Skip to main content

Client Onboarding (Day Of) SOP

DTC

Client Onboarding SOP

On-Site & Remote Tech Field Guide

1. Purpose & Scope

This SOP defines the standard onboarding process for new DTC clients. The goal is a focused, efficient onboarding completed in 2–4 hours that gets the core infrastructure in place and hands the client a fully monitored, secured, and connected environment.

 

This onboarding covers three deliverables only:

•       NinjaRMM agent deployment on all workstations and devices

•       DTC Security Stack deployment (pushed remotely)

•       Unifi UDM Pro firewall setup and configuration

 

⚠ NOTE: Anything outside these three items — troubleshooting legacy issues, broken peripherals, software problems, etc. — is NOT part of the onboarding. Any issues discovered during the onboarding are captured in a post-onboarding punch list and converted into separate support ticket.

 

2. Roles & Responsibilities

 

🖥  On-Site Tech

 

•       Physically present at the client location for the duration of the onboarding

•       Primary point of contact with the client and office staff on-site

•       Handles all physical tasks: install of backup appliance and UDM Pro firewall

•       Confirm NinjaRMM agent on all devices and capable of remoting into by remote resource

•       Installs and confirms remote tech can configure the Unifi UDM Pro firewall

•       Collect the post-onboarding punch list from the client before leaving & add info into project notes to be address post onboarding

•       Confirms with the client that onboarding deliverables are complete

 

  Remote Tech

 

•       Joins the onboarding session via remote connection to support on-site tech

•       Pushes the DTC Security Stack bundle remotely once NinjaRMM is live

•       Monitors NinjaRMM agent check-ins across all enrolled devices

•       Applies policies and configuration in NinjaRMM for the new client

•       Verifies all devices are reporting correctly before sign-off

 

3. Pre-Onboarding Checklist (Day Before)

Complete these items before arriving on-site. Do not show up without them done.

 

Task

Role

Done?

NinjaRMM new client org created and agent installer ready

Remote

Security stack bundle confirmed and staged for deployment

Remote

Unifi UDM Pro is provisioned, unboxed, and ready to configure

On-Site

Client network diagram / IP scheme reviewed (if available)

Both

Client point of contact confirmed and on-site access arranged

On-Site

Onboarding start time confirmed with client

On-Site

 

4. Onboarding Steps — Field Execution

Phase 1 — Arrival & Quick Network Audit (0:00 – 0:30)

On-Site Tech: Do a fast walkthrough of the office before touching anything.

•       Count all workstations, servers, and network-connected devices

•       Identify current router/firewall (note make and model for punch list) – should be in Network Assessment document

•       Locate all network switches and patch panel locations

•       Note any obvious issues (damaged cables, devices off, no network, etc.) — log them, do not fix them now

•       Check in with client POC — introduce yourself, set expectations for the 2–4 hour window

 

⚠ NOTE: Do not attempt to troubleshoot anything you find during the walkthrough. Log it on the punch list and keep moving.

 

Phase 2 — NinjaRMM Agent Deployment (0:30 – 1:30)

Goal: Every Windows/Mac workstation and server is enrolled in NinjaRMM and reporting.

•       Remote Tech creates the client org and pulls the agent installer URL

•       On-Site Tech runs the installer on each workstation manually if needed, or deploys via GPO/script if the domain is accessible

•       Remote Tech confirms each device checks in to NinjaRMM in real time

•       Any devices that cannot be accessed (locked, off, missing) go on the punch list

•       Proceed once 100% of accessible devices are enrolled and reporting

 

⚠ NOTE: Workstations that are powered off or inaccessible during the visit do not block the onboarding. Log them and move on. If workstation is capable of turning on, get Ninja on them so they are managed and security stack can be deployed

 

Phase 3 — Security Stack Deployment (1:30 – 2:00)

Goal: DTC security stack is pushed and active on all enrolled devices.

•       Remote Tech pushes the security stack bundle via NinjaRMM to all enrolled endpoints

•       On-Site Tech can continue UDM Pro setup during this phase (see Phase 4)

•       Remote Tech monitors deployment status — confirm each device completes install

•       Any failures are logged and added to the punch list — do not hold up the onboarding

 

Phase 4 — Unifi UDM Pro Firewall Setup (1:30 – 2:30)

Goal: UDM Pro is physically installed, configured, and live as the network gateway.

