A multinational food company with operations across multiple countries needed to digitalize their payroll approval and issuance process. The workflow involved receiving payroll data via API, processing it internally, and generating a file that licensed software would officially submit to the treasury. The challenge wasn't the application's complexity — it was ensuring that a solution handling personal data and payment issuance had zero gaps.
The context: payroll, sensitive data, and zero margin for error
When we talk about a payroll approval workflow, we're not talking about a form that sends an email. We're talking about protected personal data, real payment amounts, and a file that ends up at an official government body. If the system duplicates a record, someone gets paid twice. If it loses one, someone doesn't get paid. If the file is malformed, the entire batch gets rejected.
What needed to be solved
- XML payroll data reception via API
- Processing and validation within the application
- File writing to internal file system
- Licensed software submitting to the treasury
- Regulated personal and financial data
- Multi-country operation
What was built
- Power Apps as the approval interface
- Power Automate for end-to-end flow orchestration
- Dataverse as the transactional data store
- On-Premises Data Gateway for secure file system connection
- Anti-duplicate and availability controls
- Architecture validated by corporate cybersecurity
The architecture: designed so it doesn't fail
My role in this project was architect, coordinating two developers who implemented the solution. The application itself wasn't especially complex. What consumed most of the project was defining an architecture that left no loose ends: what happens if a duplicate XML arrives? What happens if the app is unavailable at reception time? How do we guarantee each record is processed exactly once? How do we audit every step?
-
1
Reception and validationThe API received XML payroll data. Power Automate validated the structure, detected duplicates, and logged each reception in Dataverse before any processing.
-
2
Approval and processingPower Apps provided the interface where managers reviewed and approved payroll batches. Only after approval did the flow continue to the next step.
-
3
Secure file system writingThrough the On-Premises Data Gateway, Power Automate generated the file on the company's internal file system. The gateway created an encrypted channel without exposing the file system to public networks.
-
4
Official issuanceThe licensed software picked up the file from the file system and officially submitted it to the treasury. The Power Platform solution ended where the regulated system began.
Why Power Platform for something this critical? Because the alternative was custom development that would have taken months longer and cost significantly more. Power Platform allowed building the business logic and approval interface quickly, while the gateway solved secure integration with existing infrastructure. The key was designing the architecture correctly, not the tool.
The real project: convincing cybersecurity
The longest and most complex part of the project wasn't technical — it was organizational. The cybersecurity department didn't know Power Platform, didn't want to grant access to their file system to install the gateway, and had legitimate concerns about how a cloud platform could securely interact with internal infrastructure handling financial data.
This required multiple meetings where I had to demonstrate, point by point, how security worked: that the On-Premises Data Gateway creates an outbound encrypted connection (no inbound ports needed), that the file system is never exposed to the internet, that data in transit goes through Azure Service Bus with TLS encryption, and that endpoints are protected by the company's own Azure AD policies. It wasn't enough to say it — it had to be demonstrated in their environment.
"In projects involving sensitive data, half the work is technical and the other half is building confidence that the architecture is secure. If you can't explain exactly how data flows and where it's protected, the security department is right to say no."
Payroll workflow approved by cybersecurity and in production
The solution passed corporate cybersecurity review, went into production, and processed employee payroll across multiple countries. A process that depended on manual steps and emailed files became an automated flow with validation, approval, full traceability, and secure connection to the official issuance system.