Operational Context
In large enterprise environments, user deprovisioning (offboarding) is as critical as onboarding. Leaving accounts active after an employee leaves creates significant security risks and compliance gaps. During my time in a large-scale operations team, we faced a challenge: offboarding hundreds of users weekly from a legacy LMS platform that lacked a direct API for account deletion.
The Problem
The manual process required a technician to:
- Open a CSV export of terminated users.
- Log into the web admin console.
- Search for each user individually.
- Manually trigger the delete/deactivation sequence and confirm.
This was prone to human error, incredibly repetitive, and often led to backlogs in offboarding tickets.
The Solution: RPA-Driven Lifecycle Management
I developed a Power Automate Desktop (PAD) flow to handle this "human-in-the-loop" requirement programmatically. By using a data-driven approach, we turned a multi-hour task into a background process.
Technical Workflow
- Data Ingestion: The flow reads a master deprovisioning list (Excel/CSV) containing the target email addresses.
- Browser Automation: Launches a secure Chrome instance and navigates to the administrative dashboard.
- Iterative Logic:
- The flow loops through the Excel data.
- It triggers the UI filter to isolate the user profile.
- It performs a "physical" click on the delete element and handles the downstream confirmation modals.
- Error Protection: Implemented
ON ERROR REPEATblocks to handle network latency or slow DOM rendering.
5-Point Production Structure
1. The Strategy
The goal was to eliminate manual data entry errors and ensure that 100% of terminated users were deactivated within the SLA window (24 hours).
2. The Logic
I utilized UI Selectors and Excel-driven loops. The flow was designed to be platform-agnostic; if the UI changed, we only needed to update the selector in the PAD repository rather than rewriting the core logic.
3. Verification
Before running in production, the flow was tested in a sandbox environment. We verified success by correlating PAD logs with the platform's audit trails.
4. Implementation
The script was deployed on a dedicated VM, allowing it to run unattended during low-traffic hours. This removed the burden from the daytime service desk team.
5. Troubleshooting (RCA)
Insight: Early versions of the flow failed when a user was already deleted.
Fix: Added a conditional check (WebPageToContainElement) before attempting the delete action. If the user wasn't found, the script logged the skip and moved to the next entry without crashing.
System Considerations
- Security: The PAD bot used a service account with "Least Privilege" access—only permissions for user management, nothing more.
- Auditability: Every action taken by the bot was logged to a central SharePoint list for compliance reviews.
- Scalability: This same logic was later applied to other legacy platforms, creating a standardized "Offboarding Bot" template.
