Microsoft Windows is prohibited at Gitlab
  1. You are here:
  2. Business Technology
  3. Team Member Enablement
  4. GitLab onboarding and machine management

On this page

This is a Controlled Document

Inline with GitLab’s regulatory obligations, changes to controlled documents must be approved or merged by a code owner. All contributions are welcome and encouraged.

GitLab Onboarding

The GitLab IT team is here to help you through any onboarding struggles you might be dealing with. We have a weekly IT Onboarding Q&A for GitLab new hires to join and discuss any technical issues or concerns they are having during onboarding. Please also refer to The guide to remote onboarding for additional onboarding guidance.

At GitLab, we use centralized laptop management for company-issued laptops. If you are in possession of a company-issued laptop, the details below apply to you. However, not all endpoint management technologies GitLab deploys will be required for Apple, Linux, and Windows laptops. Some technologies may be specific to the hardware platform or operating system.

Role Responsibility
GitLab Team Members Responsible for following the requirements in this procedure
Business Technology Responsible for implementing and executing this procedure
Business Technology Management (Code Owners) Responsible for approving significant changes and exceptions to this procedure

Laptops

Laptop Ordering Process

The laptop ordering process starts as soon as an offer is accepted by a candidate and the initial Welcome email is sent by the Candidate Experience Specialist.
This email will include a link to the Notebook Order Form where the new team member will state their intent for obtaining or ordering hardware.

Team members that live in these countries can be serviced via the IT Laptop Ordering Process:

USA, Canada, Japan, Mexico, all of the EU, Thailand, China, India (Apple only), Philippines, Australia, New Zealand, and the UK.

Please note that we are adding supported countries to this list as we discover our ability to order in them.
You can test this by going to order a MacBook Pro (or Dell) from the regional Apple store, and seeing if they let you customize a build or alternately refer you to local retailers.
If the latter, see below.

If your country is not listed above or for any general laptop procurement questions please contact IT-Help@gitlab.com or your Candidate Experience Specialist to discuss alternate options.
If the team member desires financial assistance to purchase the hardware, the Company will advance the funds to help facilitate the purchase (see Exception Processes below).

Laptop Purchasing and Shipping Process

Once Team Member Enablement receives your laptop order we start working on purchasing your laptop and any additional equipment requested. We leverage business relationships with several different vendors across the globe to accomplish this remotely. Please note delivery times will vary depending on location, supply of hardware, vendor selection, and shipping method.

However, we may be able to work out priority or overnight delivery. We will not be able to service this for all cases and regions at this time but please feel free to reach out to IT-Help@gitlab.com or talk with your hiring manager to review all options available.

If you are a hiring manager or member of the hiring/recruiting team, you may check the status and content of a new hires order in the IT Equipment Order Process Project

Estimated Delivery Timelines for Gitlab Hardware

US New Hires – 4-6 weeks (Apple M1 Max Model) and 4-6 weeks (Dell)
Non-US New Hires – 2-3 weeks (Apple) and 6-9 weeks (Dell)

Key Performance Indicators

KPI 99% of laptops will arrive prior to start date or 21 days from the date of order.

Exception Processes

If you are in a region where we are not able to have a laptop delivered, and you need to request funds be advanced in order for a local purchase to take place;
Obtain two quotes from local retailers (online or physical).

Email your manager with those quotes attached, requesting the funds advance and detailing the reason why (geo region, unable to have laptop delivered).
Your manager will then forward their approval to Accounting for final approval and dispensation.

Should a laptop not be available to a new GitLab team-member upon their start date, but is pending, interim options include:

- Using personal non-Windows hardware (Mac, Linux, Mobile)
- Renting and expensing non-Windows hardware
- Purchasing and expensing (or returning) a Chromebook

If in the rare case that your laptop arrives damaged or unusable prior to your start date, please reach out to your Candidate Experience Specialist and CC itops@gitlab.com for next steps on an immediate replacement or repair.

Laptop Configurations

GitLab approves the use of Linux, and Apple’s macOS. Microsoft Windows is prohibited for the following reasons:

  • Due to Microsoft Windows’ dominance in desktop operating systems, Windows is the platform most targetted by spyware, viruses, and ransomware.
  • macOS is preinstalled on Apple computers and Linux is available free of charge. To approve the use of Windows, GitLab would have to purchase Windows Professional licenses, as Windows Home Edition does not satisfy GitLab’s security guidelines.

