Onboarding Process
Onboarding is handled manually by the CTO. Provision the three core accounts, add the employee to CrowdStrike (which sends them an enrollment email automatically), then send the welcome email.
SLA: All access provisioned on the employee’s start date.
Provisioning Checklist
Section titled “Provisioning Checklist”- Google Workspace — Create account in Admin Console
- Email: [prefix]@meridian7.io
- Set temp password, require change at next login
- Share temp password via 1Password secure share to personal email
- Keep the user in the 2-Step Verification enrollment grace period or temporary exception group until they finish setup
- Do not send a full set of backup codes by default; if they get blocked, send a single admin-generated backup code via secure channel or temporarily relax enforcement so they can enroll
- 1Password — Invite work email to team (Admin Console > People > Invite)
- Grant vault access appropriate to role
- Slack — Invite work email to workspace, add to relevant channels
- CrowdStrike — Add device in Falcon console (sends enrollment email to employee automatically)
- Send welcome email — Open Gmail Compose →
Fill in To: with the employee’s work email and replace
[First Name]/[email]before sending.
Security Requirements
Section titled “Security Requirements”All items must be completed before the employee’s first week ends:
| Requirement | Verified By |
|---|---|
| Google 2-Step Verification configured with a primary method and backup method | Google Workspace Admin Console |
| 1Password set up on device | 1Password admin console |
| CrowdStrike sensor active on device | CrowdStrike Falcon host inventory |
| BYOD Endpoint Security Policy acknowledged | Reply to welcome email or Slack confirmation |
Related Documents
Section titled “Related Documents”- Access Control Policy
- Acceptable Use Policy
- Information Security Policy
- BYOD Endpoint Security Policy
Meridian Seven — Confidential