Fragmented forms delayed laptops and logins; ServiceNow HRSD with Active Directory (AD) made day?one access reliable

Overview

A construction firm’s onboarding stalled because HR, IT, and Facilities collected information through separate forms and inboxes. Laptops arrived late, accounts were created after day one, and Facilities learned about workspace and badge needs only after the start date. Intelligex implemented a unified onboarding workflow in ServiceNow Human Resources Service Delivery (HRSD) that generated one request per hire and orchestrated downstream tasks. Based on role, location, and start date, the workflow triggered Jamf Pro enrollment for Macs, Active Directory (AD) account provisioning and group membership, and Facilities requests for credentials and workspace. New hires received the right access and equipment without manual coordination, and managers and HR saw status in one place—while ServiceNow, AD, Jamf, and existing HR tools remained.

Client Profile

• Industry: Construction and engineering services
• Company size (range): Headquarters with regional offices and active project sites
• Stage: HR, IT, and Facilities used separate intake forms; email?based approvals; AD and Jamf managed by different teams; limited visibility across handoffs
• Department owner: Human Resources & People Ops (HR Operations and HRIS)
• Other stakeholders: IT Service Management, Endpoint Engineering/End?User Computing, Facilities/Badging, Security, Hiring Managers, Procurement, Identity/Directory Services, Payroll, Internal Audit

The Challenge

Onboarding inputs arrived through multiple paths. HR collected personal and role details in a form, IT worked from a separate equipment request, and Facilities required email instructions for badges, parking, and workspace. Start dates shifted as projects moved, but downstream teams were not updated in sync. The result was missed shipping windows, accounts that were not ready, and day?one scrambling to assign loaner devices or temporary access.

Tools did not speak to each other. IT created accounts in AD and set group membership by memory, Jamf enrollment happened when devices were on a desk, and Facilities tracked badge and key pickups in spreadsheets. Approvals were buried in email threads, and urgent exceptions jumped the queue without context. Coordinators pieced together status by asking each team, and there was no single view to confirm when a hire was actually ready.

Variance by role and location increased complexity. Field engineers needed project site access and specialized software; corporate hires needed different devices and shared drives; some roles required early access to safety training. Without one workflow to apply role rules and due dates relative to the start date, onboarding depended on individual diligence and repeated follow?ups.

Why It Was Happening

Intake was fragmented and provisioning logic lived in people’s heads. HR entered hire details, but those fields were not used to decide equipment bundles, access groups, or Facilities steps. IT and Facilities received requests detached from the start date and role context, so sequencing was inconsistent. Changes to a start date or location did not cascade to downstream tasks, and no system asserted ownership or due dates.

Approvals and exceptions lacked governance. One?off emails authorized non?standard devices or elevated access, but they were not bound to the record. Without a central workflow that validated required fields, generated tasks, enforced gates, and recorded approvals, each hire became a bespoke project with predictable delays.

The Solution

Intelligex delivered a unified onboarding workflow in ServiceNow HRSD that created a single case per hire and orchestrated tasks for IT and Facilities based on role, location, and start date. Dynamic questions gathered only what was needed for that hire, provisioning logic selected device and software bundles, and due dates were set relative to day one. Integrations pushed tasks to AD for account creation and group assignment and to Jamf Pro for device enrollment and configuration. Facilities received structured requests for badge, parking, and workspace setup. Managers and HR tracked progress in one place, and exceptions required documented approvals. The design leveraged ServiceNow HR Service Delivery (ServiceNow HRSD), Jamf Pro, and Microsoft Active Directory Domain Services.

• Integrations: ServiceNow HRSD for request intake, tasks, and approvals; AD account and group provisioning via on?prem integration; Jamf Pro for device enrollment, policies, and software; Facilities ticketing for badge and workspace; HRIS for hire data and start dates; notifications through email and collaboration tools.
• Dynamic request model: Role? and location?aware catalog item; prefilled hire details from HRIS; conditional questions for field vs corporate roles, union status, project assignment, and remote/hybrid setup.
• Provisioning logic: Mapped roles to device bundles, software, and AD groups; triggered Jamf enrollment and policies; generated shared drive and application access tasks tied to group membership.
• Facilities logistics: Structured tasks for badge creation, keys, parking, and workspace; delivery or pickup options for equipment; safety training prerequisites linked when required for site access.
• Approvals and gates: Maker?checker for non?standard devices or elevated access; exception capture with reason codes; sequencing gates to ensure dependencies met before day one.
• Reminders and updates: Due dates relative to start date; nudges to task owners; automatic adjustments when start dates changed; completion write?backs to the onboarding case.
• Dashboards and evidence: Readiness views by cohort, role, and location; exception queues; exportable packets with approvals, tasks, and completion timestamps for audit.
• Security and guardrails: Least?privilege service accounts; secrets stored in the enterprise vault; role?based access to onboarding data; immutable logs of changes and approvals.