    As many purchases of laptops have occurred with employees making the purchases and then being reimbursed by GitLab, a remote employee would typically be making a purchase of a laptop pre-loaded with Windows Home Edition.

  • Windows Home Edition is notoriously hard to secure.

Further information on GitLab authorized operating systems, versions, and exception process is available on the Approved OSs page.

The operating system choices have obviously affected the hardware selection process.

Apple hardware is the common choice among GitLab team members. Team members may also select a Dell Linux laptop if they are familiar with Linux and capable of self-support.

NOTE: GitLab’s IT Ops team uses a corporate discount for our corporate-purchased Apple products only. Apple does not have an employee discount program for GitLab at this time.

Apple Hardware
  • Macbook Pro 14″ and 16″ – M1 Max / 10-Core CPU / 24-core GPU / 32GB Unified memory / 512GB or 1TB storage. Performance model
  • MacBook Pro 16” – Intel i7 or i9 / 512 SSD / 32 RAM – Legacy performance model – Limited supply; we may offer this model depending on availability the new M1 Max model.
  • Macbook Pro – 13″ / M1 / 16Gb / 512GB – Standard model

Most roles that require higher performance machines are approved for a 14″ or 16″ MacBook Pro M1 Max. Please see this spreadsheet (public) to locate your department group and determine which machine you are eligible for.

Linux Hardware

IT strongly encourages team members to select Macs; please only request a Linux laptop if you are experienced in Linux and capable of self-support.

  • Engineers, Support Engineers, Data Analysts, Technical Marketing Managers, Product Designers, UX Managers, Product Managers, Technical Writers, and Digital Production are elibible for Dell Precision Mobile Workstation laptops from the 5500 or 5700 lines. Due to supply constraints, specific models available from these lines my vary. IT will work with each person to find an available model meeting the following specifications: 15.6” display / 512 GB SSD / 32 GB of RAM / Intel i9 or i7 CPU.
  • Everyone else is eligible for laptops from the Dell Latitude 7300 line. Due to supply constraints, specific models available from these lines my vary. IT will work with each person to find an available model meeting the following specifications: 13.3” display / 256 GB SSD / 16 GB of RAM / Intel Quad-Core i5 CPU

NOTE: The maximum price of Linux laptops is not to exceed the price of the equivalent 16” MacBook pro laptop. Please make sure you order this model a minimum of 14 days, based on your locality, prior to your desired date to receive.

Our only approved Linux laptop vendor at this time is Dell. These laptops generally come pre-loaded with Ubuntu Linux in order to save money on unused Windows licenses. Dell do not currenty sell laptops pre-installed with Linux in Australia and New Zealand; staff will need to install Linux themselves.

Dell is GitLab’s exclusive Linux vendor for the following reasons:

  • Dell has the longest history of shipping laptops with Linux pre-installed among major manufacturers.
  • Dell is able to ship laptops to all countries in which GitLab employees live.
  • As we move forward with Zero Trust networking solutions, we need to have a stable and unified platform for deployment of software components in the GitLab environment.
    Standardization on a single platform for Linux simplifies this.
  • The current Ubuntu LTS is the preferred Linux platform; Ubuntu LTS has a record of stability and quick patching.
  • Purchasing laptops from a single vendor opens the possibility of corporate discounts.
  • Dell is a certified Ubuntu vendor with multiple laptop choices available. They even have their own Ubuntu OEM release of Ubuntu they maintain, and as a result of their effort, the standard Ubuntu 18.04 LTS image natively supports Dell hardware and even firmware updates.
  • To date, all of Dell’s major security issues have resulted from the Windows operating system, not their hardware.

Laptops are purchased by IT Ops during a team member’s onboarding process; the team-member will be sent a form to fill out for ordering.

Laptop Vendor Selection Criteria

When recommending or approving end user device vendors for team member access, the Security Team tries to balance privacy, security, and compliance to ensure a solid choice for accessing GitLab data.
Our current recommendations include Apple MacBook Pro running macOS and Dell Precision running Linux.

