Would you use software that automates onboarding?
Posted by BrandonInTech@reddit | sysadmin | View on Reddit | 27 comments
I’m usually just lurking reading all the posts, until a lightbulb came on the other day.
My job everyday consists of account creations, disables, and deletes. It seems like such a pain point for so many companies.
Just to keep this short and see if this is something worth investing my time into. Do you think you or your company would pay for a SaaS/Agent product that automates onboarding and off boarding users?
Just putting feelers out there. Give me your thoughts and opinions
bitslammer@reddit
We already have onboaring, moves and offboarding automated as many orgs have for years.
We have an IAM system that pulls from the HR system and then propagates changes to all the other identity stores.
MNmetalhead@reddit
Why would I get “software” for this when PowerShell scripts work great?
Not interested in some AI vibe-coded “solution”.
shiranugahotoke@reddit
This is the answer. Powershell handles it all if you know what you are doing.
VeryRealHuman23@reddit
OP could probably add a UI to it and maybe something which is related to his onboarding which is a good use of vibe coding.
But to ship this as commercial software, not worth the effort and it’s so far behind others that no one would use this.
Battousai2358@reddit
Use a mix of REWST automation and PS script. Was a bitch and a half to make a script for all 300 clients. Just to find out we have 10 more in the pipeline ready for onboarding. Would love REWST to automate hybrid environments at least until we finally talk all of our clients into Azure.
Bright_Arm8782@reddit
Not having to reinvent the wheel and having someone else obliged to sort it out when it goes wrong.
ElectroSpore@reddit
I was about to say we have a not to complicated powershell script that does this already.
anonymouse589@reddit
We use one called Salamander, it looks each morning at our MISs for changes in user accounts then creates users, updates group membership, sets profile pictures and disables user accounts. It then emails us a CSV of newbies/leavers and I plug that into a powershell that sticks that data and their papercut ID into a custom word doc which is given sent to HR to slip into the welcome aboard pack and give to the newbies when they arrive. I know it uses the primary key from the MIS DB to identify each person and stores it in the employee ID field in AD. The only drawbacks for most of you is they only do education.
AdeelAutomates@reddit
Its a pain because they dont script.
These are the most commonly recommended things to automate with PowerShell.
ButterflyPretend2661@reddit
we can vibecode our own scripts thanks.
itskdog@reddit
There are many products in this category already, how will your product stand out from the existing giants?
For schools, Microsoft already have School Data Sync that's included with all education plans, and even automatically creates Teams Classes for each class with the students and teachers added as members pulling from the school's MIS. Apple also have their own version, too.
I'm sure similar products must exist to combine HR systems with IT systems, but having only worked in Education I'm not familiar with any product names.
ZealousidealState127@reddit
Everything should sync to ldap/active directory/Google cloud directory. Relatively simple to add a front end to the directory server that propagates whatever fields are needed for HR to onboard/suspend users.
groundhogcow@reddit
Do you think everyone hasn't already scripted there on-boarding process with custom settings for there own environment?
If I have to do a task 5 times I make a script, much less something done hundreds.
aricelle@reddit
This already exists. Most payroll suites have API hooks for both Microsoft Intune and Google Admin.
At my company, HR adds them to payroll which kicks off automation to Intune/AutoPilot which takes care of credentials & app provisioning, and tickets to help desk for laptop, Security for ID badge, and Facilities for office space.
BrandonInTech@reddit (OP)
My lunch is over but will answer questions when I get off work. So far see great questions though. As far as the vibe code question that is a no. I already know 9 different programming languages and plan to do this line for line.
Thanks for the responses so far though!
shiranugahotoke@reddit
Something to think about - if you automate your job many companies wouldn’t hesitate to make your position redundant.
I’m not saying don’t write automations, but make sure you continue to have work you can do for the company.
FelisCantabrigiensis@reddit
On the one hand, my company puts a lot of effort into automating access control and authorisation, which implicitly includes on-boarding and off-boarding, so they are already paying for this (in engineering effort, both own code and configuring services that we buy in).
On the other hand, automating these processes requires a lot of knowledge of business processes and integration into a lot of software products and services. Not nearly every application understands "let Okta control who can use it" and even integrating them to Okta [1] is quite some effort. The effort of configuring a centralised authorisation controller to manage authorisations correctly is considerable and unavoidable - it's why the "identity management" industry continues to be significant and has not been replaced by some simple software solution.
So I doubt you can "automate onboard and offboarding" to make the effort for enterprises very small. You can, perhaps, provide a framework that reduces the effort and can be programmed easily, therefore reducing the problem from a general programming issue to a domain-specific programming issue. That might well have value that many people are willing to pay for, but may also be a very considerable task for you to achieve.
[1] Other centralised authn/authz systems are available.
AdminWorkAcct@reddit
The most common ERP systems allow API Webhooks to update Entra/AD with changes made by HR on the account in the ERP. If you set this up with RBAC the new hire gets set up in ERP, script runs overnight and pulls new info. Creates/edits Entra account and sets Job title, Department, Manager, whatever attributes you like.
This really reduces the effort required for onboarding because you can powershell most of it.
for offboarding when HR makes the change and the script runs you can disable/move/strip groups. Obviously a manual disable and sign in block is preferred but this is just a backup that can ensure that is done + handling whatever else you feel like scripting.
Smiles_OBrien@reddit
I have a mostly-automated script for account setups. Due to the nature of our environment I can't fully automate it, and having a couple manual items means there's sort of a "forced check" for if something goes wrong or I encounter a situation my script didn't account for / I mis-coded. That way it's never out-of-sight, out-of-mind, but the grunt work is off my plate.
AggravatingAmount438@reddit
The market is flooded with exactly what you're describing. And if you're about to fucking vibe-code something to try to sell: Fucking don't.
BlockBannington@reddit
No, this is handled by two completely free powershell scripts
Materially_Average@reddit
Vibe code it for yourself and save lots of time, but don’t tell anyone or try to sell it.
tristand666@reddit
I just wrote powershell scripts to do it all when the HR people did not want to add the automation to their software. I also scrape for unused accounts and put them in the offboarding pile too. I would guess many people management software programs can already do this type of stuff, but many require someone to actually create the automation in there.
d00ber@reddit
Well, just remember if you live in America and have a job have them sign a release before you code anything cause they own it. Yay freedom!
dzfast@reddit
Yes of course. This sounds to me like you think you have some novel idea and are going to vibe code an app though. Is that your thought process here?
If so, I would advise against it. This is a fairly mature product space and there are lots of existing products that do this.
Rich-Parfait-6439@reddit
In a heartbeat. As long as you can set it up per job description to give them only the access they need.
Demented_CEO@reddit
If you don't take agency at any stage in your company, how can you confidently take agency when you're hit with comoliance or legal requirements?
Just a few days ago someone was asking how others do offboarding since they had plenty of unnecessary licenses still active long after employees had left the company. And when finance asks you to audit this, which agent do you think will help you best? Right.