Cepheid by Danaher: Automated Site Provisioning and Governance

Introduction

Uncontrolled site proliferation is the silent killer of SharePoint governance. It starts innocently—teams need collaboration spaces, so they create sites. Then more sites. Then sites for sub-projects, temporary initiatives, one-off meetings. Before long, IT is drowning in provisioning requests, users are waiting days for approvals, and no one knows what sites exist or who owns them. Manual provisioning doesn't scale. Shadow IT fills the gap. And governance becomes an aspiration rather than a reality.

Client Background

Cepheid, a Danaher company and global leader in molecular diagnostics, operates across multiple continents with complex organizational structures spanning EMEA, Americas, and other regions. Following our successful multinational Teams migration and data governance project (see related case study), Cepheid recognized another critical operational challenge: their SharePoint site creation process had become a governance and efficiency bottleneck.

With thousands of employees across diverse business units, research teams, and regional operations, the demand for new collaboration spaces was constant. However, their manual provisioning process created friction at every level—users waited days for new sites, IT administrators were overwhelmed with repetitive requests, and there was no systematic way to track, audit, or manage the growing ecosystem of SharePoint sites across the organization.

Having established trust through our previous work, Cepheid engaged us to design a solution that would empower users with self-service capabilities while maintaining the strict governance controls essential to their enterprise environment.

The Challenge

Cepheid faced interconnected problems stemming from their manual site provisioning approach:

IT Bottleneck & Scalability:

• Every site creation request required manual IT intervention
• Administrators spent significant time on repetitive, low-value provisioning tasks
• Provisioning backlog created delays of days or even weeks for urgent business needs
• IT resources were diverted from strategic initiatives to handle routine requests
• Manual process couldn't scale with organizational growth and collaboration demands

Governance & Compliance Gaps:

• No systematic enforcement of site ownership requirements (single points of failure)
• Inconsistent naming conventions across regions creating confusion and duplication
• No standardized approval workflows ensuring proper authorization
• Missing disclaimers and policy acknowledgments for site creators
• No central registry of all created sites for audit or compliance purposes

User Experience Issues:

• Unclear process for requesting new sites (email? ticket? phone call?)
• No visibility into request status or approval progress
• Frustration with delays impacting project timelines
• Temptation to create unauthorized shadow IT solutions bypassing governance

Administrative Burden:

• No automated tracking of site creation history
• Manual recordkeeping prone to errors and gaps
• Difficult to identify orphaned sites or inactive spaces
• Cleanup and decommissioning efforts hampered by lack of ownership data
• No systematic way to audit compliance with organizational policies

Regional Complexity:

• Multinational operations required region-specific naming conventions
• Different approval hierarchies across geographic areas
• Need to maintain regional governance while enabling global collaboration
• Challenge of standardizing process across diverse organizational cultures

Goals

Cepheid required a solution that balanced automation, governance, and user empowerment:

Primary Objectives:

Operational Efficiency:

• Eliminate IT bottleneck by enabling self-service site creation
• Reduce site provisioning time from days to minutes
• Free IT resources to focus on strategic initiatives rather than repetitive tasks
• Create scalable process supporting organizational growth

Governance & Control:

• Enforce dual ownership requirement (eliminate single points of failure)
• Implement standardized approval workflows with regional flexibility
• Ensure consistent naming conventions with regional prefixes
• Require policy acknowledgment before site creation
• Maintain complete audit trail of all provisioning activities

User Experience:

• Provide intuitive, self-service portal accessible to all employees
• Offer clear guidance on site type selection (Communication vs. Teams)
• Enable template selection for consistent site configurations
• Deliver real-time visibility into request status
• Notify all stakeholders automatically upon site creation

Administrative Capability:

• Create centralized registry of all sites with ownership and metadata
• Enable proactive site lifecycle management and cleanup
• Support compliance auditing with complete provisioning records
• Provide foundation for future governance automation and reporting
• Maintain zero-touch operation requiring no manual IT intervention

Technical Requirements:

• Full automation from request through provisioning
• Integration with Microsoft 365 approval systems
• API-driven site creation maintaining consistency
• Regional configuration management
• Robust error handling and notification systems

Strategy & Approach

Our strategy focused on building a governance-first automation platform that felt like empowerment, not restriction:

Design Philosophy: Governance Through Automation

Rather than relying on policy documents and manual compliance checks, we embedded governance rules directly into the automated workflow. Users couldn't bypass requirements because the system wouldn't allow non-compliant requests to proceed. This "governance by design" approach ensured 100% compliance without creating user friction.