Implementation

• Discovery: Mapped onboarding steps across HR, IT, and Facilities; inventoried device bundles, AD group mappings, and Jamf policies; reviewed Facilities processes for badges and workspace; sampled delays and exception patterns; gathered audit, security, and privacy requirements.
• Design: Authored the catalog item and dynamic questions; defined role?to?bundle and group mapping; selected integration patterns for AD and Jamf; designed Facilities task templates; set approval matrices and exception categories; planned dashboards, notifications, and evidence exports.
• Build: Configured HRSD workflows and tasks; implemented AD provisioning and group assignment through integration; wired Jamf enrollment and policy assignments; created Facilities tasks and routing; enabled start date?driven due dates and reminders; set up logging and access controls.
• Testing/QA: Ran in shadow mode to create tasks without executing provisioning; validated mappings against current standards; piloted with a hiring cohort across corporate and field roles; rehearsed start date changes and exception approvals; tuned questions, bundles, and notifications.
• Rollout: Launched with corporate roles first, then added field and project?based hires; kept legacy forms as a controlled fallback during early cycles; tightened approval gates and removed obsolete forms after stable adoption.
• Training/hand?off: Delivered guides for managers and coordinators on submitting and tracking onboarding; briefed IT and Facilities on task handling and exceptions; updated SOPs for device requests, group membership, and badge workflows; transferred ownership of mappings, templates, and dashboards to HR Operations and IT under change control.
• Human?in?the?loop review: Established recurring reviews for failed mappings, recurring exceptions, and Facilities bottlenecks; recorded decisions with rationale and effective dates; improvements fed back into bundles, group rules, and task templates.

Results

Onboarding became predictable. One request triggered all downstream steps, due dates aligned to the start date, and status lived in a single case. AD accounts, group memberships, and Jamf enrollments occurred on schedule with fewer rework cycles. Facilities prepared badges and workspaces from structured tasks, and deliveries for remote hires were coordinated without ad hoc emails.

Ownership and auditability improved. Non?standard device choices and elevated access required approvals with reason codes attached to the record. When start dates shifted, tasks updated automatically and owners were notified. Auditors and leadership saw onboarding readiness without stitching together spreadsheets and inboxes. Core systems remained; the change was an orchestration layer that connected HRSD, AD, Jamf, and Facilities with clear rules and gates.

What Changed for the Team

• Before: HR, IT, and Facilities used separate forms. After: One HRSD request generated all tasks with role?aware fields.
• Before: Accounts and devices were provisioned ad hoc. After: AD group mappings and Jamf enrollments followed rules tied to role and location.
• Before: Start date changes broke coordination. After: Due dates and tasks adjusted automatically with notifications.
• Before: Approvals lived in email. After: Exceptions and elevated access used maker?checker approvals inside the workflow.
• Before: Managers chased status. After: Readiness dashboards showed blockers and completion in one place.
• Before: Facilities steps were emailed informally. After: Badging, workspace, and delivery tasks were structured and tracked.

Key Takeaways

• Unify intake; one onboarding request should drive IT and Facilities tasks across systems.
• Encode role logic; map roles to device bundles, software, and directory groups to reduce variance.
• Anchor to the start date; set due dates and sequencing relative to day one and update when plans change.
• Make exceptions explicit; approvals with reason codes prevent silent scope creep.
• Show readiness; dashboards reduce handoffs and keep managers and HR aligned.
• Integrate, don’t replace; keep HRSD, AD, and Jamf—add orchestration, mappings, and evidence.

FAQ

What tools did this integrate with? The workflow ran in ServiceNow HR Service Delivery (HRSD) and orchestrated provisioning through Active Directory Domain Services for accounts and group membership and Jamf Pro for device enrollment and configuration. Facilities tasks flowed through ServiceNow tasking, and hire data came from the existing HRIS. Notifications used the company’s email and collaboration tools.

How did you handle quality control and governance? Role?to?bundle and group mappings, Facilities templates, and approval matrices lived under change control with HR, IT, and Facilities as owners. The workflow enforced required fields, exception reason codes, and maker?checker approvals for non?standard choices. Every task and approval recorded timestamps and actors, and dashboards surfaced recurring exceptions and mapping drift for review.

How did you roll this out without disruption? The solution ran in shadow mode first, creating tasks without executing changes. A pilot cohort used the new request while legacy forms remained available. After tuning mappings and approvals, the workflow expanded in waves by role and location, and obsolete forms were retired with clear communications and training.

How were start date changes and cancellations handled? The workflow listened for updates from HRIS or HRSD. Due dates and task sequences adjusted automatically, owners received notifications, and shipping or Facilities tasks paused or re?sequenced as needed. Cancellations closed open tasks and recorded rationale.

How did this support different role types and locations? Dynamic questions and mapping rules applied role, project, and location context to select device bundles, AD groups, software, and Facilities steps. Field roles received project site access and safety prerequisites; corporate roles received office access and standard software. Local add?ons were maintained under change control.

What about privacy and security? Access to onboarding cases and tasks followed role?based permissions. Service accounts used least privilege, secrets were stored in the enterprise vault, and records were logged immutably. Notifications contained minimal personal data, and retention aligned with policy and jurisdiction.

How were Windows devices or non?Mac setups handled? The same orchestration pattern applied. Where Windows or other platforms were required, device bundles and management policies referenced the appropriate tooling while preserving the HRSD intake, AD provisioning, and Facilities tasking model.