IT Portal | KairosIT

→

👤

New User Setup

Onboard a new employee — M365 account, license, groups, SharePoint, and orientation workflow.

M365CIPPSharePoint

→

🚪

Exit User / Offboarding

Offboard departing staff — revoke access, shared mailbox, email forwarding, and device reset.

Access RevocationData Transfer

→

🔐

SharePoint & DL Permissions

Manage SharePoint sites, distribution lists, Teams channels, and shared mailboxes.

SharePointGroups

→

📅

OOO / Email Forwarding

Set auto-reply messages and email forwarding for leave or absences.

Auto-ReplyForwarding

How it works

1

Fill out the formComplete the request details

2

Ticket createdSent to KairosIT helpdesk

3

KairosIT actions itWithin SLA windows

4

ConfirmationYou're notified when done

⚠ These requests require 72 business hours of notice to complete setup within the requested time frame. If there are errors on this form, contact KairosIT at Support@KairosIT.com. Add missing details to the “Anything else we should know?” field at the end.

✓ New User Request Submitted

Ticket raised in the KairosIT helpdesk. What happens next:

CIPP account creation — email and license assigned

Automatic group rules applied; manual groups added per form

SharePoint permissions configured per SP group naming convention

ITGlue contact card updated with location and supervisor

Request Details

Requestor Name *

Your name — or the Manager / Group Leader we should contact for updates

Who does this new user report to? *

Start typing to search your tenant’s users

Make the direct report / manager the primary contact on this ticket CC me (the person submitting) on future communications

New Employee Details

First Name *

Last Name *

Middle Name / Initial

Best phone number for this user *

Used to facilitate setup or future requests

User Title *

Used for automatic group membership rules in Azure AD

Department

Employee Type *

🔄 Dynamic Groups — this user will automatically be added to:

Based on job title and department matching Azure AD dynamic membership rules.

Account & Dates

Work Email Address *

Auto-Generated Email Address

—

Auto-generated from name — override the prefix above if needed.

Personal Email

For welcome packet before work account is ready

New Employee First Day *

Starting Time

What time does the employee start on their first day?

Account Activation Date

If different from first day — skip if same as start date

IT Orientation Date & Time

Select date and time for New User Orientation with IT

Send TimeZest orientation scheduling link to new user (CC supervisor) Send encrypted welcome packet with credentials to manager and personal email Re-hire — convert shared mailbox back to regular user mailbox

Microsoft 365 Licensing

A Microsoft 365 subscription is needed to provide Office software to staff. This subscription is assigned to the individual employee and needs to be requested for any staff who require Microsoft Office Suite software.

Select Licenses *

Select one or more — all selected licenses will be assigned to the new user.

Loading licenses from your tenant…

Zoom Phone & Meetings

Does the end user need a Zoom Phone Extension? *

Groups & Access

Email Groups / Distribution Lists to Add

Loading groups from your tenant…

▼

Security groups and distribution lists. Dynamic groups are shown automatically above.

MFA Enrolment Required (recommended) Fully Remote — skip bizhub C250 address book

Hardware & Computer Setup

Does this user need a computer set up by KairosIT? *

Anything else we should know?

Fields marked * are required

⚠ Submit at least 5 business days before last day to allow time for data transfer and device collection.

🔒 Privileged / Admin accounts cannot be offboarded through this portal. Any account holding an Azure AD administrator role (Global Admin, Exchange Admin, User Admin, etc.) must be offboarded directly by KairosIT. If the exiting user is an admin, contact Support@KairosIT.com to arrange offboarding outside this portal.

✓ Always actioned automatically: License removed · All group memberships removed · Mailbox converted to shared mailbox

✓ Exit Request Submitted

Offboarding request received.

Exit Type

What type of exit is this? *

✓ Standard Offboarding

License removed · Groups removed · Mailbox converted to shared. Data retained per policy.

⚠ Hard Delete

Permanently delete account and all data. Irreversible. Requires written authorisation.

Employee Details

Exiting User *

Start typing to search your tenant’s users

Manager / Supervisor *

Last Day *

Offboarding Schedule

When should KairosIT execute the offboarding?

As soon as possible after last day Schedule a specific date & time

Completion Report

Send completion report to Support@KairosIT.com when offboarding is complete Also CC the manager on the completion report

The report lists every action taken (license removed, groups removed, mailbox converted, forwarding configured, device actions, etc.)