Self-Service Portal Architecture

We designed a centralized SharePoint page serving as the single entry point for all site requests. This portal would:

• Provide clear, user-friendly interface requiring no training
• Guide users through decision-making (site type, template, naming)
• Enforce all governance requirements before submission
• Deliver immediate feedback and set clear expectations

Multi-Tier Approval Workflow

Recognizing that site creation involves resource allocation and organizational impact, we designed a hierarchical approval process:

• First-level approval: Direct manager (ensuring business justification)
• Second-level approval: Regional manager or delegate (maintaining regional governance)
• Automated provisioning: Only after full approval chain completion

Regional Configuration System

To accommodate multinational operations while maintaining consistency:

• Created regional registry mapping users to appropriate prefixes
• Automated prefix application based on requester's region
• Enabled regional administrators to manage their own configurations
• Maintained global naming standards while respecting regional needs

Comprehensive Tracking & Auditing

Every provisioning event would be automatically logged to a central SharePoint list, creating:

• Real-time inventory of all sites
• Ownership and co-ownership records
• Creation dates and approval chain documentation
• Template and configuration metadata
• Foundation for future lifecycle management automation

Execution

Duration: Delivered as follow-on project after successful Teams migration

Phase 1: Requirements & Design

Discovery:

• Analyzed existing manual provisioning workflows and pain points
• Mapped approval hierarchies across regions
• Defined governance requirements and policy controls
• Identified site types, templates, and configuration standards

User Experience Design:

• Created intuitive request form with guided decision-making
• Designed clear disclaimer and policy acknowledgment language
• Developed co-owner requirement enforcement
• Prototyped user interface for stakeholder feedback

Technical Architecture:

• Designed Power Automate flow handling end-to-end automation
• Architected regional registry system for naming conventions
• Planned approval routing logic with delegation support
• Defined SharePoint list schema for site registry

Phase 2: Development & Implementation

Self-Service Portal (SharePoint)

Built centralized request page featuring:

• Request Form Fields:
  • Desired site name (with governance rules displayed)
  • Region selection (auto-populating correct prefix)
  • Site type selection (Communication Site vs. Teams Site)
  • Template selection (pre-approved options per type)
  • Business justification (required text field)
  • Co-owner designation (mandatory second owner)
  • Governance disclaimers (required acknowledgment)

Power Automate Workflow

Developed comprehensive automation flow executing:

1. Request Validation & Submission:
   • Captured all form data
   • Validated completeness and governance compliance
   • Generated unique request ID for tracking
   • Sent confirmation to requester with expected timeline
2. Multi-Level Approval Routing:
   • Identified requester's direct manager via Azure AD
   • Sent approval request to manager with full request details
   • Upon manager approval, identified regional manager/delegate
   • Sent second-level approval request to regional authority
   • Supported rejection at any stage with reason capture
   • Notified requester of approval progress and decisions
3. Regional Configuration Application:
   • Queried regional registry based on requester's location
   • Retrieved appropriate regional prefix
   • Constructed final site name with correct format
   • Validated naming uniqueness to prevent duplicates
4. Automated Site Provisioning (API Calls):
   • Called Microsoft Graph API to create SharePoint site
   • Applied selected template and configuration
   • Set requester and designated co-owner as site owners
   • Configured permissions based on site type
   • Applied standard governance policies automatically
5. Notification & Registration:
   • Sent site creation confirmation to requester
   • Notified co-owner of their ownership responsibilities
   • Informed approvers of successful provisioning
   • Logged complete site metadata to central registry list:
     • Site name and URL
     • Creation date and timestamp
     • Primary and co-owner details
     • Region and template used
     • Approval chain history
     • Business justification
6. Error Handling:
   • Captured API failures or provisioning errors
   • Notified IT administrators of issues requiring intervention
   • Logged error details for troubleshooting
   • Provided user-friendly error messages to requesters

Central Site Registry (SharePoint List)

Created comprehensive tracking list containing:

• All provisioned sites with complete metadata
• Ownership and approval history
• Regional categorization for reporting
• Timestamps enabling lifecycle analysis
• Foundation for future governance automation

