Client Onboarding (Day Of) SOP
DTC
Client Onboarding SOP
On-Site & Remote Tech Field Guide
1. Purpose & Scope
This SOP defines the standard onboarding process for new DTC clients. The goal is a focused, efficient onboarding completed in 2–4 hours that gets the core infrastructure in place and hands the client a fully monitored, secured, and connected environment.
This onboarding covers three deliverables only:
• NinjaRMM agent deployment on all workstations and devices
• DTC Security Stack deployment (pushed remotely)
• Unifi UDM Pro firewall setup and configuration
⚠ NOTE: Anything outside these three items — troubleshooting legacy issues, broken peripherals, software problems, etc. — is NOT part of the onboarding. Any issues discovered during the onboarding are captured in a post-onboarding punch list and converted into separate support ticket. |
2. Roles & Responsibilities
🖥 On-Site Tech |
• Physically present at the client location for the duration of the onboarding
• Primary point of contact with the client and office staff on-site
• Handles all physical tasks: install of backup appliance and UDM Pro firewall
• Confirm NinjaRMM agent on all devices and capable of remoting into by remote resource
• Installs and confirms remote tech can configure the Unifi UDM Pro firewall
• Collect the post-onboarding punch list from the client before leaving & add info into project notes to be address post onboarding
• Confirms with the client that onboarding deliverables are complete
☁ Remote Tech |
• Joins the onboarding session via remote connection to support on-site tech
• Pushes the DTC Security Stack bundle remotely once NinjaRMM is live
• Monitors NinjaRMM agent check-ins across all enrolled devices
• Applies policies and configuration in NinjaRMM for the new client
• Verifies all devices are reporting correctly before sign-off
3. Pre-Onboarding Checklist (Day Before)
Complete these items before arriving on-site. Do not show up without them done.
Task | Role | Done? |
NinjaRMM new client org created and agent installer ready | Remote | ☐ |
Security stack bundle confirmed and staged for deployment | Remote | ☐ |
Unifi UDM Pro is provisioned, unboxed, and ready to configure | On-Site | ☐ |
Client network diagram / IP scheme reviewed (if available) | Both | ☐ |
Client point of contact confirmed and on-site access arranged | On-Site | ☐ |
Onboarding start time confirmed with client | On-Site | ☐ |
4. Onboarding Steps — Field Execution
Phase 1 — Arrival & Quick Network Audit (0:00 – 0:30)
On-Site Tech: Do a fast walkthrough of the office before touching anything.
• Count all workstations, servers, and network-connected devices
• Identify current router/firewall (note make and model for punch list) – should be in Network Assessment document
• Locate all network switches and patch panel locations
• Note any obvious issues (damaged cables, devices off, no network, etc.) — log them, do not fix them now
• Check in with client POC — introduce yourself, set expectations for the 2–4 hour window
⚠ NOTE: Do not attempt to troubleshoot anything you find during the walkthrough. Log it on the punch list and keep moving. |
Phase 2 — NinjaRMM Agent Deployment (0:30 – 1:30)
Goal: Every Windows/Mac workstation and server is enrolled in NinjaRMM and reporting.
• Remote Tech creates the client org and pulls the agent installer URL
• On-Site Tech runs the installer on each workstation manually if needed, or deploys via GPO/script if the domain is accessible
• Remote Tech confirms each device checks in to NinjaRMM in real time
• Any devices that cannot be accessed (locked, off, missing) go on the punch list
• Proceed once 100% of accessible devices are enrolled and reporting
⚠ NOTE: Workstations that are powered off or inaccessible during the visit do not block the onboarding. Log them and move on. If workstation is capable of turning on, get Ninja on them so they are managed and security stack can be deployed |
Phase 3 — Security Stack Deployment (1:30 – 2:00)
Goal: DTC security stack is pushed and active on all enrolled devices.
• Remote Tech pushes the security stack bundle via NinjaRMM to all enrolled endpoints
• On-Site Tech can continue UDM Pro setup during this phase (see Phase 4)
• Remote Tech monitors deployment status — confirm each device completes install
• Any failures are logged and added to the punch list — do not hold up the onboarding
Phase 4 — Unifi UDM Pro Firewall Setup (1:30 – 2:30)
Goal: UDM Pro is physically installed, configured, and live as the network gateway.
