Via Platform - Montra Technologies

The Real Cost of Manual IT Onboarding

Most companies know that manual IT onboarding is slow. Fewer have done the math on exactly how much it costs.

The direct labor cost of an IT administrator spending 4 to 8 hours per new hire creating accounts, ordering devices, and setting up access is visible and measurable. But it’s probably the smallest part of the real number. When you add up lost new-hire productivity, error remediation, helpdesk ticket volume, and the security exposure from accounts that don’t get configured correctly, the true cost of manual IT onboarding is often two to three times higher than the IT labor line alone.

This post walks through that math. We’ll cover each cost category, give you benchmarks to work with, and show you what a realistic automation ROI looks like for a growing company.

The Direct Cost: IT Labor per Hire

Let’s start with what’s easy to quantify.

A complete manual IT onboarding — account creation across all business applications, device ordering and configuration, identity provider setup, license assignment, and access verification — takes an experienced IT administrator 4 to 8 hours per new hire under normal conditions. In a hiring surge, when multiple onboardings are running simultaneously, the number often rises because task-switching and batching reduce efficiency.

Using a fully-loaded IT staff cost of $75 to $125 per hour (salary plus benefits, overhead, and tools), the math looks like this:

At 4 hours / $75/hr: $300 per hire
At 6 hours / $100/hr: $600 per hire
At 8 hours / $125/hr: $1,000 per hire

For a company hiring 50 people per year at the midpoint, that’s $30,000 in direct IT labor on new hire setup — before anything goes wrong.

The Indirect Cost: Lost New-Hire Productivity

This is where the number gets significantly larger, and where most companies have no estimate at all.

When a new employee cannot access the systems they need on Day 1, they are not productive. They sit in orientation. They shadow a colleague. They set up their desk. Some of them — especially technical hires who expected to hit the ground running — have a negative first impression that affects their engagement.

Research on new hire time-to-productivity consistently shows that incomplete system access on Day 1 delays full productivity by one to three days, depending on the role. For a knowledge worker earning $80,000 per year (roughly $385/day in compensation cost), a two-day delay in productivity costs the company approximately $770 per hire — not counting the cost of the colleague whose time was consumed helping them navigate their first week.

For a company hiring 50 people per year, that’s another $38,500 in productivity loss, on top of the IT labor cost.

The Error Cost: Fixing What Was Configured Wrong

Manual provisioning has an error rate. The wrong application template gets applied. The wrong security group gets assigned. A license for a required application doesn’t get added until someone asks for it two weeks in.

Each error creates a helpdesk ticket. Each ticket takes IT time to diagnose and resolve — typically 30 to 90 minutes per ticket. In studies of IT onboarding processes at mid-market companies, between 20 and 35 percent of new hires generate at least one access-related helpdesk ticket in their first two weeks, with an average of 1.4 tickets per affected hire.

For a company hiring 50 people per year with a 25% error rate and 1.4 average tickets at 60 minutes each:

50 hires × 25% error rate = 12.5 affected hires
12.5 × 1.4 tickets = 17.5 tickets
17.5 × 1 hour × $100/hr = $1,750 in remediation labor

That’s smaller in absolute terms, but it also doesn’t count the cost to the new hire themselves — the frustration, the time lost waiting for the fix, and the signal it sends about how the company operates.

The Security Cost: Accounts That Shouldn’t Exist

Here’s the cost category that is hardest to quantify and potentially most expensive.

Manual IT provisioning fails at the end of the employee lifecycle just as reliably as it does at the beginning. When someone leaves — whether voluntarily or through a reduction in force — deprovisioning their access requires the same manual steps as provisioning it. Under the pressure of an active transition, those steps frequently get missed or delayed.

The industry benchmark: orphaned accounts (active credentials belonging to departed employees) affect approximately 10 to 20 percent of SaaS application instances at companies without automated deprovisioning. For a company with 80 SaaS applications and 200 employees with 15% annual attrition, that’s potentially 30 departures per year with incomplete deprovisioning — and each orphaned account represents an active attack surface.

The cost of a security incident attributable to orphaned credentials varies widely, but the IBM Cost of a Data Breach report consistently puts the average breach cost for companies under 1,000 employees at $3M to $5M when fully loaded (investigation, remediation, regulatory, reputational). Even if the probability of an incident from orphaned accounts is low in any given year, the expected cost is not.

For compliance purposes, the cost is more concrete: HIPAA fines for access control violations range from $100 to $50,000 per violation, depending on the level of negligence. SOC 2 findings related to access provisioning and deprovisioning have derailed audits and client relationships.