Phase 3: Testing & Rollout

Testing Protocol:

• Conducted end-to-end testing across all regions
• Validated approval routing for different organizational structures
• Tested error handling and edge cases
• Verified API integration and site provisioning accuracy
• Confirmed notification delivery to all stakeholders

Documentation & Training:

• Created user guide for self-service portal
• Developed administrator documentation for registry management
• Provided regional administrator training for prefix configuration
• Documented Power Automate flow for future maintenance

Rollout:

• Phased deployment starting with pilot user group
• Gathered feedback and refined user experience
• Announced organization-wide availability
• Provided ongoing support during adoption period

Results & Outcomes

Operational Efficiency:

• 99% Reduction in Manual IT Effort: Site provisioning fully automated with zero IT intervention required post-implementation
• Provisioning Time: Days to Minutes: Requests approved within hours; sites created instantly upon final approval
• Hundreds of Sites Provisioned: Self-service portal handled high volume without scalability issues
• IT Resource Reallocation: Administrators freed to focus on strategic initiatives and complex technical challenges

Governance & Compliance:

• 100% Dual Ownership Enforcement: Every site created with designated co-owner, eliminating single points of failure
• 100% Approval Compliance: No sites created without proper authorization through defined approval chains
• Standardized Naming Conventions: Regional prefixes automatically applied, creating consistent, discoverable site names
• Complete Audit Trail: Every provisioning event logged with full approval chain and metadata
• Policy Acknowledgment: All site creators formally accepted governance responsibilities before creation

User Experience:

• Self-Service Empowerment: Users could request and receive sites without emails, tickets, or phone calls
• Transparency: Real-time approval status and clear communication throughout process
• Guided Decision-Making: Portal helped users select appropriate site types and templates
• Reduced Frustration: Elimination of provisioning delays improved project momentum and satisfaction

Administrative Capabilities:

• Real-Time Site Inventory: Central registry provided instant visibility into all sites across organization
• Ownership Tracking: Clear records of primary and co-owners for every site
• Lifecycle Management Foundation: Registry enabled proactive identification of inactive or orphaned sites
• Compliance Reporting: Complete data set for auditing and governance reporting
• Regional Analytics: Breakdown of site creation by region supporting capacity planning

Business Impact:

• Accelerated Collaboration: Teams could establish collaboration spaces immediately when business needs arose
• Reduced Shadow IT Risk: Easy, fast self-service eliminated incentive to bypass governance
• Scalable Growth Support: Process supports unlimited organizational expansion without additional IT resources
• Enhanced Agility: Faster site provisioning enabled more responsive project initiation
• Cost Efficiency: Automation eliminated recurring administrative costs for routine provisioning

Technical Achievement:

• Zero-Touch Automation: Complete end-to-end process requiring no manual intervention
• Robust Error Handling: Graceful failure management with automatic IT notification
• Regional Flexibility: Supported multinational operations while maintaining global standards
• API Integration Excellence: Reliable Microsoft Graph API implementation for consistent provisioning
• Maintainable Solution: Power Automate flow designed for easy updates and regional configuration changes

Key Takeaways

Self-Service Doesn't Mean Uncontrolled: The most effective governance isn't enforced through policy documents—it's embedded in the tools people use. By making the compliant path the easiest path, we achieved 100% governance adherence without creating friction. Users felt empowered, not restricted, because they could get what they needed quickly while the system ensured all requirements were met automatically.

Approval Workflows Should Match Organizational Reality: Many organizations implement approval processes that sound good in theory but fail in practice. By designing a hierarchical approval system with delegation support and regional flexibility, we created a workflow that fit how Cepheid actually operates—respecting organizational structures while maintaining governance standards.

The Registry Is The Foundation: The central site registry wasn't just a nice-to-have—it was the strategic enabler for future governance automation. With complete, real-time data on every site, Cepheid gained the foundation for proactive lifecycle management, capacity planning, and compliance reporting. Today's provisioning automation becomes tomorrow's lifecycle management automation.

Automation Should Feel Invisible: The best automation is the kind users don't think about. Users submitted requests and received sites—the fact that a complex Power Automate flow, multiple API calls, and regional configuration lookups happened in the background was irrelevant to them. Great automation solves problems without announcing itself.

‍