Additional Notes

Fields marked * are required

🔒 Privileged / Admin accounts cannot be actioned through this portal. Any account holding an Azure AD administrator role must be handled directly by KairosIT. Contact Support@KairosIT.com if the target user is an admin.

✓ Permissions Request Submitted

KairosIT will process within 4 business hours and confirm via email.

User

User *

The user to grant or remove access for

Action *

Resources

Site / Group / Mailbox *

Select one or more — groups are loaded from your tenant, SP sites use SP-[Site]-[Library] naming

Business Reason *

Effective Date

Leave blank to action immediately

Fields marked * are required

🔒 Privileged / Admin accounts cannot be actioned through this portal. Any account holding an Azure AD administrator role must be handled directly by KairosIT. Contact Support@KairosIT.com if the target user is an admin.

✓ Out of Office Submitted

KairosIT will configure within 2 business hours.

User & Dates

User *

Click to search tenant users

Start Date *

End Date *

Message

Use different messages for internal and external senders

Auto-Reply Message *

Sent to all senders

Email Forwarding

Set up email forwarding?

Yes — forward emails No — no forwarding needed

Fields marked * are required

✓ Software Request Submitted

KairosIT will review and action based on your priority.

⚠ This action is irreversible. Ensure data has been transferred before proceeding. KairosIT will confirm before executing.

🔒 Privileged / Admin accounts cannot be actioned through this portal. Any account holding an Azure AD administrator role must be handled directly by KairosIT. Contact Support@KairosIT.com if the target user is an admin.

✓ Device Action Submitted

KairosIT will confirm the action before executing.

Select Device

Loading Intune devices…

Action for: —

🔄

Autopilot Reset

Removes user data and apps, keeps device enrolled in Intune and Azure AD. Fastest way to repurpose for a new user.

✏️

Rename Device

Renames the device in Intune and Azure AD before reassignment. Use to update asset tag or naming convention.

Confirm Action Details

Selected Action

Reason *

Requested By

I confirm all required data has been transferred or backed up I am authorised to request this action for the selected device

ℹ Requires Azure AD Premium P1 or P2. Changes take effect within minutes. Group.ReadWrite.All permission required.

✓ Dynamic Group Created

Group created and audit ticket raised.

Group Details

Display Name *

Mail Nickname *

No spaces. Auto-generated from display name.

Description

Membership Rule

Attribute *

Operator

Value *

Logic (optional second condition)

2nd Attribute

2nd Value

Generated Membership Rule

Fill in the fields above…

Linked / Nested Groups (optional)

Groups to Nest This Into

Comma-separated group names. KairosIT will add this new group as a member of these existing groups.

Notes for KairosIT

Fields marked * are required

✓ Feature Request Submitted

Thank you! Your request has been logged and will be reviewed by the KairosIT team.

New User Setup

This portal creates a helpdesk ticket for KairosIT to onboard the new employee. Submit at least 72 business hours before the start date.

What KairosIT actions:

CIPP account creation · License assignment · Dynamic group membership · Manual group additions · SharePoint permissions · Zoom phone setup · MFA enforcement · bizhub address book · ITGlue contact card · TimeZest orientation scheduling · Encrypted welcome packet to manager

Exit User / Offboarding

Submit at least 5 business days before last day. KairosIT always actions: license removal, group removal, mailbox conversion to shared.

Optional actions you configure:

Email forwarding duration · OneDrive data transfer · Device autopilot reset · Out of office message

Dynamic Group Builder

Requires Azure AD Premium P1+. Build the membership rule using the visual builder — the portal generates the Azure AD membership rule syntax automatically. Groups update membership in near real-time as user attributes change.

Permissions & Groups

Use the format SP-[Site]-[Library] for SharePoint sites. For distribution lists and M365 groups, just enter the display name. KairosIT will process within 4 business hours.

Required Environment Variables (Vercel)

${[ ['AZURE_CLIENT_ID', 'App Registration client ID'], ['AZURE_CLIENT_SECRET', 'App Registration client secret'], ['AZURE_TENANT_ID', 'Azure AD tenant ID'], ['SESSION_SECRET', 'Random 32+ char secret for HMAC cookie signing'], ['SUPABASE_URL', 'Supabase project URL'], ['SUPABASE_SERVICE_KEY', 'Supabase service role key'], ['TICKET_EMAIL', 'Helpdesk email for ticket delivery'], ['SMTP_HOST', 'SMTP server hostname (e.g. mail.smtp2go.com)'], ['SMTP_PORT', 'SMTP port (587 for TLS)'], ['SMTP_USER', 'SMTP sender username'], ['SMTP_PASS', 'SMTP sender password'], ['SMTP_FROM', 'From address (e.g. KairosIT Portal )'], ['ALLOWED_IPS', 'Comma-separated IP allowlist (optional)'], ].map(([k,v]) => ``).join('')}

Variable	Description
${k}	${v}

⚠ After adding or changing env vars in Vercel, you must Redeploy — variables are baked at deploy time.