By its very nature, GitLab has historically been very open as a company, starting as open source and migrating from a group of coders with their own laptops to an organization that needs to protect not just their own corporate data but customer data as well.
Having developed a Data Classification Policy and currently implementing Zero Trust, we’ve had to make adjustments in laptop recommendations.
Our laptop vendor selection criteria is as follows:

Team member need

The main needs center around processing power and the operating system support for required workloads.
Most modern systems meet the processing power needs of our team members.
Apple macOS and Dell Linux distributions meet the operating system needs.

Security needs

GitLab needs the ability to ensure a secure and stable platform.
From an operating system perspective, macOS and Linux meet the basic needs.
The Security team has found a slight advantage in Ubuntu as a Linux distribution due to their rapid response time when it comes to patching security flaws, and recommend this distribution.
This is not at the exclusion of all other distributions, but this is the one we recommend.

In the case of Microsoft Windows, as we previously stated there are a number of reasons to restrict access from a security perspective.
Historically, the operating system has had its share of security flaws and is a frequent target of various forms of malware.
In fact Windows is responsible for the major share of all malware, including such items as ransomware.

From a hardware point of view, we have to examine security issues such as supply chain attacks.
Some vendors have had these issues involving the operating system, although in many cases it has been directly related to Microsoft Windows.
However, if a vendor has had potential supply chain issues involving firmware or hardware, we will consider other vendors first.

Compliance needs

To meet compliance needs for the various certifications, programs, and industry regulations, we have to meet criteria including the ability to restrict access to sensitive data to company-issued laptops running company-monitored software.
In many cases we need to be able to prove this via auditing, including outside auditors.
Using one vendor for macOS (Apple by default) and one for Linux (Dell by default).
A part of this process will include ensuring systems are patched, and in the Linux case we want to ensure firmware patches are applied.
Very few hardware vendors not only supply Linux as an operating system but also provide a way to apply patches – including security patches – to firmware via the normal Linux patch process.

There is no specific example for using one brand over another from a compliance perspective.
That being said, there are customers we wish to sell GitLab products that have specific requirements internally, and to align ourselves with those requirements can be not only a positive sign we understand the customer space, but give us a competitive advantage.
For example, since there is a strong push to sell to agencies within the US Government, we will already face restrictions such as support from only US-citizen GitLab team members while on US soil.
As these agencies also have access to classified (non-public) reports on such things as computer vendors, one only has to note which laptops are approved for purchase.
For that reason, we will restrict our vendor list to vendors that are currently approved by the various organizations issuing those certifications and programs we are trying to be compliant with.
This simplifies the ability to support those customers which may impose restrictions on team members working in support roles for that customer solely based upon the hardware they are using.
In other words, we eliminate this possibility of becoming a situation to be managed.

Logistics needs

To be able to use a laptop vendor, we have to be able to purchase and ship hardware to our team members regardless of where they live.
Therefore the vendor should be able to handle most if not all shipping requirements to all team members. Our current hardware provider for US and most international locations is CDW. GitLab laptops that are procured from CDW will come with GitLab branded asset labels by default. Please refer to this issue for more information on GitLab asset labels. GitLab Branded Laptop Labels

Laptop Refresh

Team member Laptops can be refreshed after 3 years (of use!) without question. However, if the replacement laptop is outside the standardized specifications listed here than manager approval will be required before IT can purchase the replacement laptop.
If you feel you need a new laptop to be effective at your job before then, reach out to IT and your manager.

Replacement laptops for broken GitLab laptops can be requested as needed by creating an issue in the Team member Enablement issue tracker project. Laptops ordered as part of the refresh program use this template.

This process can also be followed for laptops that are not broken but old enough that you are having trouble completing your work.
Please refer to the spirit of spending company money when deciding whether or not it is appropriate to replace your functioning laptop.
Everyone’s needs are different so it is hard to set a clear timeline of when computer upgrades are necessary for all team-members, but team-members become eligible for an updated laptop after 3 years.
If you qualify/complete a laptop refresh, please also refer to our Laptop Buy back Policy below.

Many team members can use their company issued laptop until it breaks.
If your productivity is suffering, you can request a new laptop.
The typical expected timeframe for this is about three years, but it can depend on your usage and specific laptop. Laptops paid for by the company are property of GitLab and need to be reported with serial numbers, make, model, screen size and processor to IT Ops by adding it to this form: GitLab laptop information for proper asset tracking.
Since these items are company property, you do not need to buy insurance for them unless it is company policy to do so (for example, at the moment we do not purchase Apple Care), but you do need to report any loss or damage to IT Ops as soon as it occurs.
Links in the list below are to sample items, other options can be considered.

