Remote Employee Onboarding IT Checklist

A new hire starts Monday. By 9 AM, they should have a working laptop, access to every tool they need, MFA set up, and a welcome message in Slack. That's the goal. Most remote companies don't hit it.

Instead, day one looks like this: the new hire opens their laptop and waits. Their Google account doesn't exist yet. Nobody provisioned Slack. They email their manager from a personal Gmail address asking what to do. The manager pings someone in ops. Ops starts setting things up manually. By Wednesday, the new hire is mostly functional.

That's two lost days per hire. At 20 hires per year, you're burning 40 days of productivity on something a checklist can fix.

Before day one (3-5 business days out)

Start IT onboarding the moment the offer is signed, not the day someone starts.

Provision accounts

Create accounts in your identity provider (Google Workspace or Microsoft 365) using the employee's company email address. This is the foundation. Everything else connects to it.

Then provision access to your core tools:

• Slack or Teams. Add them to the correct channels for their team and role. Include company-wide channels and the IT support channel.
• Password manager. Create their 1Password or Bitwarden account. Add them to the appropriate shared vaults for their team.
• Project management. Notion, Linear, Asana, or whatever your team uses. Add them to the correct workspaces and projects.
• Other role-specific tools. CRM for sales, GitHub for engineering, Figma for design. Check with the hiring manager for the full list.

Prepare the device

If you're shipping a company laptop, this needs to happen well before day one.

Order early. Laptops take time to ship, especially if you're configuring them before sending. Place the order as soon as the start date is confirmed.

Pre-enroll in MDM. If you're purchasing through Apple Business Manager, the device can be automatically enrolled in Kandji or Jamf on first boot. This means the new hire powers on the laptop and security policies, apps, and configurations are applied automatically.

Ship with margin. Send the device to arrive at least 2-3 business days before the start date. Shipping delays happen. A laptop arriving on day two is a terrible first impression.

Include a setup guide. A one-page document (or Notion page) explaining: how to power on and complete initial setup, how to set up MFA, how to access the password manager, and who to contact if something goes wrong.

Prepare documentation

Create or update the following before the new hire starts:

• Welcome guide. A Notion page or Google Doc covering: how to get IT help (which Slack channel), company tool list, security expectations (MFA, password manager, screen lock), and any policies they should know about.
• Role-specific access list. Work with the hiring manager to confirm exactly which tools and permission levels the new hire needs. Don't guess. Different roles need different access.

Day one

Verify everything works

Before the new hire's first meeting, confirm:

• They can log into their company email
• MFA is set up on their identity provider account
• Slack/Teams access is working
• Password manager is accessible
• MDM enrollment completed successfully (check your MDM dashboard)
• They can access all role-specific tools

Send a quick message in Slack: "Welcome to the team! If you hit any issues with your accounts or laptop, drop a message here and I'll sort it out." This sets the tone that IT support is accessible and responsive.

MFA setup

If MFA wasn't set up during device provisioning, it's the first task on day one. Walk them through it:

1. Install an authenticator app (Google Authenticator, 1Password, or Authy)
2. Enable 2-step verification on their Google/Microsoft account
3. Save backup codes in their password manager

Don't skip this. Don't let them "do it later." MFA is non-negotiable.

Password manager onboarding

Make sure they:

1. Log into their 1Password or Bitwarden account
2. Install the browser extension
3. Understand the difference between their personal vault and shared team vaults
4. Know that all work passwords go in the password manager, not in Chrome's built-in password save

This five-minute walkthrough prevents months of bad habits.

First week

Security awareness

During the first week, cover the basics:

• Phishing. What it looks like, how to report it, and what to do if they click something suspicious.
• Device security. Keep the laptop locked when not in use, don't install unapproved software, report lost or stolen devices immediately.
• Data handling. What's okay to share externally and what isn't. How to use Google Drive sharing properly (don't default to "anyone with the link").

This doesn't need to be a formal training session. A 15-minute Slack conversation or a short Loom video covers it.

Confirm access is correct

By the end of week one, do a quick check:

• Does the new hire have access to everything they need? (Ask them directly)
• Do they have access to anything they shouldn't? (Check their permissions against the role-specific access list)
• Are there any tools or accounts that were missed?

Fix gaps immediately. Trim excess access. The goal is least-privilege: they should have access to exactly what their role requires, nothing more.

The complete checklist

Before day one (3-5 days out)

• Create identity provider account (Google Workspace / M365)
• Provision email on company domain
• Create Slack / Teams account and add to channels
• Create password manager account and add to shared vaults
• Provision project management tool access
• Provision role-specific tools (check with hiring manager)
• Order and ship laptop (pre-enrolled in MDM)
• Prepare welcome guide and setup instructions
• Send pre-start email with what to expect on day one

Day one

• Verify all accounts are accessible
• Confirm MDM enrollment is complete
• Walk through MFA setup
• Walk through password manager setup
• Send welcome message in Slack with IT support info
• Confirm the new hire can join their first meetings

First week

• Cover security basics (phishing, device security, data handling)
• Confirm access is correct (nothing missing, nothing extra)
• Address any device or tool issues
• Add new hire to any remaining team-specific tools

Making this repeatable

The checklist above works for one hire. To make it work for every hire, you need a system.

Store it in your HR workflow. If you use Rippling, BambooHR, or Gusto, attach the IT onboarding checklist to the new hire workflow. When HR creates the employee record, IT gets notified automatically.

Assign one owner. One person executes the IT onboarding for every new hire. This ensures consistency. If that person is a fractional IT contractor, it's part of their standard scope.

Track completion. Mark off each item as it's done. If something is blocked (laptop delayed, access pending approval), flag it immediately so it doesn't slip.

Review quarterly. Tools change. Processes evolve. Review the checklist every quarter to make sure it still matches your actual environment.

The difference it makes

Companies that nail IT onboarding see three things:

Faster time to productivity. New hires are working on day one, not day three. Over a year of hiring, those saved days add up to weeks of recovered productivity.

Better first impressions. Walking into a company where everything just works on day one signals competence. It tells the new hire they joined a team that has their act together.

Fewer security gaps. When onboarding is standardized, you don't accidentally skip MFA or forget to set up the password manager. Security is baked into the process, not bolted on later.

If you want someone to build this process and run it for every hire, that's core to what I do. Book a call and we'll talk through your current onboarding experience.