Skip to main content

Create new hire's Google and Microsoft accounts

Purpose

Issue a company email (the root identity for logins) and baseline app access.

Responsible

Maria (for now)

Interdependencies / Trigger

  • Signed contract received

  • Start date confirmed

Standards

  • Email format: [first]@dorisresearch.com

  • Display name: [First Last]

  • Groups/aliases (as applicable): ops@, projects@, info@, etc.

  • Security: MFA required; temporary password only; change at first login

Directions

1) Google Workspace (Gmail identity)

  1. Add user: Admin console → Directory → Users → Add new user. An account for a new user

  2. Set temporary password: Generate a strong temp password. Check ‘Require password change at next sign-in.’

  3. Store, don’t send: Save the temp password in 1Password (shared vault). Do not email it.

  4. Add to groups/aliases: Add relevant distribution lists and secondary aliases.

  5. Recovery info: Add company-owned recovery phone/email (not personal).

  6. MFA: Enforce 2-Step Verification policy for the new user.

  7. Signature/template: Add default signature block and DORIS branding (if using admin-enforced signatures).

Hand-off: On Day 1, share the temp password in person or via a secure 1Password share; the user changes it immediately at first login.

2) Microsoft 365 (licenses and Teams)

  1. Create user: Microsoft 365 admin center → Users → Active users → Add a user. add users and assign licenses in Microsoft 365

  2. Username: Use the same DORIS email address.

  3. License assignment: Assign per DORIS standard:

    • Microsoft 365 Apps for Business

    • Microsoft Teams Essentials (assign if your plan requires this separately)
      Note: Use your org’s license mix; if Teams is already included in your M365 plan, skip the extra Teams license.

  4. Password + MFA (multi-factor authentication): Set a temp password (require change at next sign-in), store in 1Password, and enforce MFA.

  5. Groups: Add to security/distribution groups as needed.

  6. Apps: Confirm access to SharePoint/OneDrive resources and any required team sites.

Good Practice (quick checklist)

  • Email/username follows naming standard

  • Temp password saved to 1Password (not emailed)

  • MFA enforced (Google + Microsoft)

  • Groups/aliases applied

  • Recovery info set (company-controlled)

  • Signature and time zone configured

  • Licenses assigned correctly (avoid over-licensing)

  • Note added to onboarding tracker: “Email created, MFA set, licenses assigned”

Back to top