Full solution from PowerShredders of Axdata

We came into this Hackaton with the idea that we could make the Onboarding process a lot less manual, a lot more secure and reduce the risk of human errors in the process significantly. And we’ll be honest, we are extreamly happy with the solution we now are traveling home with! The best thing you ask? It works like a sharm, every bit of it! We have tested it several times, and everything flows exactly as described!
You can see the full solution under here, but we’ll start with a summary of why we think we should get a lot of points in the four different main categories:

Excellent User Experience:

Lets start with the help this will give to the employees already working in the company:
– HR now will have a veary streamlined process for Onboarding, where all tasks that can (and should be) automated are just that. They don’ need to spend time sending out agreements, follow up with signature, enter a lot of information regarding the new employee in the system, follow up on other employees that forgets the tasks they have in an Onboarding. They don’t need to notify IT about a new employee coming it and wait for creation of user and access to systems. All of this happens automatically. Nothing is forgotten, no sensitive information is sent in emails or seen by someone who shouldn’t see it.
– IT never needs to think about a new employee coming in anymore. Everything is automated and just happens. Isn’t that the best user experience? When you actually don’t have to do even one click, and the process still works?
– Other employees in the company having tasks regarding a new employee coming in will be reminded of their tasks and make sure nothing is forgotten. Automated and nice. And, if they complete their task, no notifcation will be sent, it really is as easy as it sounds

And then, to the candidate starting. If the company implements this solution, everything will be ready for the new employee when he has his firsgt day of work. He can even get information about the company, his team, his manager and more in the Onboarding Portal before he starts, so we can keep up the good energy people feel when they are about to start working at a new company. The new employee will also feel that this company really takes care of their employees, and that they really are up to date in the digital world we’re living in.

Most Extreme Business Value:

The value for companies here are so high, that it’s almost difficult to know where to start. But, first of all, this saves a lot of time for the HR department. And, we really mean A LOT of time. Not just that everything is automated so they don’t need to do as much as they have to now to register a new employee, but they don’t have to push and follow up everyone else that hasn’t done their part and they don’t have to correct human errors that’s been done during the process. They can spend their time on something that is much more valuable to the company, and that is to make sure that all the employees already working here gets the best environment possible to do their job as best as they can! Lets face it, this is what we want the HR department to do, we don’t want them to spend time on entering data into a system.
The IT department will also save a lot of time witht this solution, that they can spend on other things as well. Not that I work in our IT department, but I assume that creating users and assigning licenses and access aren’t the most fun task they do at work. So I would think this will actually make their workday more fun!
Let’s just do an approxemently calculation of time saved. Create a contract for the new employee, upload it for e-signature, send it for signing, recieve it, ask the employee for more information so that it can manually be put into the system. Let’s say this totally takes 5 hours at best. Then someone needs to tell IT to create user and access and make sure that it have been done, a total of 1 hours. Then someone needs to follow up other employees, to make sure everything is done and ready for the new employee. This is maybe the most time consuxming, and I don’t think it’s wrong to say that this takes at best 8 hours in total during the time between someone signs and their first day of work. This means that time saved for just this one onboarding process is at least 14 hours. One of our customers typically hires between 10 and 20 employees every month, and this means that this solution will save them between 140 and 280 hours. Each month! To have an other example, an other customer of ours plans to hire 1.500 employees by the end of 2023… You do the math here!

Rock Solid Geeknes:

There are so many partws in this solution that works perfectly together, we almost can’t believe that we actually made this work as good as it does now. We seriously din’t think that we would be able to automate that many parts of the process as we have done now.

Killer App:

We have created this as a total solution, so that everything can be uploaded and used by all companies using Dynamics FO og Dynamics HR. With only a little personalization to make the wording, logo etc. fit the different companies, this can be set up quite fast. And, of course, each part can be implemented by it’s self too, if someone don’t want the whole solution. But, we know that this will be an easy solution to sell to our customers, as we know that a lot of them already really wants this!

