New Employee IT Setup Checklist: Accounts, Devices, Security, and Access

Overview

A good IT setup checklist is not just a list of apps to install. It is a workflow template that connects HR, the hiring manager, IT, and sometimes finance or security. The goal is simple: when a new employee starts, they should have the right device, the right accounts, the right permissions, and clear instructions for secure use on day one.

This matters because onboarding often fails in small, preventable ways. A laptop arrives late. An employee gets email but not shared drive access. Someone is added to the chat tool but not the password manager. A manager approves access informally, but nobody records it. These gaps create delays for the new hire and extra cleanup for everyone else.

The most useful version of an IT setup checklist has four traits:

• Role-based: access is defined by job function, not memory or guesswork.
• Sequenced: tasks are ordered so dependencies are clear.
• Owned: every item has a responsible person or team.
• Reviewable: changes to tools, policies, and permissions can be updated over time.

If your current process lives in scattered notes or repeated Slack messages, turn it into a documented SOP checklist. A related resource is SOP Checklist Template: How to Document Repeatable Business Processes, which can help you formalize repeatable setup steps.

Before using the checklist below, define a few inputs for every hire:

• Employee name and start date
• Employment type: full-time, part-time, contractor, temporary
• Department and role
• Manager and approval owner
• Work location: office, remote, hybrid
• Device type needed
• Required systems and optional systems
• Security tier, if your company uses one

Those inputs let you turn a general new employee setup checklist into a practical user provisioning checklist that your team can reuse with fewer exceptions.

Checklist by scenario

Use this section as your base checklist template. For most teams, it helps to break work into pre-start, day-one, and first-week actions, then adjust by role and device policy.

1. Pre-start checklist: before the employee's first day

This stage prevents the most common delays. Ideally, complete these items several business days before the start date.

• Confirm core details
  • Verify legal name, preferred display name, title, manager, and department.
  • Confirm start date, working hours, and location.
  • Confirm employment type and whether access should be time-limited.
• Assign task owners
  • Identify who handles hardware procurement or preparation.
  • Identify who creates accounts.
  • Identify who approves role-based access.
  • Identify who runs the handoff with the employee.
• Prepare hardware
  • Assign laptop or desktop.
  • Record device serial number and asset tag.
  • Add device to inventory tracking.
  • Install operating system updates.
  • Install approved security software.
  • Set up device management if used.
  • Prepare accessories such as charger, monitor, dock, keyboard, mouse, headset, and phone if needed.
• Create identity and core accounts
  • Create company email account.
  • Create single sign-on account if used.
  • Create directory account or identity provider profile.
  • Set temporary password according to policy.
  • Require password change on first login, if relevant.
  • Enroll the employee in multifactor authentication.
• Provision essential tools
  • Chat and team communication tools
  • Calendar
  • Video meeting tools
  • Shared file storage
  • Password manager
  • Project management or task management system
  • Knowledge base or internal wiki
  • HR or payroll portal, where appropriate
• Set role-based access
  • Add the employee to the correct groups, teams, or distribution lists.
  • Grant access to department folders, drives, and internal documentation.
  • Grant access to role-specific software only after approval.
  • Check whether read-only access is enough for any system.
  • Document exceptions to standard access.
• Prepare delivery and instructions
  • Confirm shipping address or desk location.
  • Schedule device handoff or shipment timing.
  • Prepare a simple day-one login guide.
  • Include help desk contact and escalation path.

2. Day-one checklist: first login and access verification

Day one is about getting the employee productive quickly without skipping security controls.

• Verify device readiness
  • Confirm the employee received the correct device and accessories.
  • Confirm the device powers on and connects to the internet.
  • Verify operating system setup is complete.
  • Confirm endpoint security or monitoring tools are active if applicable.
• Complete authentication setup
  • Confirm email login works.
  • Confirm SSO login works.
  • Complete MFA enrollment and test it.
  • Confirm backup authentication options if your policy requires them.
• Test critical applications
  • Open chat and join the correct team spaces.
  • Access the calendar and accept meetings.
  • Open file storage and verify shared folders.
  • Log in to project or ticketing tools.
  • Confirm the password manager is working.
• Review security basics
  • Explain password and MFA expectations.
  • Review approved storage locations for company files.
  • Review phishing reporting steps.
  • Explain device locking, screen privacy, and update expectations.
  • Clarify rules for personal devices if bring-your-own-device is allowed.
• Confirm communication access
  • Add the employee to team channels, mailing lists, and meeting groups.
  • Provide naming conventions for files and shared folders if used.
  • Share the internal directory, org chart, or contact list.

3. First-week checklist: role-specific systems and cleanup

Many access issues appear only after the employee starts doing real work. Use the first week to complete and refine setup.

• Role-specific applications
  • CRM, finance, support, design, engineering, or operations tools as needed
  • Internal databases or reporting systems
  • Approval workflows and dashboard access
  • Shared inboxes or queue-based systems
• Permission review
  • Check whether the employee has too much access or too little.
  • Remove test or temporary permissions.
  • Document final approved access.
• Workflow orientation
  • Show where templates, SOPs, and recurring checklists live.
  • Explain how requests for additional access are made.
  • Clarify support channels for device or software issues.
• Asset and record completion
  • Confirm inventory records are complete.
  • Record assigned accessories.
  • Save approval records for sensitive systems.
  • Confirm acknowledgment of key policies, if your process includes it.