•       On-Site Tech physically installs the UDM Pro in the network rack or appropriate location

•       Connect WAN port to ISP modem/ONT

•       Connect LAN/switch ports to existing network infrastructure

•       Configure basic WAN settings (DHCP or static IP per ISP requirements)

•       Set LAN subnet and DHCP scope per DTC network standards

•       Enable IDS/IPS (Intrusion Detection/Prevention) — standard DTC policy

•       Apply any VLANs required for the client (guest Wi-Fi, VoIP, etc.) based on pre-onboarding notes

•       Confirm internet is live from multiple workstations before proceeding

•       Remote Tech verifies devices continue to report in NinjaRMM after the network change

 

⚠ NOTE: If the existing network setup causes complications during the UDM Pro cutover, get internet back up first — then log the issue for the punch list. Client downtime must be minimized.

 

Phase 5 — Verification & Sign-Off (2:30 – 3:00)

Both techs run final checks before closing out the onboarding.

•       Remote Tech confirms all NinjaRMM agents are reporting with policies applied

•       Remote Tech confirms security stack is active on all enrolled devices

•       On-Site Tech confirms internet is working from the client's workstations

•       On-Site Tech walks through the onboarding completion checklist (Section 6) with client POC

•       On-Site Tech collects the punch list from staff — any issues noticed today go on this list

•       Onsite Tech adds notes in onboarding ticket for PM to create post-onboarding support ticket from the punch list before the on-site tech leaves

 

5. Post-Onboarding Punch List Process

Before leaving the site, the on-site tech sits down with the client POC and asks:

 

•       "Are there any devices, printers, or software that aren't working the way they should?"

•       "Is there anything your team has been struggling with that you want us to add to post-onboarding checklist"

 

Every issue the client mentions gets written down — no filtering, no on-the-spot fixes. Hand the list to the remote tech.

 

⚠ NOTE: The punch list becomes a support ticket. It is NOT part of onboarding. This keeps the onboarding clean and gives the client a clear path to getting their other issues resolved through proper support channels.

 

6. Onboarding Completion Criteria

The onboarding is NOT complete until all the following are verified:

 

Task

Role

Done?

NinjaRMM agent installed and reporting on all accessible workstations and devices

Remote

NinjaRMM policies applied to the new client org

Remote

DTC Security Stack deployed and active on all enrolled endpoints

Remote

Unifi UDM Pro installed, configured, and live as the network gateway

On-Site

Internet confirmed working from multiple workstations post-UDM cutover

On-Site

Client POC has DTC support contact information

On-Site

Post-onboarding punch list collected from client

On-Site

Support ticket created from punch list for all non-onboarding issues

Remote

All work documented in HALO

Both

Account Manager (AM) notified that onboarding is complete

Both

 

7. What Is Out of Scope (Break/Fix Items)

The following are NOT onboarding tasks. If discovered during the onboarding, log on the punch list and address after:

 

•       Printers not printing or drivers missing

•       Dental or practice management software issues

•       Domain join issues on existing workstations

•       Legacy software conflicts or broken applications

•       Email problems or M365 configuration issues

•       Imaging hardware not functioning at operatories

•       Veeam backup configuration and verification

•       VoIP phone system issues

•       Any pre-existing network problems unrelated to the UDM Pro install

 

⚠ NOTE: If a client or staff member asks you to fix something not on this list during the onboarding — acknowledge it, write it on the punch list, and let them know a tech will follow up on it via a support ticket. Do not let scope creep blow the 2–4 hour window.

 

8. Target Timing Guide

Task

Role

Done?

Arrival, walkthrough & quick audit

On-Site

NinjaRMM agent deployment across all devices

Both

Security stack push and verification

Remote

UDM Pro physical install and configuration

On-Site

Final verification, punch list, sign-off

Both

 

Total target window: 2.5 – 4 hours. If approaching the 4-hour mark, notify PM of delays and issues creating onboarding to extend past the 4 hr time frame.