How to Create Automated New Hire IT Provisioning

New hires should not spend their first day waiting for account access. I built a system to automate new hire IT provisioning that creates email accounts, grants tool access, sets up permissions, and sends credentials before the employee walks in the door.

Everything the new hire needs is ready before they start.

What You Need Before Starting

• Python 3.8+
• API access to your identity provider (Google Workspace, Microsoft 365)
• API access to your tools (Slack, GitHub, AWS)
• A role-based access template

Step 1: Define Role-Based Access Templates

ACCESS_TEMPLATES = {
    "engineering": {
        "google_workspace": {"groups": ["[email protected]", "[email protected]"]},
        "slack": {"channels": ["engineering", "deployments", "general"]},
        "github": {"teams": ["developers"], "repos": ["main-app", "infrastructure"]},
        "aws": {"role": "developer", "permissions": ["ec2:read", "s3:read"]},
        "tools": ["jira", "confluence", "datadog"]
    },
    "marketing": {
        "google_workspace": {"groups": ["[email protected]", "[email protected]"]},
        "slack": {"channels": ["marketing", "content", "general"]},
        "tools": ["hubspot", "canva", "analytics"]
    }
}

Step 2: Create the Provisioning Pipeline

import json
from datetime import datetime

class ProvisioningPipeline:
    def __init__(self, new_hire):
        self.hire = new_hire
        self.results = []
        self.template = ACCESS_TEMPLATES.get(new_hire["department"], {})

    def provision_email(self):
        first = self.hire["first_name"].lower()
        last = self.hire["last_name"].lower()
        email = f"{first}.{last}@company.com"
        self.results.append({"step": "email", "status": "created", "value": email})
        self.hire["email"] = email
        return email

    def provision_slack(self):
        channels = self.template.get("slack", {}).get("channels", [])
        for channel in channels:
            self.results.append({"step": f"slack_{channel}", "status": "invited"})
        return channels

    def provision_github(self):
        github_config = self.template.get("github", {})
        for team in github_config.get("teams", []):
            self.results.append({"step": f"github_team_{team}", "status": "added"})
        return github_config

Step 3: Execute Provisioning with Error Handling

def run_provisioning(new_hire):
    pipeline = ProvisioningPipeline(new_hire)
    steps = [
        ("Email Account", pipeline.provision_email),
        ("Slack Channels", pipeline.provision_slack),
        ("GitHub Access", pipeline.provision_github),
    ]

    report = {"hire": new_hire["first_name"] + " " + new_hire["last_name"],
              "started": datetime.now().isoformat(), "steps": []}

    for step_name, step_func in steps:
        try:
            result = step_func()
            report["steps"].append({"name": step_name, "status": "success", "detail": str(result)})
        except Exception as e:
            report["steps"].append({"name": step_name, "status": "failed", "error": str(e)})

    report["completed"] = datetime.now().isoformat()
    return report

Step 4: Send the Welcome Package

def send_welcome_email(hire_email, provisioning_report):
    successful_tools = [s["name"] for s in provisioning_report["steps"] if s["status"] == "success"]

    body = f"""Welcome to the team!

Your accounts are ready:

{chr(10).join(f'- {tool}: Active' for tool in successful_tools)}

Your login credentials have been sent separately via our password manager.
If anything is missing or not working, message #it-help on Slack.
"""
    print(f"Sending welcome email to {hire_email}")
    return body

Step 5: Generate the IT Setup Checklist

def generate_it_checklist(hire_name, department):
    template = ACCESS_TEMPLATES.get(department, {})
    checklist = f"# IT Setup Checklist: {hire_name}\n\n"

    for category, config in template.items():
        checklist += f"## {category.replace('_', ' ').title()}\n"
        if isinstance(config, dict):
            for key, value in config.items():
                checklist += f"- [ ] {key}: {value}\n"
        elif isinstance(config, list):
            for tool in config:
                checklist += f"- [ ] {tool} access granted\n"
        checklist += "\n"

    return checklist

What to Build Next

Add deprovisioning that reverses everything when someone leaves. Mirror the access templates so removing access is just as automated as granting it. The provisioning pipeline becomes a full employee lifecycle system.

Related Reading

• Building Your First Automation: A Complete Guide - automation step by step
• The Automation Decision Tree - what to automate first
• Cost of Manual vs Cost of Automated - quantifying manual IT setup time