The solution:

And now, finally, let’s go to the solution. You have been through a recruitment process in your company, and you have picked a really awesome candidate you want to send an offer to. This is what you do:

1: Create the candidate in Dynamics, and fill name, startdate, email address and phone number, and connect him to the position:

Like magic, the candidate resieves an email to view, update and sign the agreement. The Agreement is automatically filled with data from Dynamics before it’s sent out for signing, done through an API we created with OneFlow right here at this Hackaton:

The candidagte fills in the National ID number, and signs the Agreement using Bank-ID:

3: Agreement is signed by the company as well:

4: You Hire the candidate in Dynamics with two clicks, and assign the onboarding checklist that should be used for this canidate, and ticks the checkbox to create a user in Azure AD for the new employee:

This triggers a PowerAutomate that first create a work email for the new emplyee, sets this new email as the primary email address on the Employee workspace in Dynamics and creates the Azure AD user for the new employee and assigns group and licenses to it, and ends with sending the login detail to the employee with SMS, together with the link to the Onboardig Portal:

And, of course we have created a PowerAutomate that will remind the employees in your company about the tasks they are assigned regarding the onboarding of the new employee if they don’t follow it up by themself:

Now, the employee can log in to the Onboarding Portal (that works on all devices), and enter in more information about himself. When submitted, the data is automatically updated directly in Dataverse, and then becomes visiable in Dynamics within seconds:

And, last, but absolutely not least, the night before the new employee has his firs day of work, a PowerAutomate runs and imports the user to Dynamics, connects the user to the correct employee in Dynamics, and assigns the security role Employee to the user so that the new employee has accsess to the Employee Self-Service workspace in Dynamics:

And, to end it all for now, we have automated the process for email signature, so that is is automatically put on every one of the emails you send out. Now they finally will lokk the same for the whole company:

The signature itself is created with HTML-code, after a rule is created in Exchange

Branch policies, infrastructure as code with Pulumi and CICD as code with yaml

👾🤓✋🏻😎✌🏻👾

Det er opprettet to brancher i vårt github repo.
Develop branch som holder kode for dev miljøet.
Master branch som holder kode for test og prod miljøet.
Det er implementert regler som krever at man setter opp PR,
og for å kunne merge koden til develop må en annen utvikler godkjenne koden.
Det er også implementert build check som starter automatisk når man setter opp PR, slik at man unngår å merge inn kode som vil feile i CICD.

Github branch policy
PR to master with build check

Mappestruktur

/nINjas

Inneholder vår SPA applikasjon med React og .NET6

/nINjas.Infrastructure

Inneholder ASP.NET med Pulumi

/python

Inneholder pyton kode for å ta bilde med rasbery pi og analysering av bilde

Infrastructure as code with Pulumi

Pulumi with ASP.NET

CICD as code with yaml


Deployment with the power of the shell

Vi har jobbet med å kjøre CICD i azure devops men har noen rettighetsproblemer så deployment er gjort med powershell:

Deploy infrastructure with pulumi commands in powershell
Failed deployment in AzureDevops but with more time it will work!

Kjører på en app service i azure: https://ninjas.azurewebsites.net/

Clean good practices during development

MaMNT are aiming to keep technical debt to a minimum, and to maximize agility, extensibility, security and maintainability. Sure, we could rush ahead, building a quivering monolith on the brink of collapse. But this is about putting pride in your craft!

Code Repository

The code repository is hosted in GitHub as a mono-repo, split into individual subdirectories for different parts of our solution. Mono-repo is used by software giants such as Google and Microsoft, to make testing and development easier across apps and products.

Continuous Delivery

Continuous delivery is achieved through GitHub Actions: The gRPC server and Registration app are built and deployed to Azure App Service whenever changes to the apps are pushed to the main branch.

The Github Actions workflow (steps are minimized to save space)
Deployment complete!

Secure secret storage

Of course, client secrets are kept out of the code. Secrets are kept in Azure Key Vault, and are injected as environment variables in the App Service.

The appsettings.json file does not include the Client Secret.
The secret (Azure__ClientSecret) is added in Azure Web App through a reference to Key Vault, where the secret is stored.

Inversion of Control

Following Microsoft and industry best practices, the software project uses Dependency Injection to achieve Inversion of Control. Our classes are stateless, and dependencies are injected from the service provider. Classes depend on abstractions instead of implementations, to make the solution more “plug-and-play” and simplify unit testing.