Laptop Recycle

Laptops being returned to the company that are no longer fit for service will be recycled with our vendor AnythingIT. GitLab receives a monetary credit for each laptop recycled and this credit is applied to our purchasing balance through other vendors.

Laptops that are being returned that are still fit for service (less then 1 year old) will be warehoused with AnythingIT and repurposed as needed.

We no longer encourage Apple’s Trade-In program, any laptop being returned regardless of condition should be sent to Anything IT.

Laptop Donations

Donating hardware/laptops will help people in disadvantaged areas and/or from underrepresented groups with their ability to learn about technology. Therefore GitLab offers the possibility to donate hardware devices to vendors on a curated list after 3 years of use. This curated list has been a result of the Upstream Diversity Working Group.

The vendors on the list have been meeting the following criteria:

  1. Their focus group should be people in disadvantaged areas and/or underrepresented groups
  2. They should be non-profit
  3. Their values have to align with GitLab’s CREDIT values
  4. They should pass a “negative-press” check (first 2 pages of Google)

If you, as a GitLab team member, would like to add a vendor aligned with the cirteria, please comment in the Vendor sheet.

Logistics

If you decide to donate your laptop instead of the Trade-in program in terms of logistics you have the following options:

  • Drop off: If there’s a vendor close to your location and they are open to drop off you can drop off the device.
  • Sending: If the vendor offers to collect the device you can find that option in Column F of the sheet.
  • AnythingIT: (US only) AnythingIT offers the possibility to send a box and collect your device. They will donate it to the charity: www.RockOurVets.org

Steps for donating your hardware

  1. Create an issue for laptop replacement
  2. Indicate in the issue you want to donate your used laptop to a vendor on the curated list.
  3. Indicate in the issue which option of logistics will be used: Drop off, Sending via vendor or AnythingIT (US only).
  4. For security reasons we want to make sure all laptops are fully wiped before drop off or sending.
  5. When you receive your new laptop, complete the donation.

Laptop Repair

If your laptop is broken and needs to be repaired you can take it into an Apple repair store. You should ensure that you have a recent backup before doing so, and that your laptop is not your only registered device for iCloud two-factor authentication.

If the repair is not going to be too expensive (more than $1000 dollars USD), go ahead and repair and expense. If the repair is going to take longer than a day then you need to make sure you have a back up laptop to work on that is non-Windows.

You must open an issue in the Team Member Enablement Issue Tracker to document the repair and get your managers approval. Please make sure to attach/include any estimates or reciepts for the repair that you got from Apple (or any authorized service center) in the issue. Picture or PDF will work just fine.

Do not provide the repair center with any credentials to your laptop. If they ask, you can tell them that they’re authorized to do a factory reset on the laptop should it be necessary to run diagnostics. This will help prevent sensitive data from being accidentally or intentionally leaked during repair.

Once you receive your laptop back, re-install MacOS (instructions here) and restore your data from a recent backup. This is to ensure that no unauthorized software was added during the repair process. Make sure that your disk is encrypted and you’ve reinstalled JAMF for Mac or DriveStrike for Linux.

If, however, the repair is going to be expensive and take weeks to fix and you have no back up laptop, your best option is to replace the laptop.

In this case please open an issue to replace.
Then please follow the guidelines in the template and once you receive the new laptop we can have the old one sent off to our reseller.

Configuring New Laptops & Apple IDs

New laptops should be configured with security in mind.

We require the use of an @gitlab.com Apple ID that is separate from any personal Apple ID’s you may have.
Some of these reasons include:

  • Backups, keychains and documents are all considered sensitive information, and should not be stored in personal services.
  • 2FA for remote lock, wipe, or account resets are common methods of account compromises, and ensuring the use of GitLab.com email addresses also ensures we are in control of that aspect of multi-factor authentication.
  • Keeping a strong separation between work and personal accounts will help prevent the accidental leak of information from one to the other, in either direction.

Defense in depth, in part, means you make a best effort to be secure at each layer. To read through more instructions, please refer to security best practices when configuring your new laptop.

All team-members must provide proof of whole-disk encryption within the new laptop order issue.

