joiners process - alphagov/notifications-manuals GitHub Wiki
These steps need to be done after the new starter has a gov email address. Not all of these steps are relevant to all roles, so consider whether each one is needed.
https://trello.com/b/ANXKSnEI/make-a-copy-govuk-new-starter-board
Make a trello 'joiners ticket' from this template: https://trello.com/c/CGRUGe2B/575-onboarding-for-enter-name
This is so you don't forget anything and it's clear to the rest of the team what has been completed and what has not.
You should get confirmation that they held Security Check (SC) level security clearance and add this and its expiry to https://docs.google.com/spreadsheets/d/1LZLgPiWLmVpu0SNbnpri20PEiPkQYrMbnTkC5o9i9dU/edit#gid=0
If a new joiner already has SC clearance with another government department then either they, or their line manager, needs to apply to get the clearance transferred to the Cabinet Office.
To request the transfer this form needs to be completed and sent to [email protected]
If the new joiner does not have SC clearance, as long as they are applying for it then they can still have access to all the things (including production). If they fail their SC clearance then we will remove access.
You can find a list of our google groups by searching for 'notify' on https://groups.google.com/my-groups. From there, one of Leo and Ishwar are able to add them to each relevant group.
Some Google Groups are automatically accessible if the person belongs to the "notify" group. For example, GOV.UK Notify Support (Zendesk) and GOV.UK Notify DVLA.
The new joiner should be added to either the @notify-features-team
or @notify-infra-team
.
On the left hand side of slack, go to "More" > "Your organisation" > "People" > "User groups". There you can search for the relevant group and add the new member.
This should add them to a handful of key Notify slack channels automatically (team, incident, etc)
Invite the new joiner or ask them to join any slack channels they think are relevant. All notify channels are prefixed #govuk-notify-...
The new joiner should join the x-gov slack (https://ukgovernmentdigital.slack.com) and the x-gov #govuk-notify slack channel - https://ukgovernmentdigital.slack.com/archives/C0E1ADVPC
They should also go to 'Edit profile' and set their display name in x-gov slack to be Full name - GOV.UK Notify
to match all our other team members.
There is a instance of Slack run by Public Code which is building a community of teams running Notify across the world (for instance, like the Canadians who have forked our code). You should invite them to this slack so we can share and learn from other governments.
We have a team workspace for Trello. Irina should be able to invite you at https://trello.com/w/gds_platformsandservices/members
Tech people will need to be given a Yubikey.
Non tech people do not need to get a Yubikey and instead can use the touch ID on their Mac as a secure MFA.
Instructions on how to get a yubikey, how to use it and when to use it are found in the Yubikeys section of this team manual.
Even those not contributing code will need a Github account.
First, get them to add their work email to their Github account (otherwise they may get booted out of alphagov).
You'll first need a github owner to add them to the organisation. Contact an org owner (see list of org owners). David is on this list.
You'll then need to add them to their relevant Notify github team:
-
notify
- if they should contribute code (including, eg, content on our web pages) -
notify-wiki-editors
- if they should not contribute code
Once they've been added to the alphagov org, their github username will also need to be added to the appropriate groups in the notifications-concourse-deployment repo:
- https://github.com/alphagov/notifications-concourse-deployment/blob/main/terraform/deployments/concourse/site.tf
- https://github.com/alphagov/notifications-concourse-deployment/blob/main/terraform/deployments/concourse/team-notify.tf
Make sure they create and upload a GPG key following the instructions at https://github.com/alphagov/notifications-credentials/blob/master/README.md.
If the user is expected to contribute to certain repos, such as notifications-broadcasts-infra, they will need to start signing their commits with a GPG key.
The new user will have to set up their VPN. https://sites.google.com/a/digital.cabinet-office.gov.uk/gds/working-at-the-white-chapel-building/it-the-white-chapel-building/how-to/gds-vpn.
We give access to everyone in the team.
Users must authenticate using their GitHub account and be member of the notify
GitHub team. David or Leo can add users to this team.
Grafana may be accessed here: https://grafana.notify.tools/
Instructions found in the AWS accounts section of this team manual
🚨 You should make sure the joiner has already followed their onboarding trello and created a Notify account themselves already before inviting them to GOV.UK Notify! 🚨
This is so that they can go through the new user onboarding flows
Invite them to the "GOV.UK Notify" service in each environment, they don't need any permissions. Accepting the invite will give them access to the WebAuthn feature, so they can register their security key. They can either use their yubikey or their Mac touch ID.
When they register their security key, their login method should automatically change to webauthn_auth
. Ask them to log out and log in again to check that this has been set up successfully.
Once they've registered their security and checked they can log in with it, you can promote them to a Platform Admin. To do this, you should log in to the database with read_only turned off, and run:
# check they are using a security key
select auth_type from users where email_address = '[email protected]';
update users set platform_admin = true, updated_at = now() where email_address = '[email protected]';
You will then need to clear the user Redis cache for this to take effect - https://www.notifications.service.gov.uk/platform-admin/clear-cache.
You may want to do this for them on Preview and Staging as well.
When someone leaves, if you archive their user account on the Notify website then this automatically remove their platform admin status too
If developers want to run Docker Desktop locally they need a Dockerhub account. They will need adding to the GDS dockerhub organisation by David.
Developers can either use their personal dockerhub account or they can set up a new one (suggested name is firstnamelastnamegds).
Non-developers shouldn't need this.
Ask David to do it. They should sign in by typing their email, not using the google SSO option.
Non-developers shouldn't need this.
Ask David to invite them. They should ideally register by clicking the the 'Log in with Google' button.
Add new joiner to Zendesk. Create a Zendesk ticket with your request and assign to 2nd/3rd Line Zendesk Administration. Include new joiner's full email and what Zendesk groups they need to be added to.
We have limited seats on Pagerduty. Pagerduty accounts are managed centrally by GDS. Generally as a new joiner you won't need an account for Pagerduty. After a while of being on the team you may end up being asked to get an account as part of helping support Notify.
We have limited seats (currently 10) on our StatusPage. Historically, we use StatusPage to:
- Tell people about a technical incident with Notify. If the new joiner is likely to be a comms lead on future incidents, then they'll need access (or someone else will have to update StatusPage on their behalf).
- Tell people about issues with our providers, such as delays with sending letters. If the new joiner is going to be liaising with our providers, they'll need access - often this falls to developers on support.
If they are interested, they can be added to Google Analytics at https://analytics.google.com/analytics/web/#/a72121642w113561044p162795857/admin/suiteusermanagement/property. Several team members (Chris, David currently) are able to add people.
We are currently trying to avoid using Splunk or requiring access to it as we already have several logging tools. If you do want access then speak to David.
You don't need to be added to our Twilio account. We use a shared account for it generally instead.
GDS has a browserstack account for cross browser testing. Talk to Tom on the team, or ask in the frontend channel if he's not around, to get added to it.
...
Not everyone needs this but to get access we need to request it from the Cabinet Office Digital team
Helps us know our delivery rates for delivering to Gmail. Leo is the only person who can give access to this.
Make sure they know everything is set up and they know how to and have checked that they can access each of the above. This is also a good time to talk them through how we work as a team (the Tech Lead may also do this).
Some talking points:
- How the Pivotal board works (stages of a story)
- How standup works (what to do, when to speak)
- What meetings we have and why we have them
- What goes in the backlog and how is it prioritised
- What story to pick up from the backlog
- How to get your PRs reviewed