• On-Site Tech physically installs the UDM Pro in the network rack or appropriate location
• Connect WAN port to ISP modem/ONT
• Connect LAN/switch ports to existing network infrastructure
• Configure basic WAN settings (DHCP or static IP per ISP requirements)
• Set LAN subnet and DHCP scope per DTC network standards
• Enable IDS/IPS (Intrusion Detection/Prevention) — standard DTC policy
• Apply any VLANs required for the client (guest Wi-Fi, VoIP, etc.) based on pre-onboarding notes
• Confirm internet is live from multiple workstations before proceeding
• Remote Tech verifies devices continue to report in NinjaRMM after the network change
⚠ NOTE: If the existing network setup causes complications during the UDM Pro cutover, get internet back up first — then log the issue for the punch list. Client downtime must be minimized. |
Phase 5 — Verification & Sign-Off (2:30 – 3:00)
Both techs run final checks before closing out the onboarding.
• Remote Tech confirms all NinjaRMM agents are reporting with policies applied
• Remote Tech confirms security stack is active on all enrolled devices
• On-Site Tech confirms internet is working from the client's workstations
• On-Site Tech walks through the onboarding completion checklist (Section 6) with client POC
• On-Site Tech collects the punch list from staff — any issues noticed today go on this list
• Onsite Tech adds notes in onboarding ticket for PM to create post-onboarding support ticket from the punch list before the on-site tech leaves
5. Post-Onboarding Punch List Process
Before leaving the site, the on-site tech sits down with the client POC and asks:
• "Are there any devices, printers, or software that aren't working the way they should?"
• "Is there anything your team has been struggling with that you want us to add to post-onboarding checklist"
Every issue the client mentions gets written down — no filtering, no on-the-spot fixes. Hand the list to the remote tech.
⚠ NOTE: The punch list becomes a support ticket. It is NOT part of onboarding. This keeps the onboarding clean and gives the client a clear path to getting their other issues resolved through proper support channels. |
6. Onboarding Completion Criteria
The onboarding is NOT complete until all the following are verified:
Task | Role | Done? |
NinjaRMM agent installed and reporting on all accessible workstations and devices | Remote | ☐ |
NinjaRMM policies applied to the new client org | Remote | ☐ |
DTC Security Stack deployed and active on all enrolled endpoints | Remote | ☐ |
Unifi UDM Pro installed, configured, and live as the network gateway | On-Site | ☐ |
Internet confirmed working from multiple workstations post-UDM cutover | On-Site | ☐ |
Client POC has DTC support contact information | On-Site | ☐ |
Post-onboarding punch list collected from client | On-Site | ☐ |
Support ticket created from punch list for all non-onboarding issues | Remote | ☐ |
All work documented in HALO | Both | ☐ |
Account Manager (AM) notified that onboarding is complete | Both | ☐ |
7. What Is Out of Scope (Break/Fix Items)
The following are NOT onboarding tasks. If discovered during the onboarding, log on the punch list and address after:
• Printers not printing or drivers missing
• Dental or practice management software issues
• Domain join issues on existing workstations
• Legacy software conflicts or broken applications
• Email problems or M365 configuration issues
• Imaging hardware not functioning at operatories
• Veeam backup configuration and verification
• VoIP phone system issues
• Any pre-existing network problems unrelated to the UDM Pro install
⚠ NOTE: If a client or staff member asks you to fix something not on this list during the onboarding — acknowledge it, write it on the punch list, and let them know a tech will follow up on it via a support ticket. Do not let scope creep blow the 2–4 hour window. |
8. Target Timing Guide
Task | Role | Done? |
Arrival, walkthrough & quick audit | On-Site | ☐ |
NinjaRMM agent deployment across all devices | Both | ☐ |
Security stack push and verification | Remote | ☐ |
UDM Pro physical install and configuration | On-Site | ☐ |
Final verification, punch list, sign-off | Both | ☐ |
Total target window: 2.5 – 4 hours. If approaching the 4-hour mark, notify PM of delays and issues creating onboarding to extend past the 4 hr time frame.