Certain circumstances (world region and availability of hardware) might require the self installation of Linux on a Dell that was shipped with OEM Windows.
Please make sure you follow any needed requirements when self installing and open an issue with IT-Ops for verification.

For laptops shipped with OEM Windows you may want to make a full drive backup (e.g. by using open source utility Clonezilla) to the external drive before installing Linux.
That way you could restore your laptop to the original state at any time.
It will make the RMA process much easier in case you need it.

Laptop Buy back Policy

Team members can choose to refresh their laptop, no questions asked, after 3 years of use (not necessarily 3 years of employment if a used laptop was issued at the time of onboarding).

Team members have the option to buy back their existing laptops either when it gets refreshed for a new one, or when the team member is offboarding.
If the team member has completed 1 calendar year or more at GitLab at the time of offboarding, they can opt to keep their laptop at no cost.
If the team member hasn’t completed 1 calendar year at the time of offboarding or has received a laptop refresh within the past year, they have the option to purchase their laptop for current market value from GitLab.

IT Ops will email the team member asking if they would like to send back or purchase their laptops.
If purchasing, our Manager of IT, or Lead, IT Analyst will approve, and we will send the employee an email with the determined value.
Then, if the employee decides to move forward with purchasing, our accounting department will reach out with payment information.

If a team member decides to retain their laptop, they are required to wipe the machine and re-install the base operating system, and remove any and all software and configurations that were supplied by GitLab.
GitLab provided laptops must be wiped with Jamf for Macs, and Drivestrike for Linux, this ensures a clean disk wipe is performed and GitLab can retain evidence of the disk wipe. Under no circumstance should you perform your own disk wipe unless you are doing so to troubleshoot a technical problem with the laptop.
If GitLab discovers that a device has not been wiped according to policy, GitLab may act to enforce a remote wipe without notice.

If team members opt not to keep or purchase their existing laptops, they can return them to GitLab.
See the returning old/offboarded laptops section below for details.

Returning Old/Offboarded Laptops

Part of the IT Ops replacement laptop process is providing each team-member with instructions about how to return their old laptop (whether outdated or broken).
All laptops must be returned within 2 weeks of receiving the replacement laptop, so please prioritize transferring information between laptops within this timeframe.

If an offboarded employee decides not to purchase and is not under a current litigation hold, then we will have them ship to our 3rd party vendor that handles sell backs, AnythingIT.
AnythingIT will send them a shipping label, and in the US, a shipping box as well. Please note shipping times may vary, expect between 2-4 weeks for AnythingIT to provide shipping information and packaging

(If the IT department has record of a current litigation hold for the offboarded employee please consult with Legal before proceeding.)

All team-member laptops must be securely erased before being returned.
This not only protects the company, but also protects you since it is possible for personal information to exist on these machines.
Reformatting a computer is not sufficient in these cases because it is possible for sensitive data to be recovered after reinstalling an operating system.

Gitlab Asset Management

Snipe-IT

The Team Member Enablement Team has been busy iterating and setting up Snipe-IT open source asset management. As of April 2021, GitLab has an asset tracking application that is the source of truth for all GitLab hardware! If you are a member of GitLab you can sign in and view the application at https://snipeit.gitlab.net/ (Use your Okta credentials).

How does it work exactly?

I’m glad you asked! We installed and configured the application in a GCP virtual machine, we set up an integration with Jamf and our Okta LDAP directory to automatically sync users and laptop information from Jamf. Linux machines will be imported manually through the apps web interface.
If you would like a more detailed view of what has been completed and what will come in the future, please check out the master issue for Snipe-IT.

Other Resources

Okta

In an effort to secure access to systems, GitLab is utilizing Okta.
The key goals are:

  • We can use Okta to enable Zero-Trust based authentication controls upon our assets, so that we can allow authorized connections to key assets with a greater degree of certainty.
  • We can better manage the login process to the 80+ and growing cloud applications that we use within our tech stack.
  • We can better manage the Provisioning and De-provisioning process for our users to access these application, by use of automation and integration into our HRIS system.
  • We can make Trust and Risk based decisions on authentication requirements to key assets, and adapt these to ensure a consistent user experience.

To read more about Okta, please visit the Okta page of the handbook.

Full Disk Encryption

To provide proof of Full Disk Encryption, please do the following depending on the system you are running.

