Skip to main content

🚀 Onboarding Journey in a Nutshell Explained

A quick overview of the onboarding journey — from company branding and site setup, through zones, tasks, and roles, to finalizing devices and access controls.

S
Written by Sophie
Updated over 2 months ago

When setting up your account for the first time, we recommend following the sequence below.
This approach is based on best practices and our experience assisting other organisations in successfully implementing the system.

To get started, begin by setting up your Company Branding. This forms the foundation of your organisation’s identity

1. Onboarding Journey Start: Company Branding

Company Branding → Start by defining your organisation’s identity within the system. This step not only helps personalise your environment but also ensures consistency for all users interacting with your system.

2. Structuring Your Environment: Sites & Zones & Tasks

This stage is about defining how your physical and operational environment is represented in the system.
By setting up Sites, Zones and Tasks correctly, you establish the framework for all site activities, access permissions, and compliance processes.

What Are Sites?

Sites are separate company environments within your account.
They can represent:

  • Separate business units or operational branches.

  • Individual locations that require independent management of users, access, and compliance.

During the onboarding phase, site creation is one of the first key steps to ensure everyone is aligned from the start. This step is completed in collaboration with the Support Team to make sure all details are aligned with your operational structure and project scope.

What Are Zones?

Zones represent distinct areas, departments, or operational sections within each of your sites.
Each zone functions independently — with its own check-in and check-out process — allowing for precise tracking of where individuals are located and which parts of the site they can access.

For example:

  • Reception – Entry point for visitors and contractors.

  • Access Control Zone – Restricted area for authorised personnel only.

  • Warehouse – Operational space requiring special training or permits.

  • Administration Office – Limited access for internal staff.

When a person moves from one zone to another, the system records this as two separate visits.
This design provides full visibility of user movement across different operational areas, which is critical for security, safety management, and audit trails.

Best Practice:

  • Define zones that reflect your real physical or operational layout.

  • Avoid creating unnecessary zones — keep it practical and manageable.

  • Define user access points within each zone.
    Identify where and which users will check in and out — such as gates, reception desks, or access terminals. This ensures precise monitoring of user movement and accurate time and attendance tracking.

More information on how to create and manage zones can be found here

After your zones have been created, the next step is to establish the tasks that control access and compliance within those areas.

What are Tasks?

Tasks represent the requirements users and companies must complete before being granted entry to a site or zone.
They form the foundation of your access control process — ensuring that everyone entering your environment is qualified, compliant, and authorized to be there.

⚠️ Tasks Drive Access – The Foundation of Access Control


These requirements may include:

  • Submitting essential information (e.g., contact details, company data).

  • Uploading documents such as contracts, certifications, or insurance policies.

  • Completing training modules, safety inductions, or compliance acknowledgements.

  • Accepting terms or policies required for entry.

Why Tasks Matter

Tasks serve as your first line of control — ensuring that every person entering your site is properly verified, qualified, and authorised.


They help:

  • Enforce compliance and reduce liability.

  • Automate validation for roles, companies, and events.

  • Maintain accurate records for audits and safety reviews.

Example Scenario:

  • A contractor must upload their company’s safety certification and complete a site induction.

  • An employee must complete an annual training module.

  • A truck driver must present valid delivery documentation.

If any required task remains incomplete, the system automatically blocks access at check-in points, maintaining compliance integrity.

More information on how to create and manage tasks can be found here

3. User & Company Configuration: Roles, Company Types & Events

Once your zones and tasks have been set up, your site structure and access requirements are in place.
The next step is to define who will interact with your sites and how they’ll be managed in the system.
This involves configuring user roles, company types, and event settings — ensuring that every person and organisation operates under the correct permissions and compliance rules.

User Roles

What are user roles?

User roles define the permissions, responsibilities, and access levels assigned to different types of users within the system.

After tasks have been created, they can be assigned to specific user roles — for example, Employee, Contractor Admin, or Site Manager.
Each role determines what actions a user can perform in the system and which requirements they must complete before being granted access.

