This will create an account for the new hire in Azure Active Directory

Manifest

{
    "form": [],
    "oauth": {
        "refresh": {
            "url": "https://login.microsoftonline.com/{{ TENANT_ID }}/oauth2/v2.0/token",
            "data": {
                "scope": "https://graph.microsoft.com/.default",
                "client_id": "{{ CLIENT_ID }}",
                "grant_type": "client_credentials",
                "client_secret": "{{ CLIENT_SECRET }}"
            },
            "method": "POST"
        },
        "access_token": {
            "url": "https://login.microsoftonline.com/{{ TENANT_ID }}/oauth2/v2.0/token",
            "data": {
                "scope": "https://graph.microsoft.com/.default",
                "client_id": "{{ CLIENT_ID }}",
                "grant_type": "client_credentials",
                "client_secret": "{{ CLIENT_SECRET }}"
            },
            "method": "POST",
            "cast_data_to_json": true
        },
        "without_code": true,
        "authenticate_url": "https://login.microsoftonline.com/{{ TENANT_ID }}/adminconsent?client_id={{ CLIENT_ID }}&redirect_uri={{ redirect_url }}"
    },
    "exists": {
        "url": "https://graph.microsoft.com/v1.0/users/?$filter=mail eq '{{ email }}'",
        "method": "GET",
        "expected": "{{ email }}"
    },
    "execute": [
        {
            "url": "https://graph.microsoft.com/v1.0/users",
            "data": {
                "displayName": "{{ first_name }} {{ last_name }}",
                "mailNickname": "{{ first_name }}{{ last_name }}",
                "accountEnabled": true,
                "passwordProfile": {
                    "password": "{{PASSWORD}}",
                    "forceChangePasswordNextSignIn": true
                },
                "userPrincipalName": "{{email}}"
            },
            "method": "POST",
            "headers": {
                "Content-Type": "application/json",
                "Authorization": "Bearer {{oauth.access_token}}"
            }
        }
    ],
    "headers": {
        "Content-Type": "application/x-www-form-urlencoded",
        "Authorization": "Bearer {{oauth.access_token}}"
    },
    "extra_user_info": [
        {
            "id": "PERSONAL_EMAIL",
            "name": "Personal email address",
            "description": "Add the email address from the user (not business) to send email credentials to."
        }
    ],
    "initial_data_form": [
        {
            "id": "CLIENT_ID",
            "name": "The Azure client id",
            "description": "You can view this when you create a new app."
        },
        {
            "id": "CLIENT_SECRET",
            "name": "The Azure client secret",
            "description": "You can view this when you create a new secret."
        },
        {
            "id": "PASSWORD",
            "name": "generate",
            "description": "Used to create the new hire's password for new user account."
        },
        {
            "id": "TENANT_ID",
            "name": "The id of the tenant",
            "description": "You can view this when you create a new app."
        }
    ],
    "post_execute_notification": [
        {
            "to": "{{ PERSONAL_EMAIL }}",
            "type": "email",
            "message": "username: {{ email }}, password: {{PASSWORD}}",
            "subject": "Here are your active directory login credentials!"
        }
    ]
}

Instructions

1. Create a new app in Azure.
2. Fill the client key in the field in ChiefOnboarding.
3. Under "Certificates & secrets", create a new secret key.
4. Fill the secret key in the field in ChiefOnboarding.
5. Under "Expose an API" add "User.ReadWrite.All".
6. Under "API permissions" add "User.ReadWrite.All to the "Microsoft Graph" (type: application).

Make sure the API permissions are set to the gobal domain.