The GrpcClient class takes a StatusUpdateHandler as well as a Logger from the service collection. Appsettings are injected as well.
The GrpcClient installer.
Adding the required services in an app that uses the GrpcClient.

SOLID principles

We adhere to all “SOLID principles”. All classes and methods do one thing and do them well. Classes depend on abstractions instead of implementations. Interfaces are small and interchangeable.

How we deploy our solution

InfoNinjas developement is happening with Azure DevOps.

Repo are fetched from Github for continues integrations. What you see is a .Net API

Next is setting up a CI Build Pipeline

When we save and run then it will show the pipeline

Setting up CI Azure Pipeline

Deployment Multi Stage Pipeline for Dev, Q/A, Prod Environment

CI/CD pipeplines

We are now ready with CI/CD in our solution. All resources are now defined and implemented via arm templates, it improves the deployment process to the different environments.

We defined first our build pipeline in DevOps:

Once the build is completed, the RELEASE pipeline runs and deploys resources to our Resource Group

Happy coding 😊

Governance on SharePoint site themes – Issue #1 now resolved

Github issue #1 is now addressed and resolved.

Iterating on the light/dark theme upload scripts TMNT IT management has added the capability to iterate over all SharePoint sites and apply the dark theme as default.

The updated script https://github.com/EivindBerge/PIZZA-TIME-ACDC-2022/blob/main/theming/site-theme-management-tmnt.ps1 is running in a scheduled Azure Run Book using PowerShell Core 7.1. SharePoint Online Credentials are as runbook credentials, which is sufficient for this scenario. Key Vault could of course be an option, or even better using a certificate – but as IT is very centralized this works for the time being.

Credential
Runbook
A job well done
Inverted theme applied!

We have also added more code and security scanning tools to also cover PowerShell scripts and find more general security issues.

Kjøleskapet kan se!

Etter mye klabb og babb har vi endelig fått satt opp Raspberry Pie’en vår med Python, Vs code, ssh-tilkobling til git-repo og selvfølgelig et fungerende webkamera!

Ved hjelp av et lite bash-script, Azure’s egne pythonmoduler får vi lastet opp og analysert bildene innen få sekunder, med en liste over alle objekter i bildet. Etter litt testing er vi veldig imponert over presisjonen, selv om Azure insisterer på at klementin vår er et eple. Svaret sendes videre til en Power Automate flow som oppdaterer data verse.

Arbeid utført. Pull request til godkjenning

Når arbeidstempoet er såpass høyt, er det fort gjort å glemme skikkelig testing eller linting der det trengs, så før det merges inn i develop branchen, må endringene godkjennes av en av teammedlemmene. Konfigfiler og nøkler skal for eksempel ikke inn i kildekoden.

Deploy like a ninja

For å rulle ut kode og infrastruktur tar vi i bruk Devops pipelines og ruller ut løsningen ved hjelp av Bicep. Bicep er et DSL (domain-specific language) hvor man deklarativt kan deploye Azure-ressurser.

Vi bygger kildekoden i azure devops ved hjelp av en yaml fil som etter fullført og vellykket bygg utfører en deploy av en azure function og opprettet tilhørende infrastruktur.

Følgende infrastruktur blir opprettet

  • APIM
  • Key Vault
  • Azure Function
  • Storage

På denne måten sørger vi for at ved hver innsjekking av kode, som for eksempel en azure function, vil koden valideres, bygges og løsmningen deployes trygt.

Vi claimer ACDC Craftsman og Hipster (på grunn av at vi bruker Bicep som er forholdsvis nytt 😉 )

Github repository & Azure Devops

For å få en god start på prosjektet setter vi i Bouvet Shredders opp en Github repository og Azure Devops. Med Azure Devops kan vi jobbe på tvers av teamet på best mulig måte.

Alle som ønsker å følge med på vår progresjon er hjertelig velkommen til å ta en titt på vår Github Repository:

  • https://github.com/bricenocar/acdc-2022

Vi tar i mot inspill med åpne armer, så ikke vær redd for å si ifra hvis du ser noe som kan gjøres bedre måte!