[REWST - TASK] User Onboarding: Create User
This Rewst workflow automates the entire user creation process across multiple identity platforms" on-prem Active Directory, Azure AD/Entra ID, and JumpCloud. It handles syncing between systems, assigning users to the right groups, and logging passwords in PSA tickets. Use it to standardize client onboarding, cut down on mistakes during new hires, avoid repetitive manual setup, and keep security practices consistent across environments.
The workflow first checks for existing accounts to avoid duplicates. Then it creates users in the right identity platforms based on the client’s setup, syncs between on-prem and cloud directories, assigns group memberships, and logs credentials in the PSA. It also includes failure handling at each important step.
This workflow contains 35 tasks.
Inputs
psa - string
Used to select PSA manually. Uses organization variable
default_psa
is not set
zip - string
This parameter stores the user's postal/zip code for address information in directory services. It's a string value (e.g., "90210" for US or "M5V 2H1" for Canada) and is optional, typically used alongside city, state, and street_address parameters.
city - string
This parameter captures the user's city location for directory services and location-based configurations. It's a string value (e.g., "San Francisco") and is optional, though recommended when providing complete user address information.
email - string
This parameter defines the user's complete email address in your environment. It's a string value (e.g., "john.smith@company.com") and while marked optional, it's typically essential for most modern user provisioning as it serves as a primary identifier across systems.
state - string
This parameter specifies the user's state or province for directory services. It's a string value that can be full name or abbreviation (e.g., "California" or "CA") and is optional but recommended when providing complete address information.
company - string
This parameter identifies which organization the user belongs to, especially important in multi-tenant MSP environments. It's a string value (e.g., "Acme Corporation") and is optional but recommended for proper user categorization.
no_mail - string
Disables setting Mail Nickname to Username is not blank
password - string
This parameter sets the user's initial password for authentication. It's a string value that should meet your organization's complexity requirements (e.g., "P@ssw0rd123!") and while marked optional, a value is typically required unless your workflow generates passwords automatically.
username - string
This parameter specifies the user's login name for authentication across systems. It's a string value (e.g., "john.smith" or "jsmith") and while marked optional, it's practically required as it's the primary identifier for the user account in most systems.
last_name - string
This parameter captures the user's surname for identification across systems. It's a string value (e.g., "Smith") and while marked optional, it's practically required for proper user identification and often used to generate email addresses and display names.
ticket_id - string
Set to ticket id if there is an existing ticket
department - string
This parameter specifies the user's department within the organization for proper grouping and permissions. It's a string value (e.g., "Finance", "IT", "Sales") and is optional, but valuable for organizational structure and automated group assignments.
first_name - string
This parameter captures the user's given name for identification across systems. It's a string value (e.g., "John") and while marked optional, it's practically required for proper user identification and often used to generate email addresses and display names.
idp_config - string
Identity Provider to be used when creating the user
Default:
{{ CTX.idp_config|d }}
supervisor - string
Sets supervisor on the User record
user_title - string
Sets title on the User record
max_retries - integer
Max number of tries to wait for On Perm to sync to Azure AD. (3 minutes per retry)
Default:
{{ 30 }}
psa_tech_id - string
Override PSA Technician ID. Uses organization variable
psa_default_tech_id
if not set
user_office - string
Sets office on the User record
custom_email - string
Sets custom email on User record
email_domain - string
This parameter specifies the domain portion of the email address. It's a string value (e.g., "company.com") and is optional, typically used in conjunction with mail_nickname or username to form the complete email address.
user_to_copy - string
Select user will be copied from
Default:
{{ CTX.user_to_copy|d }}
mail_nickname - string
This parameter defines the user's email alias or prefix before the @ symbol. It's a string value (e.g., "jsmith") and is optional, often used when the email naming convention differs from the username format.
street_address - string
This parameter captures the user's physical street address for directory services. It's a string value (e.g., "123 Main Street, Suite 100") and is optional, typically used for contact information in Active Directory and other systems.
usage_location - string
This parameter specifies the user's geographical location for licensing and compliance purposes, especially for Microsoft 365. It's a string value, typically a two-letter country code (e.g., "US", "UK") and is optional but recommended for proper license assignment.
copied_user_upn - string
Copy from User via UPN
exchange_server - string
Exchange Server Name
store_in_ticket - boolean
If true, store password in PSA Ticket
Default:
{{ false }}
user_description - string
This parameter provides additional information about the user's role or position. It's a string value (e.g., "Senior Network Engineer - Contract") and is optional, typically used for administrative context in directory services.
exchange_database - string
This parameter specifies which Exchange database should host the user's mailbox. It's a string value (e.g., "MBX-DB01") and is optional, typically only relevant for on-premises Exchange or hybrid environments where mailbox placement needs to be specified.
home_drive_letter - string
User's Home Drive Letter
Default:
{{ CTX.home_drive_letter|d }}
requested_password - string
Requested User Password
Default:
{{ CTX.requested_password|d }}
home_directory_path - string
This parameter defines the network path for the user's file storage location. It's a string value (e.g., "\fileserver\users\jsmith") and is optional, pulling from context variables if configured in your environment. This is primarily used for on-premises Active Directory environments.
Default:
{{ CTX.home_directory_path|d }}
organizational_unit - string
OU to create the user account in. We can omit this an use the default AD OU or list all OUs that contain user accounts. If OUs contain description fields, we can display on those versus the CanonicalName. (NOTE: OUs must contain at least one user to be displayed)
Default:
{{ CTX.organizational_unit|d }}
email_domain_on_prem - string
Email Domain Name (On-Prem)
force_password_change - boolean
If selected, user must change password upon first login
Default:
{{ false}}
jumpcloud_user_groups - array
JumpCloud User Groups
Default:
{{ CTX.jumpcloud_user_groups|d([]) }}
cannot_change_password - boolean
Crated user can not change password
Default:
{{ false}}
onprem_security_groups - array
Security Groups (On Perm)
Default:
{{ CTX.onprem_security_groups|d([]) }}
password_never_expires - boolean
Password Never Expires
Default:
{{ false}}
phone_number_formatted - string
Formatted Phone Number
base64_customdisplayname - string
If your user has special characters in their name, use this field for their display name
onprem_ad_license_groups - array
On-Prem AD License Groups
Default:
{{ CTX.onprem_ad_license_groups|d([]) }}
shared_mailboxes_on_prem - array
AD Security Groups (Identified for this list by on-prem AD Query)
Default:
{{ CTX.shared_mailboxes_on_prem|d([]) }}
onprem_distribution_groups - array
Distribution Groups (On Perm)
Default:
{{ [ ] }}
override_azure_ad_username - string
Custom Azure AD Username
desk_phone_number_formatted - string
Formatted Desk Phone Number
Outputs
automation_log: Standardized Rewst automation log
aad_user_id: If applicable will return the ID of the Azure AD/Entra user.
aad_user_object: If applicable will return the entire user object of the Azure AD/Entra user.
on_prem_user_sid: If applicable will return the SID of the On-Prem AD user.
success: Boolean; States if workflow was successful.
aad_supervisor_upn: UPN of the supervisor in Azure AD/Entra
Overall process status
Key tasks
document_password_in_ticket: Sub workflow for PSA ticket update
Wait for AD to sync to Azure: Waiting/delay
check_if_failed: Validation/verification
create_azure_ad_user: Creation/initialization
select_identity_provider: Core integration: noop
Jinja examples
Example 1
Used in input parameter 'ticket_id'
Example 2
Used in input parameter 'internal_note'
Last updated
Was this helpful?