Lines overlay image

Blog | 4-minute Read

4 ways Azure Logic Apps improves Entra ID extensibility

Martyn Gill

Senior Architect

Published: 28 November 2023

Learn why Azure Logic Apps improves Entra ID extensibility and provides the catalyst for customised identity management.

As identity and access management (IAM) shifts ever more into the cloud, we’re seeing increasing functionality becoming available in Microsoft Entra ID.

This is important because to embrace the clear benefits of cloud-first IAM, and future-proof your environment, you need to have the technology solutions to drive those advantages.

In this blog, part of our series on cloud-first IAM, we examine the role Azure Logic Apps can play in unlocking extensibility in Microsoft Entra ID.

In particular, how they can unlock new opportunities and efficiencies in combination with: Access Packages, Lifecycle Workflows, API-driven Inbound Provisioning, and Post Processor.

The power of Azure Logic Apps

First released in 2015 by Microsoft, Azure Logic Apps is a cloud-based, serverless platform that lets users create and run automated workflows through a visual designer tool, with little or no code requirement.

It’s a user-friendly way to connect services like Azure services to a wide range of on-premises and SaaS applications. Essentially acting as a connecting bridge between external systems and applications, and your IT system.

Providing a simple, effective way to create scalable integrated workflows between legacy on-premises, multi-cloud, and hybrid environments.

And it’s this functionality that lets us unlock Entra ID extensibility beyond its ‘out-of-the-box’ capabilities.

For instance, by integrating Azure Logic Apps with the features in Entra ID, organisations can create seamless connections with external HR or Human Capital Management (HCM) systems and their IT infrastructure.

This integration opens up new possibilities for extensibility, allowing organisations to automate processes, enhance efficiency, and improve security in their onboarding and off-boarding processes.

The Complete Guide to Microsoft Entra ID

Download your 34-page guide to Microsoft’s identity tools.

Azure Logic Apps: Examples of Entra ID automation

In this section we’ll explore four examples of where Azure Logic Apps can be integrated with features across Entra ID and Governance to broaden what’s possible in your cloud-identity environment.

And how this can deliver secure, scalable, and super-efficient solutions throughout your processes and your organisation.

logic-apps-entra-id-extensibility-diagram

1. Unlocking efficient HR-driven provisioning

Microsoft announced the launch of their API-driven inbound provisioning tool in the summer of 2023. And it was another breakthrough moment on the journey to full cloud provisioning capability.

Previously, integration between Entra ID and HCM systems had been limited to Workday and SAP SuccessFactors.

But API-driven inbound provisioning has made it possible to integrate with any HR system or source of record, either in the cloud or on-premises.

Because it can integrate with just about anything, Azure Logic Apps is a powerful way to facilitate these integrations. Connecting to a vast range of services, they’re able to provide the triggers to automate every task in your organisation’s provisioning processes.

Providing the foundation for scalable, automated workflows that drive efficiency, accuracy, security, and greater user experiences across your organisation.

2. Access Package automation with Azure Logic Apps

For those who don’t know, Access Packages is a feature within Entra ID’s Entitlement Management tool (NOTE: you require the Entra ID Governance licence, an add-on SKU to your Entra ID licence, for the full feature-set).

They’re an effective way of grouping together the resources a user needs access to for their job or project.

By integrating Azure Logic Apps, you can create custom workflows with automation baked into each and every task.

For instance, in the case of a new starter at a business, Logic Apps can be triggered to automate processes such as:

  • Checking a new starter has the appropriate permissions.

  • Assigning the correct Access Package to the employee.

  • Sending out email notifications to approvers.

  • Send users welcome emails and joining instructions.

  • Revoking and reissuing appropriate Access Packages when an employee changes role.

  • Removing access when an employee leaves the business.

This frees your IT team from the routine tasks that, while essential, can eat so heavily into their precious time and resources.

But that’s not all.

Logic Apps also offers the ability to drive productivity through your more complex access management workflows.

It offers flexibility and allows you to connect all your SaaS apps and services in one place. Ensuring that any change or action in one system triggers the appropriate action, change, or notification in every other.

Which means every user, whether employee, customer, or partner, has easy access to the resources they’re allowed to access.

And no access to that which they don’t.

3. Streamlining joiner-mover-leaver (JML) processes with Lifecycle Workflows

Available within the Entra ID Governance licence (an add-on SKU to your Entra ID licence), Lifecycle Workflows is another significant advancement in Microsoft’s cloud-based identity governance capabilities.

It lets organisations efficiently manage employee lifecycle in the joiner-mover-leaver (JML) process. This is achieved by creating workflows that automate repetitive tasks that occur when an employee joins or leaves the business, or when they move to a new role in the company.