The Full Picture: What Manual Onboarding Actually Costs

Pulling together the quantifiable costs for a company hiring 50 people per year:

Cost Category	Annual Estimate
Direct IT labor (6 hrs × $100 × 50 hires)	$30,000
Lost New-hire Productivity (2 days × $385 × 50 hires)	$38,500
Error Remediation (help desk tickets)	$1,750
Total Quantifiable Cost	$70,250

And that’s before any security incident — which, if it happens, would dwarf all of the above.

The Automation Math: What Changes and by How Much

Automated IT onboarding — triggered by your HRIS, executed by a connected IT platform — reduces each of these cost categories differently.

IT Labor: Automation handles account provisioning, license assignment, identity configuration, and device queuing automatically, with no IT administrator manually executing steps. IT review time drops to exceptions only. Typical labor reduction: 65 to 80 percent per hire.

New-hire productivity loss: When provisioning happens automatically at the moment of hire record creation, access is ready before the employee’s first day. Productivity loss from access delays drops to near zero. Devices ship on schedule because the order is placed automatically. Typical improvement: 80 to 90 percent reduction in Day 1 access issues.

Error Rate: Role-based access templates, enforced by a system rather than recalled by a person, eliminate the most common class of provisioning errors. Typical error rate reduction: 70 to 85 percent.

Deprovisioning: Automated deprovisioning, triggered by HRIS termination events, closes accounts immediately and consistently — not when someone remembers to do it. Orphaned account exposure drops to near zero for connected applications.

Applied to the same 50-hire company:

Cost Category	Manual	Automated	Savings
IT Labor	$30,000	$8,400	$21,600
New-hire Productivity Loss	$38,500	$5,775	$32,725
Error Remediation	$1,750	$350	$1,400
Total	$70,250	$14,525	$55,725

That’s a rough annual savings of $56,000 for a company hiring 50 people per year — before the security risk reduction is counted.

What Does Automation Cost?

Managed IT automation through a platform like Via is typically priced per user per month as part of a broader IT management agreement. For a 200-person company, full automation of identity and device lifecycle management — including HRIS integration, role-based provisioning, device management, and automated deprovisioning — is generally included within a managed IT services agreement in the range of $85 to $150 per user per month.

But the relevant comparison isn’t automation cost vs. zero — it’s automation cost vs. the labor, productivity loss, and risk that manual processes accumulate. For most growing companies, the math favors automation significantly.

Run Your Own Numbers

The inputs that matter most are: how many people you hire per year, your average IT staff cost, and your average new-hire compensation. Plug those into the calculator below to see what your current manual onboarding is likely costing — and what automation would change.

IT Onboarding ROI Calculator

Estimate what manual IT onboarding costs your company — and what automation saves.

Your inputs

New hires per year 50

IT staff fully-loaded hourly rate $125 / hr

IT hours per manual onboard 6 hrs

Average new hire annual salary $80,000

Results

Annual cost — manual

—

Estimated annual savings
—

Cost per hire — manual

—

Cost per hire — automated

—

Cost category	Manual	Automated	Savings
IT labor	—	—	—
Lost new-hire productivity	—	—	—
Error remediation	—	—	—
Total	—	—	—

Cost reduction with automation —

Estimates use industry benchmarks: 72% IT labor reduction, 85% new-hire productivity-loss reduction, and 80% error rate reduction with HRIS-connected automated onboarding. Security risk reduction from automated deprovisioning is not included. Actual results vary. Talk to Montra about your specific numbers →

The Bottom Line

Manual IT onboarding has a real cost that extends well beyond the IT administrator’s time. When you account for lost new-hire productivity, error remediation, and security exposure from incomplete deprovisioning, the number for a 50-person-per-year hiring company is typically in the range of $50,000 to $80,000 annually.

Automation doesn’t eliminate all of that — but it eliminates most of it, and it does so while also improving the experience for the new hire, reducing security risk, and freeing IT to focus on work that actually requires human judgment.

If you’d like to understand what automated onboarding would look like for your company specifically, we’re happy to walk you through it.

Montra Technologies is an Atlanta-based managed IT service provider and automation company. Our Via platform connects directly to your HRIS and identity provider to automate employee onboarding, offboarding, and access management — for mid-market companies managing real growth. Named to the Inc. 5000 two consecutive years and recognized by Channel Futures as an MSP 501 company.