The responsible person (for instance, a Contractor Admin) must first complete all company-based tasks — such as submitting a VCA certificate, Contractor Agreement, or insurance documentation — before they can begin registering users from their company.


Only after these prerequisites are met can the company’s individual users start completing their own access-related tasks (e.g., personal training, identification, or certifications).

Defining user roles clearly ensures that:

  • Responsibilities and permissions are aligned with organisational structure.

  • Compliance is managed consistently across all user types.

More information on how to create and manage user roles can be found here

Company Types

What Are Company Types?

Company Types define and categorise the different organisations that interact with your sites — for example, Contractor Companies or Suppliers.
Each company type can have its own access requirements, permissions, and administrative controls to ensure compliance and accurate site management.

After tasks are created, they can be assigned to a Company (ex. Contractor Admin). The responsible person must first complete the required company-based tasks (e.g., VCA, Contractor Agreement) before they can begin registering users from their company.

Best Practice: Configuring Company Types

  • Define company types based on real operational relationships (e.g., contractors, suppliers, internal teams).

  • Keep your list manageable — avoid redundant or overlapping types.

  • Link only the essential tasks and requirements to reduce onboarding friction.

  • Use Lock Delegated Roles for strict access control, especially in high-security environments.

More information on how to create and manage company types can be found here

Event Types

What Are Events?

Events represent planned or scheduled activities taking place within your sites — such as training sessions, workshops, maintenance operations, or temporary visits.
Each event can have its own participants, assigned zones, and compliance requirements.
Managing events through the system ensures that all attendees meet the necessary safety and access criteria before they arrive on-site.

What Is an Event Type?

An Event Type is a category used when creating events. It provides a clear description of the purpose or nature of the event and determines what access rules and tasks apply, ensuring that all participants are properly validated before the event begins.

Examples of event types include:

  • Day Visit – Temporary access for short-term visitors or guests.

  • Company Workshop – Training, presentation, or information-sharing session.

  • Maintenance Activity – Scheduled service, inspection, or repair carried out by contractors.

Best Practice: Managing Event Types

  1. Create event types that match real operational activities (e.g., Training, Audits, Maintenance, Day Visits).

  2. Assign relevant tasks to each event type to ensure all required documentation or training is completed before participation.

  3. Use consistent naming across sites for easy identification and management.

  4. Encourage organizers to plan ahead and confirm participants have completed all required tasks before the event date.

More information on how to create and manage event types can be found here

4. Finalising Setup: Devices & Blocklist

Once all the previous configuration steps are complete — including your zones, tasks, user roles, company types, and event types — you can finalise your setup by configuring devices and managing the User Blocklist.

This final stage connects your digital configuration to your physical environment, ensuring that access control, user validation, and security restrictions are enforced directly on-site.

Devices

What Are Devices?

Devices represent the physical equipment connected to your system — such as access scanners, badge readers, or kiosks — that control and record user movement across your sites and zones.


They form the bridge between your configured environment and real-world access management, ensuring that every check-in, check-out, or verification is securely logged in the system.

How Devices Work

Each device is linked to a specific site and zone, allowing the system to accurately record where and when users enter or exit.
When a user scans their credential (e.g., badge or QR code), the device verifies that:

  • All required tasks are completed,

  • The user has permission for that site or zone, and

  • The user is not listed on the blocklist.

Only when all conditions are met will access be granted. This ensures a fully automated and secure access control process.

More information on how to create and manage devices can be found here

The User Blocklist

What Is the User Blocklist?

The User Blocklist is a security feature that allows administrators to restrict or flag users based on specific identifying criteria.

When a user is created or updated, the system automatically compares their information against the blocklist.
If a match is found, that user is automatically flagged for review or denied access, depending on your configuration settings.

This feature helps prevent unauthorised or non-compliant individuals from gaining entry to your sites while maintaining a record for administrative review.

More information on how to create and manage user blocklists can be found here

Did this answer your question?