With Logic Apps you can increase the extensibility beyond Entra ID’s core capabilities by creating custom task extensions that trigger actions in external systems.

This gives you the versatility to develop fully automated complex workflows that can include different actions, notifications, and services across a wide range of connected applications.

Let’s look at how this might work through a simple JML process.

Ebony and green person plus icon on transparent background

New starter onboarding (joiner)

  • The HR department enters the new starter’s details into the HR system.
  • A workflow in Lifecycle Workflows executes Azure Logic Apps for extensibility beyond out-of-the-box tasks.
  • The new user created by the provisioning service is added into Entra ID.
  • It assigns the new user to the appropriate groups based on the requirements of the role.
  • It creates a mailbox for the new user and assigns licenses for the necessary software.
  • It sends a welcome email to the new user with details about their first day, including their username and temporary password.
Ebony and green people collaboration icon on transparent background

Employee changes job role (mover)

  • The HR department updates their details in the HR system.
  • A workflow in Lifecycle Workflows executes Azure Logic Apps for extensibility beyond out-of-the-box tasks.
  • The workflow amends access to resources and applications accordingly.
  • It changes the user’s group memberships based on their new role and location.
  • It updates the user’s software licenses based on their new role.
Ebony and green person and rising arrow icon on transparent background

Employee leaves the organisation (leaver)

  • The HR department updates their status in the HR system.
  • A workflow in Lifecycle Workflows executes Azure Logic Apps for extensibility beyond out-of-the-box tasks.
  • The workflow disables the user’s account in Azure AD.
  • It removes the user from all groups.
  • It revokes all software licenses.
  • It archives the user’s mailbox and forwards any new emails to their manager.

Using Logic Apps as the connecting bridge between Lifecycle Workflows and your different systems provides a process that improves accuracy and efficiency.

Making for smooth, secure, and frictionless onboarding and offboarding,

Not only freeing up time for the HR and IT teams, but creating user experiences that drive productivity and employee satisfaction and retention.

4. Increasing Entra ID extensibility by leveraging post-processor tasks

After a workflow has been executed, it’s commonplace to have additional, follow-on tasks that need to be carried out.

Typically, these are tasks like updating the database in line with occurrences in the workflow, sending a notification of a change to the relevant stakeholders, or even enabling another workflow.

Once again, routine but essential tasks in the life of an IT professional that can quickly drain away time. And of course, manual input to these kinds of tasks in bulk increases the risk of human error.

Which can undermine the IT effort and increase the risk of security and compliance breaches.

The beauty of Azure Logic Apps is that, with custom integrations, you can fully automate these tasks.

Plus, when you integrate with Azure Log Analytics (populated within Entra ID logs) it’s possible to initiate any workflow off the back of changes made within Entra ID.

Further increasing the extensibility of Entra ID, while driving yet more efficiency, accuracy, and peace of mind security through the IT team and the organisation as a whole.

The secret sauce for unlocking the Entra ID’s full potential

We can think of Azure Logic Apps as the secret ingredient for organisations seeking to enhance the extensibility of their Entra ID implementation.

They automate processes, integrate with external systems, and streamline identity and access management workflows.

Integrating Entra ID and Logic Apps enables organisations to improve efficiency, enhance security, and ensure compliance with regulatory requirements. Plus, they drive better experiences for internal and external users that can make such a difference to employer brand, staff retention, and talent acquisition.

On your journey towards full cloud identity and access management, consider the role Azure Logic Apps can play in unlocking the full potential of Entra ID.

Key takeaways

  • Integrating Azure Logic Apps creates seamless connections between Entra ID, external systems, and their IT infrastructure.

  • By integrating Azure Logic Apps, you can create custom workflows with automation baked into each and every task.

  • Logic Apps drives productivity through your more complex access management workflows.

  • Logic Apps increases Entra ID’s extensibility beyond its core capabilities by creating custom task extensions.

  • Entra ID and Logic Apps improves efficiency, security, and user experience.

The Complete Guide to Microsoft Entra ID

Master Microsoft Identity. Grab your free 34-page guide and discover tools that:

  • Improve identity efficiency by 50%
  • Reduce data breach risk by 45%
Butterfly overlay image

Author

Martyn Gill

Martyn Gill is a Senior Architect for Kocho. He loves providing the latest visionary, best-in-breed solutions to our client’s business problems, across multiple disciplines with technologies from our partners.

tag icon

Great emails start here

Sign up for free resources and exclusive invites

Subscribe to the Kocho mailing list if you want:

  • Demos of the latest Microsoft tech
  • Invites to exclusive events and webinars
  • Resources that make your job easier
Butterfly overlay image

Got a question? Need more information?

Our expert team can help you.