Showing results for 
Search instead for 
Did you mean: 

IT Onboarding Handbook

Rising Star III
Rising Star III

Hi Folks,

It's been a while and we've finally made it to Friday - TGIF!! I hope everyone is relaxed and ready to ease into the weekend. ‌😎‌‌🍹🍹

I've realised that I've posted quite a few pieces on the topic of onboarding, and I've been receiving requests from customers and prospects for a broader picture - which is a fair ask. Onboarding is a big and constantly evolving topic, transitioning from the traditional office environment to remote work, and now to hybrid work.

In order to keep up with this "trend", I've decided to consolidate all my posts on the topic in one place here. Hopefully, you will find this collection practical when tackling this topic in your organization



Step 1 - HRIS Integration

(aka the source of truth integration)


Step 2 - Set The Foundation

Establish the naming conventions

  • User names, i.e.: "firstname.lastname", "firstnameln", "lnfirstname".
  • User groups, i.e.: 
    • SSO Groups: "sso-aws-engg", "sso-slack-all", "sso-sf-sales".
    • Hierarchical Groups: "dept-sales-usa-ftc"; "dept-engg-sgp-fte".
  • Device groups. i.e.: "usa-mac-engg"; "all-mac","all-windows", "sgp-mac-all".
  • Service accounts: svc-ldap-dn; svc-global-admin; svc-emea-admin

[Update 3rd Feb 2024] Here is a new post about programatically and automatically rename the devices. 

Practise A Good User Data Hygiene

  • Determine the user attributes you wanted to import to JC and establish a process with the people team for making sure the data is clean and accurate. Examples of the attributes that matter (to me):
    • First name, last name, and legal name.
    • Department.
    • Job title.
    • Location (base).
    • Manager.

Set The Security Baseline

  • Set Password Complexity, aging and Lockout Policy.
  • Create admins with different roles and least privileged.
  • Segregate the admin service account from humans.
  • Create read-only admin service account for running the reports.
  • Rotate the API keys for non-service account admins regularly. 


Step 3 - Configure JumpCloud


Step 4 - Security Enhancement 

Now the user communication will be the key for every step along the way.

  • Bind JC users to the devices, take over the local account. 
  • MFA Enforcement. (Exempt the service accounts) 
  • Demote the local admins to standard users. 
  • (Optional) Setup SIEM integrations


Alright, thanks for reading thus far, and hopefully you will find this handbook useful!

Have a great weekend ahead folks!