IT Onboarding SOP

Scope

This SOP applies to all members of the IT department. This SOP is to be used as a guide for onboarding new employees. This will cover user creation, laptop setup, software deployment, work station setup, and access to company resources. You should complete this SOP prior to an employee’s start date to ensure no time is wasted when they start.

Table of Contents

User Account Creation

  1. The new hire’s manager should have contacted you or submitted a help desk form. If not, confirm their name, title, start date, laptop type (engineering/office), and any special requests with the manager.

  2. In Azure, create the user with the retrieved information. Set Usage Location (required) and update the company name Xenter, Inc. for employees, leave blank for others such as contractors. Note the auto-generated password.

  3. Assign necessary roles and groups, following the principle of least privilege. Then, grant the required licenses to activate the account and any needed software.

  4. In the user’s Azure profile, add an authentication method and create a Temporary Access Pass (TAP). Set it for one day (extend if needed) and note the code.

Laptop Setup

  1. Ensure you have the correct laptop either an office or a SolidWorks-capable engineering model. For frequent travelers, consider a smaller form factor. Confirm the laptop is flashed with the custom Xenter Windows 11 ISO.

  2. Continue setting up the laptop using the users email & password from the previous section. You will use the TAP for the 2FA section.

  3. After the laptop finishes, check Windows settings for updates, as many may be pending. Install any brand-specific drivers, like Lenovo Commercial Vantage for Lenovo laptops, you may need to install the software manually. Install graphics for engineering laptops

  4. Set the Windows hostname to match the laptop’s asset tag, found on the underside of the laptop. Format it as XMD-####.

  5. Apply the firmware embedded Windows license, see documentation for steps on how to do this.

  6. In Windows Security correct any errors that are present.

Software Installation & Setup

  1. After applying updates, verify that automatically deployed software installed correctly. Ensure the Company Portal app is installed, and check the device access section on its homepage.

  2. Verify the laptop meets access requirements in Company Portal. It may require device encryption (BitLocker) saved to Azure AD, secure boot, or other settings. Double-check any errors, as some may be false negatives that disappear after reboot.

  3. Ensure various company software is deployed and set up correctly (as needed)

  4. Connect the user to all printers in the office via the print server.

  5. Engineers need software like SolidWorks, PDM Vault, and remote access for lab computers. Frequent SolidWorks users need a standalone license assigned, refer to Solidworks License Management

Workstation Setup

  1. Confer with the new hire’s manager on where they will be located. Likely the user is allowed to choose if they are assigned to cubicles.

  2. Ensure the workstation has a docking station, working ethernet connection, external monitor(s), keyboard, mouse, laptop charging cable, mousepad (if in stock), and headphones (if in stock, and especially for cubicles).

Access to Company Resources

  1. Ensure the user has proper access to the QMS system, Teams/SharePoint files, PDM (if a solidworks user). Consider syncing SharePoint folders to the users Windows file explorer.

  2. The user may need a PDK badge set up for them depending on their work location.

  3. Send an email to the user containing important documentation for reference. Copies should be stored in the employee resources folder.

Clean Up

  1. Double check there are no more updates, then reset the password to a one use password for the user. Write down the current laptop PIN for the user to change.

  2. Delete any left over installation files.

  3. Remove the Temporary Access Pass, (TAP). The user should set up their 2FA when they arrive.