4. Scenario-based additions

Most teams should keep one base employee access checklist and add scenario modules as needed.

Remote employee setup

• Confirm shipping timeline and signature requirements.
• Include setup instructions that assume no in-person help.
• Test VPN or secure remote access if used.
• Provide a remote support process for first login issues.
• Confirm home network guidance and secure workspace expectations.

In-office employee setup

• Assign desk, badge, and office network access.
• Confirm printer or local network access if required.
• Prepare conference room booking permissions if needed.

Contractor or temporary worker setup

• Set an access end date in advance.
• Limit access to only the systems needed for the engagement.
• Avoid broad internal directory or sensitive folder access unless required.
• Define who reviews renewal or removal of access.

High-access or sensitive-role setup

• Use a stricter approval path for finance, customer data, admin tools, or production systems.
• Separate admin access from standard day-to-day user accounts if appropriate.
• Log and review elevated permissions carefully.

If this checklist sits within a wider onboarding process, pair it with Employee Onboarding Checklist for Small Businesses so IT setup does not happen in isolation from HR, payroll, and manager-led onboarding.

What to double-check

The fastest way to improve a device setup checklist is to identify the items that most often fail quietly. These are the details worth reviewing before you call the setup complete.

• Correct identity data
  A misspelled name, wrong department, or incorrect manager can cascade into broken permissions and missed notifications.
• MFA actually tested
  Enrolling a method is not the same as proving it works. Test a real sign-in.
• Group-based access
  Whenever possible, assign permissions through role groups rather than one-off manual grants. It is easier to review and easier to remove later.
• Shared drive and folder permissions
  A new employee may reach the file system but still be blocked from the exact folders they need.
• Licenses and seat availability
  An account may exist without the required paid license or feature tier.
• Password manager access
  If your team stores shared credentials, confirm the employee can access the right vaults and collections.
• Distribution lists and team channels
  People often receive core app access but miss the communication spaces where real work happens.
• VPN or network-dependent tools
  Some systems work only inside specific networks or after device trust is confirmed.
• Admin versus user permissions
  Grant the minimum level needed. If elevated rights are required, document why.
• Offboarding readiness
  Even during onboarding, make sure accounts and devices are assigned in a way that can be tracked and reversed later.

It can also help to review setup from the employee's point of view. Ask: can this person communicate, access documents, complete core work, ask for help, and protect company data? If the answer is no in any one category, the checklist is incomplete.

For teams building broader recurring operations, Small Business Operations Checklist: Daily, Weekly, Monthly, and Quarterly Tasks offers a useful model for structuring repeatable operational work.

Common mistakes

Most onboarding friction comes from process design, not technical complexity. These are the mistakes that make a new employee setup checklist harder to maintain or less reliable over time.

• Using one generic checklist for every role
  A single list seems simpler, but it usually grows into a confusing mix of irrelevant tasks and missed exceptions. Keep a base checklist plus role or scenario add-ons.
• Relying on memory for approvals
  Sensitive access should have a clear approval owner and a record of who approved what.
• Granting broad access “for now”
  Temporary over-provisioning often becomes permanent. Start narrow and expand only where needed.
• Skipping documentation because the team is small
  Small teams often feel they can manage informally, but growth makes undocumented setup harder very quickly.
• Not defining task ownership
  If hardware, accounts, and access are all “handled by the team,” missed steps are almost guaranteed.
• Ignoring first-week feedback
  The employee and manager usually discover missing access only after real work begins. Build a follow-up review into the checklist.
• Failing to update the checklist when tools change
  A checklist becomes unreliable when the software stack changes but the process does not.
• Treating setup as separate from handoff
  The employee needs instructions, support contacts, and context, not just accounts.

A practical fix is to store your checklist beside adjacent workflow templates, such as project handoff and SOP documentation. For example, Project Handoff Checklist for Teams: Files, Access, Approvals, and Next Steps can help your team standardize ownership and transition points across other business processes too.

When to revisit

Your IT setup checklist should be a living document. Review it before recurring hiring periods and whenever the underlying workflow changes. In practice, that means revisiting the checklist when any of the following happens:

• You add or retire a core software tool.
• You change device policy, such as moving from BYOD to company-managed devices.
• You introduce or tighten security controls.
• You create new roles, teams, or approval paths.
• You notice repeated onboarding delays or access tickets.
• You prepare for a seasonal hiring cycle or a growth push.

A simple maintenance routine works well:

1. Review the last three to five onboarding cases. Identify which steps caused confusion, rework, or delays.
2. Update the base checklist. Remove obsolete tools, rename systems, and fix vague instructions.
3. Review role-based access groups. Check whether permissions still match actual job responsibilities.
4. Test the checklist with one real hire. Use feedback from the manager, the employee, and whoever provisioned access.
5. Set a future review date. Even a lightweight quarterly or pre-hiring-cycle review keeps the document useful.

If you want this article to become a repeatable internal asset, turn it into a versioned template with these columns: task, owner, due date, approval required, status, notes, and completion evidence. That structure makes the checklist easier to assign, audit, and refine.

The final action step is straightforward: create one master IT setup checklist, one short role-based access matrix, and one day-one handoff guide. Together, those three documents cover most of what teams need to provision new hires consistently. Once those are in place, each onboarding becomes easier to repeat, easier to review, and easier to improve.