New IT Onboarding Process
1.
Tradewind Network accounts are automatically setup and maintained via Aquera when created in Paylocity. Initial
account credentials are emailed to the hiring manager. Users on leave are automatically disabled.
As of the end
of January, IT has successfully linked our Active Directory/Email systems with Paylocity using a 3rd party application
called Aquera. For those who are unfamiliar, Tradewind uses Microsoft Active Directory Services as the backend for all
account information and access control on the network. Aquera’s job is to make sure any of the user information entered
into Paylocity (including Display name, Title, Manager etc.) is kept up to date in Active Directory, then subsequently
synced to all other connected systems including servers, workstations, email etc. Therefore, under the new model, Paylocity
is the source of truth on the network for user account information – IT no longer maintains this separately, so any necessary
adjustments would need to be made within the Paylocity system.
Aside from keeping user account records up to date, the system takes this one step further and is configured to automatically
provision new user accounts on TW servers based on what it sees in Paylocity. In order to keep consistent information
across systems, it is important that we follow this model, again with Paylocity being the source of truth. When the system
sees a newly created account in Paylocity and marks it for auto-provisioning in Active Directory, it will automatically
do so within 4 hours, then email the new account credentials to the hiring manager based on the information in Paylocity
(note, IT will also receive this information). Once this occurs and the new account is provisioned, IT can configure
the remainder of the necessary services, permissions, or external (non-SSO) accounts for them, based on role (please
see next section below).
Note regarding users on leave: A user placed on leave will be marked as such within Paylocity,
and when the system sees this, it will automatically disable their AD account. This means that logins will not be possible
(until the account is reactivated), and therefore any TW services such as Remote Access, Email, Teams, an any other integrated
systems will be unavailable. Note on email: messages will still be delivered to a user on leave and be stored in their
mailbox, they will simply be unable to access it until their account is re-enabled. Because IT will need to manually
re-enable the user account for the person when they return from leave, the best option for this is to submit the request
as a helpdesk ticket to ensure it is properly tracked and processed.
2.
Additional IT Access provisioning is based on Technology by Position spreadsheet (Phasing out tech request form)
With
the new Aquera system in place, IT’s next steps to improve the process are focused on driving additional automation and
standardization for new team members (and any existing with changing roles or other). If you are a hiring manager or
department head who does not already have access to the IT Technology by Position spreadsheet, please reach out to the
helpdesk so it can be shared. The eventual goal is to get rid of the IT tech request form entirely, in favor of a standardized
approach to technical needs for each department. In cases where the spreadsheet is up to date for a specific group/role,
and there is a new starter coming into that role, no form will be necessary and this can simply be indicated on the helpdesk
ticket related to the onboarding (which at that point should only need to include the name and the start date of the
new team member). The IT Team highly recommends using each and every FTE onboarding request going forward as an opportunity
to review/update the spreadsheet, until such time that the form is no longer necessary.
In the coming months,
the completed spreadsheet will serve as a master reference guide which the team will use to build out automation rules
to handle everything from DL membership, to software licensing, straight through deprovisioning and account cleanup as
the result of a separation.
3.
Recommended 2 week notice for new starters (hardware orders, account provisioning)
There are obviously many moving
parts to onboarding a new user, and because of this, the IT team is requesting a 2-week minimum lead time for new hires
to ensure they are properly setup on their first day. IT only keeps a small amount of spare equipment on hand, and much
of the hardware purchasing gets done on demand. Unfortunately, this can be subject to shipping delays, issues with inventory/availability
of equipment etc. which can be helped by giving extra notice. We completely understand that special cases arise, and
in those cases the team will do everything they can to accommodate, but as a general rule, 2 weeks should be considered
the minimum lead time if at all possible. As we progress our automation initiatives, this timeframe should start to come
down, and we are excited to be able to provide additional updates here in the coming months. In the meantime however,
IT is a small team and will continue to do its best managing requests as they come in.
4.
Contractors not given equipment by default, and hiring managers should continue filling out and submitting the tech request
form to the helpdesk. Default config will be BYOD with remoteApp access (or stationary desktop if working onsite)
There
are a few special considerations to keep in mind for contractors, who at current are not added as Paylocity users, and
therefore are not included in the automation/Aquera system. When onboarding a contractor, IT will still require the IT
Technology Request form to be filled out and submitted to the helpdesk as an official request. It should be clearly noted
on the form and also in the helpdesk email that the user in question will be a contractor so the team can process accordingly.
As
a default approach, Contractors are not given Tradewind equipment. If they will be working out of the office, a mini
desktop can be provided for their use, or they can follow a BYOD model, and be given remote access to any systems or
services they need. If the contractor’s role requires any special accommodations, access or other, please indicate this
in the ticket and an IT team member will be happy to reach out discuss options to ensure these requirements are met.