IT System Access Onboarding
Procedure for provisioning new employee accounts, system access, hardware, and security credentials on their first day.
Purpose
Ensure new hires have all necessary IT access, equipment, and security training from day one, reducing downtime and support tickets.
Steps (7)
Verify Onboarding Request & Approvals
Confirm receipt of the new hire onboarding ticket from HR. Verify start date, department, role, and manager. Check the approved access request against the RBAC matrix.
Checklist
- Onboarding ticket received from HR with start date
- Employee details confirmed (name, department, role, manager)
- Manager has approved the access request
- RBAC matrix consulted for role-appropriate access
- Start date is at least 2 business days out
Expected Output
Onboarding request verified. Access requirements documented and approved.
Create User Accounts
Create accounts in order: (1) Active Directory/IdP, (2) Email, (3) Role-specific applications. Use company naming convention for usernames. Set temporary passwords and enable MFA enrollment flags.
Checklist
- Active Directory / IdP account created
- Email account created (Google Workspace / Microsoft 365)
- Username follows naming convention
- Temporary password set (meets complexity requirements)
- MFA enrollment required on first login
- Role-specific applications provisioned
- Distribution lists and email groups added
- Shared drive access granted per department
Expected Output
All user accounts created. MFA pending enrollment. Temporary credentials recorded.
Hardware Setup & Configuration
Prepare the workstation with standard build. Apply all updates. Register in MDM. Enable disk encryption. Provision peripherals.
Checklist
- Laptop/desktop selected from inventory
- Standard OS image applied
- Endpoint security agent installed
- VPN client installed and configured
- Disk encryption enabled and verified
- Device registered in MDM
- All OS and application updates applied
- Monitors, keyboard, mouse, headset provisioned
- Asset tag affixed and recorded
Expected Output
Workstation fully configured, secured, and registered in inventory.
Network & Security Configuration
Configure Wi-Fi access, VPN, network printers, and password manager. Verify security group memberships for file shares and applications.
Checklist
- Wi-Fi access configured
- VPN access enabled and tested
- Network printers mapped
- Password manager account created
- Security groups verified per RBAC
- File share access tested
- Badge/building access configured
Expected Output
Network access configured and tested.
Welcome Package & Credential Delivery
Prepare the new hire welcome package with hardware, quick-start guide, and secure credential delivery. Coordinate with HR for day-one handoff.
Checklist
- Hardware bagged/boxed with accessories
- Quick-start guide included
- Login credentials prepared for secure delivery
- Credentials NOT sent via unencrypted email
- IT help desk contact information included
- Asset receipt form prepared for employee signature
Expected Output
Welcome package prepared and ready for delivery on start date.
Day-One Setup & Verification
Walk the employee through initial login, MFA enrollment, password change, and access verification for all provisioned applications.
Checklist
- Employee logs into laptop successfully
- Temporary password changed
- MFA enrolled (authenticator app or security key)
- Email accessible and sending/receiving
- All role-specific applications accessible
- Shared drives accessible
- Printer test page printed
- Employee confirms all access is working
Expected Output
Employee has verified access to all systems. No outstanding access issues.
Security Awareness & Close Ticket
Brief the employee on essential security policies. Confirm they acknowledge the IT acceptable use policy. Close the onboarding ticket with a summary.
Checklist
- Acceptable use policy reviewed and acknowledged
- Phishing awareness overview provided
- Password policy explained
- Incident reporting process explained
- Employee signs IT acceptable use policy
- Onboarding ticket closed with summary
- Follow-up reminder set for 30-day check-in
Expected Output
Security policies acknowledged. Onboarding ticket closed. 30-day follow-up scheduled.