googleapis.com/auth/gmail.modifyhttps://www.googleapis.com/auth/gmail.composehttps://www.googleapis.com/auth/gmail.send
- Mindflow
Create the credentials needed for Slack and Google in the Vault. Once done, go to the main page and create a new Flow. Name it as you want, and, of course, select the best emoji possible! This time, I chose the hatching chick. Now that the Flow is created open it and click the gear icon next to the Flow’s title to get the webhook URL that is the second starting from the bottom.
Go to https://api.slack.com/apps/YOUR_ORG_ID/slash-commands? to create a new command fill in the different fields as shown in the picture below and C/C the webhook URL in the Request URL. Click “Save”.
We are good to go!
Designing the onboarding automation Flow
On to the fun part! To begin, query the Flow once from Slack by typing your command. This will generate a webhook log on the Flow and allow us to work. Once done, click the + icon on the canvas to create a new step by querying Slack chat_postMessage as shown below.
Open the step settings by clicking the gear icon right under the step. In the Input table under channel, type “/” to open the Data Picker tool. Select the trigger and pick channel_id. Now, click the little processor icon in the top right corner of the popover to display all the input fields. Find Blocks, click the three dots on the left of the field, and click JSON. Once done, paste the following text:
[
{
"type": "context",
"elements": [
{
"type": "image",
"image_url": "https://media.istockphoto.com/id/1195743934/vector/cute-panda-character-vector-design.jpg?s=612x612&w=0&k=20&c=J3ht-bKADmsXvF6gFIleRtfJ6NGhXnfIsrwlsUF8w80=",
"alt_text": "cute panda"
},
{
"type": "mrkdwn",
"text": "*Mindflow* asks you to carefully fill the following field."
}
]
},
{
"dispatch_action": true,
"type": "input",
"block_id": "type "/" to select Resume execution ID",
"element": {
"type": "plain_text_input",
"action_id": "plain_text_input-action"
},
"label": {
"type": "plain_text",
"text": "First name",
"emoji": true
}
}
]Important: If you look closely you will see that we have “Type “/” to select Resume execution ID.” This will create an asynchronous step. The Flow execution will be on hold until the person responsible for the onboarding has pressed “Enter.”
Yes, I want to display a little panda to make the prompts warm and welcoming! Ensure your Slack credentials are filled in the Settings tab and run the step once. On Slack, you should receive this. This first message will ask you to fill in the new employee’s first name and wait until you hit enter. Upon “enter”, the Flow will ingest the answer and return to execution. Run the step once to generate logs. This will generate the resume log and enable us to proceed with the flow design.
Now, what we want is to limit the flooding of messages. To do so, we will create another following this first one and query chat_delete. In the Input tab, we look at Ts (for Timestamp) and Channel. To fill in Ts, open the Data Picker tool with “/”, select the Slack execution, and pick the field Ts. For the Channel, repeat the process in the first Slack step.
You know the next steps. We are going to reproduce this combination three times, but in the Blocks field, we will replace “First name” with “Last name”, “Personal email address”, and “Phone number”. Also, don’t forget to replace the Resume execution by ID pill for each chat_postMessage step.
Do so by clicking the six dots on the left of the step to Copy them. Then click Add a new step under the last step to select and create the copied step. Run the step to generate logs and then create the chat_delete step. Repeat the step’s configuration process. Repeat this process twice.
Now you should have this layout and have all the basic information to query Google Admin Directory SDK API. Add a small explanatory note under each step or the chat_postMessage steps. This will be useful for the next steps.
But, before that, you have to generate a random password. Don’t worry. We will force password change at first login. To do so, create a Transform Data (TD). Inside, add an item and name it generatepassword. Click the fx button and apply a Generate UUID (Universally Unique Identifier) function to generate a unique suite of numbers and letters.
After that, perform a Run and fill press “Enter” on all the prompts incoming on Slack. This will generate the resume execution logs to configure the next steps.
Set up Google Workspace onboarding automation.
Now, create a new step by querying directory.users.insert in Google Admin Directory SDK API. Configure the step as the following: Under Full name, Family name, and Given name, open the Data Picker tool to get the corresponding Slack resume step payloads. For the first field, pick firstName and lastName from the related steps, as shown below. Repeat this process to fill in the three fields.
