Recently, I was talking with someone about how difficult on-boarding of new employees has become during COVID-19. He was describing a situation of trying to add new interns and employees quickly to back fill the workload that he had seen and how challenging it was on the technology side. I began telling the story of how we had built both a strong process and technical stack that made virtual on-boarding and off-boarding a breeze.
Recommended Technology Stack
- Azure Active Directory
- Microsoft 365
- AWS Workspaces
Bringing a user on-board using Azure Active Directory
STEP ONE is to add the new user into Azure AD, making sure to fill out all of the fields.
Using the fields for a user such as organization name, manager, job title, location, address, and department allows for enrichment of data and automated group discovery.
TIP: Leveraging a single sign on and a central Identity Access Management (IAM) platform, make on-boarding of new employees exceptionally simple.
Creating Dynamic Groups in Azure Active Directory
Leveraging Dynamic Groups enables you to automatically add users for various functions.
What could that allow you to do?
- Ensure email groups are always up to date as employees are added or removed
- Ensure that departments or roles are given access to folders or files that they need
- Automatically deploy applications to new users who are part of a department or have a specific role
- Add employees to MS Teams channels or groups
Here is a group which captures all users at Think|Stack allowing us to add this group to distribution groups and applications, which everyone needs.
With those few steps the following are all automatically performed:
- Email account is created
- User is given access to all of the applications they need access to in order to accomplish their role (Teams, Email, OneDrive, Confluence, Automate, Proofpoint, AWS, Cloudflare, Securonix, Github, Connectwise Manage, etc)
- The user is automatically added to email distribution groups, Microsoft Teams groups, and communication channels based on their department and title.
The Human Element
The next step is always getting the user actually in our environment. With everything going on it’s certainly been a challenge for most, but for us we’ve laid the groundwork to make sure it’s easy for the new employee to hit the ground running.
- A morning meeting with the employee on their first day. We send a ringcentral/zoom meeting invite to their personal email and greet them on their first day. During this meeting we’ll go over their first 90 day plan as well as get them set up in our environment.
- Get the user signed into and deploy Microsoft InTune to their personal smartphone. This enables the required MFA component to get them access into our environment. It’s as easy as having the user navigate to the InTune portal website on their smartphone and asking them to click “Add a new device”.
- Have the user connect to AWS Workspaces using their Active Directory password and email address.
- We show them where they can access all of their applications in Microsoft 365’s app portal
This process of using and deploying a centralized Identity and Access Management platform makes everyone’s life easier.
It means that I can quickly audit who has access to applications or permissions.
It means that our SOC can quickly ascertain an abnormal login or potential attack.
It means that our new employees don’t have to juggle with learning where new applications are or the "secret handshake" of how to get into our various environments. Instead, they can focus on learning a new job or role with a new company, eliminating the nervous jitters, while our team can focus on pushing technology forward instead of dealing with annoying clutter or inconsistent deployments.
WE TRANSFORM & PROTECT
We Transform & Protect by putting People Before Technology. We believe that the technology your business relies on should be used to drive transformation and lead to a seamless user experience. In uncertain times it’s important to partner with people and companies you can trust. Think|Stack was built for situations like this, to help those who weren’t.
If you’re unsure what to do next or if you have questions about your technology, our Think|Stack tribe is here to help, contact us anytime.
About the Author
Zach Hill, CTO
Zach began his career early in life with an internship as a helpdesk technician at a recycling company out of Chicago and has worked his way through the IT ranks from System Administrator to his current role as Chief Technology Officer at Think|Stack. His specialties come from a heavy networking engineering and virtualization background allowing him to easily transition into the dynamic and complex cloud environments of the modern technical landscape. As an AWS Certified Solutions Architect – Professional, Zach is equally at home generating the architectural plans for a complex service deployment within AWS. Zach’s vision and drive to be at the bleeding-edge fuels Think|Stack’s growth and provides clients with an innovative, constantly evolving technology strategy.