Kecktech IT Solutions

Help Center / Support Processes

Customer Onboarding Process

Book: Support Processes

Review status: APPROVED

Customer Account Onboarding ΓÇö Kecktech IT Solutions

This document describes the process for provisioning a new customer user account across the Kecktech stack, granting access to the Customer Portal, password vault, and relevant customer-facing data.

Tip: Use the automated Onboarding Wizard at https://dashboard.kecktech.net/ops/onboarding to complete Steps 1ΓÇô4 automatically.

Overview

Customer accounts use LLDAP for authentication (via Authelia SSO). A customer in the kecktech_customers group gets:

  • One-factor auth access to portal.kecktech.net
  • Access to their Vaultwarden collection (shared by staff)
  • Linked records in Zammad and ERPNext for personalized portal data

Step 1 ΓÇö Create Customer Account in LLDAP

Access: https://lldap.kecktech.net (Tailscale required) ΓÇö log in as keckadmin

  • Go to Users ΓåÆ Create User
  • Fill in:
- Username: firstname.lastname (lowercase, no spaces) - Email: customer's email address - Display Name: Full name - Password: Generate a strong password (store in Step 3)
  • Save the user.
  • Go to the user's detail page ΓåÆ Add to Group ΓåÆ kecktech_customers
Note: Do NOT add customers to kecktech_admins or kecktech_ops.

Step 2 ΓÇö Add Credentials to Vaultwarden

Access: https://vault.kecktech.net ΓÇö log in as staff admin

  • Navigate to the appropriate Customer Collection (named after the client company).
  • Create a new Login item:
- Name: Customer Portal ΓÇö {Customer Name} - Username: LLDAP username from Step 1 - Password: Password generated in Step 1 - URL: https://portal.kecktech.net
  • Save. Optionally share the collection with the customer if they have a Vaultwarden account.

Step 3 ΓÇö Verify Zammad Account

Access: https://tickets.kecktech.net ΓÇö log in as admin

  • Go to Admin ΓåÆ Users ΓåÆ Search for the customer's email.
  • If no Zammad account exists, create one:
- Email: same as LLDAP email - Name: Full name - Role: Customer
  • Assign to the correct Organization in Zammad (matches company name).

Step 4 ΓÇö Verify ERPNext Customer Record

Access: https://ops.kecktech.net ΓÇö log in as ERPNext admin

  • Go to CRM ΓåÆ Customers ΓåÆ Search for the customer's company name.
  • Ensure a Customer record exists with the correct name.
  • Verify at least one Sales Invoice is linked to this customer.

Step 5 ΓÇö Test Access

  • Open a private/incognito browser window.
  • Navigate to https://portal.kecktech.net.
  • Authelia will redirect to the login page ΓÇö log in with the customer's LLDAP credentials.
  • Verify:
- Welcome banner shows the correct name. - Support tickets appear (if any exist in Zammad). - Invoices appear (if any exist in ERPNext).

Off-boarding a Customer

  • LLDAP: Remove user from kecktech_customers group or disable/delete the account.
  • Vaultwarden: Revoke collection share or delete customer credentials.
  • Zammad: Set customer user to inactive.
  • ERPNext: No action required (historical invoices remain).