For the Org unit path field, type “/” (like really a “/”, not to open the Data picker tool, haha) unless you’re not creating this user profile in the top-level of your organization on Google Workspace.
Scroll down a bit until you find the Recovery phone. Pick the input from the corresponding Slack step. Right under, you will find the Primary email. Again, open the Data Picker tool to select firstName, familyName, or both, then hard-type in your domain.
For Password, type “/” and call the variable uuid. Under, enable the boolean Change password at the next login. Finally, you can set up the recovery email if you desire so by filling in the field Recovery email with the person’s personal email address.
The next stop is preparing the email to be sent. To do so, create a TD and, inside, six items named to, subject, body, header, raw, and payload.
- to: Pick the personal email address
- subject: hard-type your email title. This will be the first email sent to future employees saying they should receive an email to set up their Google Workspace account.
- body: type your email body!
- header: Type:
- To: call to
- Subject: call subject
- Content-Type: text/plain; charset:’utf-8′
- raw: call header and body, then click fx and apply a To Base64 function. Make sure the Standard is set to “Standard (RFC 4648): A-Za-z0-9+/=”
- payload: type
{
"raw": "Call raw"
}Create an HTTP request. Select POST. In the URL field, C/C “https://www.googleapis.com/gmail/v1/users/me/messages/send”. In the body, as a JSON, call payload. Make sure your credentials are filled. Your email is ready to be sent!
Set up Slack onboarding automation.
Create a Slack step by querying admin_users_invite in the Finder. To set up this step, go into the Input tab and fill in the fields: Team id, pick the id in the initial webhook payload. Email: pick the primary email from the Google Admin Directory SDK API step answer log. Channel ids: here, fill in the field with the channel ids you wish the new employee to have access to upon onboarding.
Once done, let’s fetch this new user in Slack by querying users_lookupByEmail. Pick the primaryEmail from the Google admin step. Finally, following this step, create a chat_postMessage and, in Channel, pick the object id inside the table user from the last Slack step that you will have run once.
Click the processor icon to find Blocks. In it, paste:
{
"blocks": [
{
"type": "section",
"text": {
"type": "plain_text",
"text": "Hello "Type "/" to pick the employee first name"",
"emoji": true
}
},
{
"type": "section",
"text": {
"type": "plain_text",
"text": "I am pleased to welcome you onboard. It is time to perform your IT onboarding!",
"emoji": true
}
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "*Hardware*"
}
},
{
"type": "section",
"text": {
"type": "plain_text",
"text": "Type in hardware requirements.",
"emoji": true
}
},
{
"type": "section",
"fields": [
{
"type": "plain_text",
"text": "You can add specifics here",
"emoji": true
},
{
"type": "plain_text",
"text": "You can add specifics here",
"emoji": true
}
]
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "*Accounts*"
}
},
{
"type": "section",
"text": {
"type": "plain_text",
"text": "Your Identity Provider: Write details here.",
"emoji": true
}
},
{
"type": "section",
"text": {
"type": "plain_text",
"text": "Your password manager: Write details here.",
"emoji": true
}
},
{
"type": "section",
"text": {
"type": "plain_text",
"text": "Your Workspace: Write details here.",
"emoji": true
}
},
{
"type": "section",
"text": {
"type": "plain_text",
"text": "etc, etc.",
"emoji": true
}
}
]
}Or, you can also refer in a hyperlink to an existing ticket that the new employee is assigned to in your workspace as such:
[
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "Hello "NAME"type "/" to pick the employee first name"!"
}
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "Nice to see you onboard! I am sending this message automatically from Mindflow. Please take some time to go on <YOURLINK| FILL THE PAGE OR TOOL NAME> and have a look at your onboarding ticket to perform the listed tasks."
}
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "Should you encounter any issue in doing so, please feel free to contact a member of the Governance team or the ITSecOps team!"
}
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "Have a good day "Type "/" to pick the employee first name"!"
}
}
]The picture below is the kind of message the new employee will receive a direct message from your onboarding automation bot.
Your basic onboarding automation is done!