Azure App Registration

Redirect URI (type: Web): https://kit-customer-portal.vercel.app/api/auth?action=callback
Delegated permissions (admin consented): openid, profile, email, User.Read, offline_access, Directory.Read.All, Directory.ReadWrite.All, User.Read.All, User.ReadWrite.All, Group.ReadWrite.All, Sites.Read.All, DeviceManagementManagedDevices.Read.All, MailboxSettings.ReadWrite
Application permissions (admin consented) — required for automated offboarding:

User.ReadWrite.AllPassword reset + account disable Group.ReadWrite.AllRemove user from all groups — must be APPLICATION not just Delegated MailboxSettings.ReadWriteOOO auto-reply + mail rules + shared mailbox conversion UserAuthenticationMethod.ReadWrite.AllRemove MFA methods (Authenticator, phone, FIDO2, etc.) Exchange.ManageAsAppShared mailbox conversion fallback — add via Office 365 Exchange Online API

⚠ To add Exchange.ManageAsApp: Azure AD → App Registrations → your app → API permissions → Add permission → APIs my organisation uses → Office 365 Exchange Online → Application permissions → Exchange.ManageAsApp → Grant admin consent.
Also assign the Exchange Administrator role to the app's service principal: Azure AD → Roles and administrators → Exchange Administrator → Add assignments → search your app name.

Application permissions (cron): Mail.ReadWrite, MailboxSettings.ReadWrite, User.ReadWrite.All

Supabase Setup

CREATE TABLE IF NOT EXISTS portal_sessions (
  id           TEXT PRIMARY KEY,
  access_token TEXT NOT NULL,
  user_email   TEXT NOT NULL,
  user_name    TEXT,
  tenant_id    TEXT,
  org_name     TEXT,
  org_domain   TEXT,
  email_format TEXT DEFAULT 'firstname.lastname',
  expires_at   TIMESTAMPTZ NOT NULL,
  created_at   TIMESTAMPTZ DEFAULT NOW()
);

Connection Status

Click Check Connection to test

SMTP2Go Setup

1. Log in at app.smtp2go.com → Sending → SMTP Users → Add SMTP User

2. Set SMTP_HOST=mail.smtp2go.com, SMTP_PORT=587

3. Set SMTP_USER to the sender username (not your account email)

4. Set SMTP_PASS to the sender password

5. Redeploy on Vercel after setting env vars

Pending Actions

Loading…

ℹ Runs daily at 08:00 AEST.

Welcome

⚠ No Licenses Available

Welcome back

New User Setup

Exit User / Offboarding

SharePoint & DL Permissions

OOO / Email Forwarding

How it works

New User Setup

Request Details

New Employee Details

🔄 Dynamic Groups — this user will automatically be added to:

Account & Dates

Microsoft 365 Licensing

Zoom Phone & Meetings

Groups & Access

Hardware & Computer Setup

Anything else we should know?

Dry Run Preview — No changes have been made

Exit User / Offboarding

Exit Type

Employee Details

Mailbox & Account Actions

Email Forwarding

Out of Office Auto-Reply

Device / Workstation

Offboarding Schedule

Completion Report

Additional Notes

Permissions & Group Access

User

Resources

OOO / Email Forwarding

User & Dates

Message

Email Forwarding

Software Request

Software Details

Device Wipe / Reload

Select Device

Action for: —

Autopilot Reset

Rename Device

Confirm Action Details

Dynamic Group Builder

Group Details

Membership Rule

Linked / Nested Groups (optional)

Feature Requests

Request Details

Knowledge Base

New User Setup

Exit User / Offboarding

Dynamic Group Builder

Permissions & Groups

Admin Settings

Required Environment Variables (Vercel)

Azure App Registration

Supabase Setup

SMTP Settings

Connection Status

SMTP2Go Setup

Scheduled Actions

Pending Actions