  • Apple : Take a screenshot showing both the confirmation of enabled Full Disk Encryption as well as the info showing your serial number.
    Both pieces of information can be found by clicking on the Apple icon in the top left corner of your screen.
    For proof of disk encryption, choose System Preferences -> Security & Privacy, and then choose the FileVault tab near the top of the window.
    For your serial number, choose the About This Mac option.
    Please get both pieces of information in a single screenshot.
  • Linux : Take a screenshot showing the output of sudo dmsetup ls && sudo dmidecode -s system-serial-number && cat /etc/fstab

Fleet Intelligence & Remote Lock/Wipe

GitLab has a large and ever-growing fleet of laptops, which IT Operations is responsible for maintaining.
In order to do this and combined with our Zero Trust security policies and various Compliance needs, there must be some measure of intelligence and reporting in place.
To accomplish this goal we are utilizing JAMF for MAC devices to obtain only the essential information required. For Linux machines we will be utilizing DriveStrike as a light-touch mechanism.

For more information regarding JAMF, refer to our Endpoint Management handbook page.

DriveStrike

DriveStrike is available for Linux operating systems, and also meets security needs for remote lock or wipe in emergencies.

DriveStrike installs for GitLab will NOT have the ability to execute remote commands.
DriveStrike installs for GitLab WILL have the ability to remotely lock or wipe hardware, for use in emergency or offboarding situations.
DriveStrike may be installed on non-GitLab hardware, opting-in to the same data collection and security.
DriveStrike collects the following information for GitLab:

  • Usernames & Accounts present on the machine
  • Machine Name, Make, Model, MAC, Serial #
  • Hardware Specifications (CPU, RAM, HDD + % Used)
  • Firewall status
  • OS Version & Patch/Update status
  • Disk encryption status
  • Battery Health
  • All nearby WiFi networks, including SSID, signal strength, channel, and MAC address

This light-touch reporting allows us to meet business and compliance needs, while maintaining the privacy of the GitLab team member. This will remain a top consideration throughout the process.

Drivestrike Installation Process

If you are retaining your laptop/receiving a new laptop upgrade we will need to wipe your old laptop. The team member enablement team will email you a link with Drivestrike to install on the laptop that needs attention. To install follow the below workflow : –

  1. Open the email on the device you want protected.
  2. Click the link provided in the email to install
  3. Use your @gitlab.com if installing DriveStrike prompts you for an email address.

Slack Emoji Workflow

In an effort to improve efficiency and promote self service while using Slack. Our team has created an Emoji workflow in Slack that will send automated messages based on a specific emojis reaction.

The idea is that if a user posts a question in the IT-Help slack channel, an IT technician or anyone in GitLab can react with an emoji and send a message that has helpful information.

All workflows will contain a button that a user can press to request help from a human. This is to show that we are not trying to degrade the employee experience.

How does it work?

The process is very simple:

  1. Wait for a help request to come into the IT-Help Slack channel
  2. Once a request (slack message) comes in, hover your mouse over it and press the Add reaction button.
  3. Search for the appropriate emoji that correlates to the workflows shown at the table below.
  4. Click the emoji. This will now add the emoji to the message and activate the workflow messages created (shown below)

Below is a table with the current workflows setup:

Process App/Subject Emoji Message
GitLab 2FA Assistance GitLab,dev, staging :gitlab_wizard: For 2FA related problems for your GitLab account, please use your back up codes. If you saved these codes, you can use one of them to sign in.

To use a recovery code, enter your username/email and password on the GitLab sign-in page. When prompted for a two-factor code, enter the recovery code.

Once you use a recovery code, you cannot re-use it. You can still use the other recovery codes you saved.

For more information please visit this page.
Okta 2FA Assistance Okta :okta: Hi {user]

Did you set up a YubiKey or Google Authenticator as another form of MFA? Use that to access your settings page to re-set your Okta Verify application.

