June 16

A Guide to Cloud Onboarding: Best Practices

Migrating to the cloud sounds like a euphemism for dying, but it’s way better than that—it’s a way of working that frees up your people to work from anywhere on almost anything. But you already know that, because you’re hiring a dozen new lovelies to work on that thing you do. 

Your job is to get them onboarded and productive before tea time. Here are some of our favorite cloud onboarding best practices, because it’s something you need today.

Erm, What’s The Cloud, Please?

No question is too dumb for us, because we all had to start somewhere. The cloud isn’t an actual cloud, which is a shame. The cloud is just a quick way of saying “an unholy mix of dull and boring servers scattered throughout the world that hold the data, apps, and tools you want to access from your own device.”  

You probably already use the cloud. If you use tools like Slack, Dropbox, Google Drive, Canva, SalesForce, and Wix, you’re already doing stuff in the cloud. Maybe you’ve even migrated corporate apps to the cloud, but there’s so much SaaS out there, why would you? Why use your old clanky database when there’s Airtable*? Why get a cat and poop in the litter tray yourself? Let’s move on.

So, What’s Cloud Onboarding, Then?

Cloud onboarding gives your people access to those cloud-held apps from their devices. As long as they have an internet connection, they can work from anywhere. But to do it safely, securely, and quickly, you’re going to need a few best practices in your Toolbox of Useful Stuff To Know. Fill your toolbox with these:

Cloud Onboarding Best Practices


Best Practice 1: Role/App Allocation

Work with your HR person on this one. Good data security practitioners are big fans of the principle of least privilege, which is a swanky way of saying, “you only get access to the data you need to do your job.” This means you and your HR colleague need to work out which team gets access to which app or dataset. Maybe everyone needs access to Slack. Perhaps it’s just the sales team that needs Salesforce. And no one outside HR gets a look at employees’ personal data on that salary platform you use. From this information, you can configure rules to ensure that people get access only to the stuff they need.

It works for your new hire, too—they won’t be overwhelmed with a catalog of apps that look scary, but they’ll never need. 

Best Practice 2: Cloud Single Sign On (SSO)

This is the mother of all cloud onboarding best practices. Cloud SSO enables your hire to access all the appropriate apps and data with one username and password. This reduces the risk of data security breaches because they only have one password to remember for everything, and saves your IT person from a breakdown, because they’re not spending 35 hours a day dealing with lost passwords.

But under the hood, there’s a lot more going on. SSO is a single entry point and can be reinforced into a super-strong gateway that can confound hackers. And if your SSO comes in SAML flavor, even better. Security Assertion Markup Language (SAML) transfers your new hire’s identity from one place to another: from the identity provider to the service provider. For instance, if your new hire’s identity is validated through being a user of your corporate intranet (the identity provider), SAML-flavored SSO will say: “Ah, ok, this person is authorized because they’re an employee of this company, so now I can create accounts and log them in on all these corporate-approved apps (the service providers).”

What gets data security geeks a bit too excited about SSO is that the SaaS apps themselves can’t be hacked because there’s no password or username. The SSO holds the password and username, not the app. Whooba!

SSO providers are breeding like green slime in a petri dish. You may have heard of Okta, which is one of the more popular providers of SSO; they’re good, but there might be a better choice for your setup, and you can ask us why

Best Practice 3: Multi-Factor Authentication

Your SAML-flavored SSO will usually come with a side of Multi-Factor Authentication (MFA) which is what all the cool compliance kids are doing these days. MFA tightens data security further by verifying users with what they know (e.g., a password, a passcode) with what they have (a smartphone).

Best Practice 4: Keep A Big Eye On Your Costs

Cloud SSO is easy, but it isn’t always cheap, so it’s essential to understand what and when you’ll be charged. SaaS will bill you from the date you set up accounts for your new hires, so it’s best practice to decide how long in advance to set them up. You don’t want to pay for services you’re not using, and you want enough time to prepare. Three or four days before your newbie’s first day is a good rule of digits. 

Beware the sneakies, though. If you want SAML with your SSO, some SaaS will double the cost of your licence. Google doesn’t do this because it’s too rich to care, but SaaS like Slack and Airtable do (*this is why you may not want Airtable). Evidently, SSO security is a luxury rather than a core feature of some services. If you don’t feel angry enough, check out the SSO Wall of Shame for more opportunities for uncontrolled rage. (Hint: we’ve outsneakied the sneakies by finding some clever, ethical ways to get around the great licensing robbery. Just ask.)

Best Practice 5: Don’t Forget Offboarding

It’s important to remember that their cloud accounts are still active when your employees leave. It’s good practice to have robust offboarding procedures and tools that retrieve corporate data and close those accounts.

Get Started With Cloud Onboarding

Cloud onboarding can be complex, but get it right, and everybody’s happy: your new hire gets a great first day, your compliance officer sends you cookies, and you can use all that time you save for tackling the rest of your To-Do list. 

If cloud onboarding might be something that makes business better for you, give us a call. Here to help, as always.

You may also like