User Onboarding

Purpose

This SOP outlines the steps for onboarding users into the Microsoft cloud as part of the Compliance-as-a-Service offering. It ensures a structured and secure onboarding process for new users while maintaining compliance requirements.

Scope

This procedure applies to all organizations utilizing Compliance-as-a-Service and includes actions for both the Organization seeking certification (OSC) and the External Service Provider (ESP).

Authorized Roles

Reminder: Always review the roles of OSC users to ensure they align with the Authorized Roles. No action should be taken without a request from or approval by a user assigned the appropriate authorized role.

• Authorized Managers
• Global Administrator
• User Administrator

---

Organization seeking certification (OSC) Steps

Step 1: Provide User Information

• A company authorized and approved user that is identified as either a global administrator, user administrator or authorized manager must submit a ticket to the Nimbus Logic (ESP) helpdesk. This can be done by sending an email from the authorized account to support@nimbus-logic.us. This email should contain the list of new users, including full name and unique email address, following the internally defined naming formats. It should also specify role-based access requirements, and indicate whether the user requires additional security controls (e.g., Multi-Factor Authentication, Conditional Access policies). The items below can be copy/pasted into your request email for conevenience:

  • First Name:
  • Last Name:
  • Requested aliases (default username is first initial last name, e.g. jsmith):
  • Required O365 License type:
  • Security group assignments:
  • Notes / special requests:

Step 2: Confirm Licensing Requirements

• Ensure that appropriate Microsoft licenses are allocated for the new users.
• Notify the ESP if additional licenses are required.

  License Fufillment: If a new Microsoft 365 license needs to be purchased, Nimbus Logic will communicate to the client the necessary information, including cost, term & payment options. Upon payment, Nimbus Logic will submit the order information to Microsoft for fufillment. This process may take up to 24-48 hours.

Step 3: Review and Approve Acceptable Use Policies

• Distribute and collect signed acknowledgments of IT security and compliance policies from users.

Step 4: Provide Initial Training

• Ensure new users complete required security awareness training before accessing systems.

Step 5: Verify Initial Access

• Confirm with users that they can successfully log in and access the necessary resources.
• Report any issues to the ESP.

---

External Service Provider (ESP) IT Team Steps

Step 1: Confirm authorization and ticket details

• Confirm that the person requesting the new user account creation is an authorized user.
• Ensure all user account creation requests are routed through the helpdesk.
• Verify that all required information has been provided before proceeding with account creation, including any licensing / purchasing requirements.

Step 2. Create/invite user account:

Internal Tenant User Account Creation

1. Navigate to the Microsoft Admin Center:
   • GCC: https://admin.microsoft.com
   • GCCH: https://portal.office365.us, navigate to Admin Center.
2. Select “Users” from the left-hand panel and click “Active Users.”
3. Click the “Add a user” button.
4. Enter user details:
   • User Principal Name (Email): Follow the company’s previously defined unique naming convention.
   • Display Name: Enter the user’s full name.
   • Role Assignments: Assign appropriate security groups, may need to be modified in Entra Portal.

   • Be sure to click “Require this user to change their password when they first login

5. Securely store and communicate temporary credentials using an encrypted email.
6. Click “Review + Create” to finalize user creation.

External Guest User Accounts

1. Navigate to the Microsoft Entra Admin Center:
   • GCC: https://portal.azure.com
   • GCCH: https://portal.azure.us
2. Search for “Microsoft Entra ID” and click on it.
3. Click “Users” from the left-hand menu.
4. Click the “+ New User” dropdown menu and select “Invite external user.”
5. Enter the external email address and complete the required fields.
6. Use “Full Name - External” as the display name format.
7. Click “Review + Invite.”

Internal Account Creation for External Users

1. Navigate to the Microsoft Entra Admin Center:
   • GCC: https://portal.azure.com
   • GCCH: https://portal.azure.us
2. Search for “Microsoft Entra ID” and select it.
3. Click “Users” from the left-hand panel.
4. Click the “+ New User” dropdown menu and select “Create new user.”
5. Use the first initial and last name with a three-letter organization abbreviation for the User Principal Name.
6. Use “Full Name - External” as the display name format.
7. Assign necessary roles and security groups.
8. Securely send login credentials via an encrypted email.
9. Click “Review + Create” to finalize user creation.

Additional Post-Creation Actions

• Assign Microsoft licenses as required.
• Configure email and collaboration tools (Teams, OneDrive, SharePoint, Exchange).
• Deploy security monitoring and compliance controls.
• Verify access by performing test logins.
• Notify the requester and provide support for any login or access issues.
• Ensure all user creation activities are logged for audit purposes.

---

Review & Maintenance

This SOP will be reviewed on a quarterly basis or as required by changes in compliance regulations or Microsoft cloud services.