This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

IT Onboarding Handbook

shawnsong
Rising Star III
Rising Star III

‎07-21-2023 03:43 AM - edited ‎02-02-2024 07:38 PM

Hi Folks,

It's been a while and we've finally made it to Friday - TGIF!! I hope everyone is relaxed and ready to ease into the weekend. ‌😎‌‌🍹🍹

I've realised that I've posted quite a few pieces on the topic of onboarding, and I've been receiving requests from customers and prospects for a broader picture - which is a fair ask. Onboarding is a big and constantly evolving topic, transitioning from the traditional office environment to remote work, and now to hybrid work.

In order to keep up with this "trend", I've decided to consolidate all my posts on the topic in one place here. Hopefully, you will find this collection practical when tackling this topic in your organization

.

 

Step 1 - HRIS Integration

(aka the source of truth integration)

 

Step 2 - Set The Foundation

Establish the naming conventions

  • User names, i.e.: "firstname.lastname", "firstnameln", "lnfirstname".
  • User groups, i.e.: 
    • SSO Groups: "sso-aws-engg", "sso-slack-all", "sso-sf-sales".
    • Hierarchical Groups: "dept-sales-usa-ftc"; "dept-engg-sgp-fte".
  • Device groups. i.e.: "usa-mac-engg"; "all-mac","all-windows", "sgp-mac-all".
  • Service accounts: svc-ldap-dn; svc-global-admin; svc-emea-admin

[Update 3rd Feb 2024] Here is a new post about programatically and automatically rename the devices. 

Practise A Good User Data Hygiene

  • Determine the user attributes you wanted to import to JC and establish a process with the people team for making sure the data is clean and accurate. Examples of the attributes that matter (to me):
    • First name, last name, and legal name.
    • Department.
    • Job title.
    • Location (base).
    • Manager.

Set The Security Baseline

  • Set Password Complexity, aging and Lockout Policy.
  • Create admins with different roles and least privileged.
  • Segregate the admin service account from humans.
  • Create read-only admin service account for running the reports.
  • Rotate the API keys for non-service account admins regularly. 

 

Step 3 - Configure JumpCloud

 

Step 4 - Security Enhancement 

Now the user communication will be the key for every step along the way.

  • Bind JC users to the devices, take over the local account. 
  • MFA Enforcement. (Exempt the service accounts) 
  • Demote the local admins to standard users. 
  • (Optional) Setup SIEM integrations

 

Alright, thanks for reading thus far, and hopefully you will find this handbook useful!

Have a great weekend ahead folks!

 

0 REPLIES 0
You Might Like

New to the site? Take a look at these additional resources:

Community created scripts

Keep up with Product News

Read our community guidelines

Ready to join us? You can register here.