If this was not helpful, an IT technician will reach out for assistance!
Access Request GitLab :access-request: Hello {user]

This request will require you to submit an access request here. Please use the appropriate template (If no such template exists use the closest one and customize it)

After this request is submitted our team will action it as soon as possible.
Laptop Repairs Laptops :laptop-repair: Hi {User}

In the event that your laptop is broken or damaged we will attempt to repair the machine. Can you please provide your serial number? This will allow us to check the machines warranty

Replacement laptops for broken GitLab laptops can be purchased as needed by creating an issue in the Team member Enablement issue tracker project.
Laptop Troubleshooting Laptops :laptop: Hi user. We are sorry to hear that your laptop has started to run slow or you are experiencing freezing in apps. Follow this guide and if you’re still having trouble, let us know! We’ll be monitoring this thread.

Laptop Upgrade Laptops :new-laptop: Hello {user}

Team member Laptops can be refreshed after 3 years (of use!) without question. However, if the replacement laptop is outside the standardized specifications listed here than manager approval will be required before IT can purchase the replacement laptop.

If you feel you need a new laptop to be effective at your job before then, reach out to IT and your manager.

Please submit an upgrade issue here.

Google Workspace Deprovisioning

IT Ops has an automated workflow that triggers upon a notification from PeopleOps of a team-member offboarding. This automated workflow is composed of 2 parts that are outlined below. The first part happens within 1 hour of the offboarding. The second part occurs after 90 days of the offboarding. This workflow will send out notifications throughout this 90 day period to let the Former Team member’s manager know that the final deadline is approaching.

These are the steps that follow immediately upon termination of a team-member

  • The former team-member (FTM) is removed from all Google groups
  • The FTM’s manager is setup as a delegate to their Gmail and Google Calendar
  • The FTM’s manager gains editor privileges to all “My Drive” Google Drive Files
  • The FTM’s account is moved to the Former Team Members OU
  • Remove the FTM account from the Global Address List
  • All of the account’s sign in cookies/sessions are cleared and the account password is reset to a random 64 character password
  • The account’s recovery email is set to null
  • The account’s recovery phone number is set to null
  • The FTM’s auto-response email message is setup.

These are the steps that follow after the Former Team Member has been gone for 90 days

  • All of the former team-member (FTM) aliases are removed
  • Archive of all Google Drive files in the users My Drive that are marked as owner
  • These are saved in the Offboarded Users Drive Archive
  • Each user has their own folder in the following format
  • _google_drive
  • The FTM’s account is suspended
  • The FTM’s account will be moved to NoGSuiteLicense OU
  • The Google Workspace License is removed from the account

The following notifications will be sent out to the FTM’s manager and IT over Slack.

Immediate Slack notification:

Hello , you are receiving this notification to let you know that one of your direct reports has been deprovisioned from GitLab’s Google Workspace. In keeping with our standard offboarding policy you will receive a copy of this user’s Google Drive data as well as delegated access to their email and calendar account. This delegate access will remain available to you for 90 days after which the account will be closed, and all data will be archived. Please be sure to copy anything you wish to keep to your own account before this time. For more information about how to access this data please see information in this Handbook page (provide link).

You will receive another notification 30 days before and then a final notification at 1 week before this account is closed. If you have any questions about this process, or need assistance with access the data, please feel free to reach out to the Corp IT team in the #it_help Slack channel.

30 Days Slack notification

Hello , you are receiving this notification to let you know that one of your direct reports was deprovisioned from GitLab’s Google Workspace 60 days ago. In keeping with our standard offboarding policy you will continue to have delegated access to their email and calendar account for another 30 days after which the account will be closed, and all data will be archived. Please be sure to copy anything you wish to keep to your own account before this time. For more information about how to access this data please see information in this Handbook page (provide link).

You will receive another notification at 1 week before this account is closed. If you have any questions about this process, or need assistance with access the data, please feel free to reach out to the Corp IT team in the #it_help Slack channel.

7 Days Slack notification

Hello , you are receiving this notification to let you know that one of your direct reports was deprovisioned from GitLab’s Google Workspace 83 days ago. In keeping with our standard offboarding policy you will continue to have delegated access to their email and calendar account for another 7 days after which the account will be closed, and all data will be archived. Please be sure to copy anything you wish to keep to your own account before this time. For more information about how to access this data please see information in this Handbook page (provide link).

This is the final notification. If you have any questions about this process, or need assistance with access the data, please feel free to reach out to the Corp IT team in the #it_help Slack channel.

Final Slack notification

The Gitlab Google Workspace account for has been archived after 90 days as per our standard offboarding policy.

Exceptions to this procedure will be tracked as per the Information Security Policy Exception Management Process.