Why IT Breaks During a Hiring Surge (And How to Fix It)

Growth is supposed to feel good. You’ve won the clients, you’ve gotten the budget approved, and you’re finally adding headcount. And then, just weeks into the hiring surge, one of your new hires sends you a Slack message: “Hey‚ I still can’t get into [the CRM / the ERP / the whatever].”

You check with IT. They’re aware. They’re working on it. There are a lot of new people right now.

This is one of the most predictable failure patterns in business technology, and it happens at companies of every size from 30-person startups adding their first team to 500-person firms opening a second office.The root cause is almost never the people in IT. It’s the way IT is structured. And once you understand what breaks IT and why, fixing it becomes a lot more straightforward to fix.

What Actually Breaks (and When)

IT doesn’t fail randomly during a hiring surge. It fails in specific, predictable ways and usually in the same sequence, at the same points in the onboarding process.

The Provisioning Backlog

Every new hire needs account access. Email. The core business applications. The VPN. The project management tool. The CRM. The communication platform. The industry-specific software. Depending on your stack, that’s anywhere from 8 to 80 separate accounts, each requiring a manual action by someone in IT.

When you’re hiring one or two people a month, this is manageable. When you’re onboarding a cohort of 10 or 15 at once, you’ve just created a 150-to-300-item manual task list that didn’t exist last week. Your IT team didn’t get bigger when your hiring plan did.

The result: provisioning gets batched. Not everything gets set up before day one. New hires spend their first day, and sometimes their first week, waiting for access.

The Role-Access Mismatch

Even when accounts get created on time, they often get created wrong. Manual provisioning relies on whoever is doing the setup knowing what a specific role actually needs access to. That knowledge lives in someone’s head or a spreadsheet, but not in a system.

The wrong template gets applied. The new marketing manager gets the same permissions as the last marketing coordinator. The new finance analyst gets access to systems she doesn’t need and misses one she does. These mismatches aren’t caught until someone asks why they can’t do something, or worse, until a security audit surfaces over-provisioned accounts six months later.

The Equipment Delay

Hardware has a lead time problem that software doesn’t. A laptop needs to be ordered, received, imaged with your security configuration, and shipped or handed of. This is typically a two-to-three-week process if everything goes right. When a hiring decision is made late, or the request doesn’t get submitted until an offer is accepted, the timeline doesn’t work.

New hires show up without a computer. They borrow a colleague’s device. IT scrambles to find something in inventory that may or may not have current software. The employee’s first impression of your company is that you didn’t care to be ready for them.

The Offboarding Residue

Hiring surges eventually end. Sometimes they reverse. And when someone leaves during or after a growth period, the same manual process that struggled to get them set up now has to undo everything. Accounts that don’t get deprovisioned promptly are a security liability, and in regulated industries, they’re a compliance liability.

A company that grew from 80 to 130 employees in 18 months and then had some attrition can easily have 10 to 15 orphaned accounts sitting in various SaaS applications: people who left six months ago but still have active credentials.

Why IT Teams Aren’t the Problem

Most IT administrators who are overwhelmed during a hiring surge are competent, hardworking people who are simply dealing with a process problem. Manual provisioning is slow not because the people doing it are slow, but because the process requires human attention for every step of every new hire.

When your IT team is managing 12 new hires at once plus normal helpdesk volume, triage is inevitable. Something doesn’t get done on time. That’s not a people failure. It’s a capacity model that doesn’t scale with growth.

The companies that handle hiring surges without IT breakdowns aren’t doing it with better IT people. They’re doing it with a different kind of process.

What a Fixed Version Looks Like

The companies that solve this problem consistently have one thing in common: IT provisioning is triggered by your HR system, not by a manual request.

Here’s what that means in practice.

When a new hire record is created in your HRIS (i.e., your system of record for people)‚ that event automatically kicks off a structured workflow in your IT platform. The role associated with that hire maps to a predefined access template: the exact set of applications, permissions, and security policies appropriate for that job function. Accounts get created. Licenses get assigned. Your identity provider gets updated. The device order gets queued.

By the time IT sees it, the routine work is already done. IT’s job becomes exception-handling: reviewing edge cases, approving access outside the template, handling requests that don’t fit the standard workflow. The 150-item manual task list becomes a short list of things that actually require human judgment.

For equipment, the same trigger creates a device order and kicks off the imaging and configuration workflow automatically the moment the hire record is created. Two to three weeks of lead time means you need two to three weeks of advance notice. When the system creates the order automatically at the point of hire, you have that notice. When a human has to remember to submit a form, you often don’t.

For offboarding, termination in the HRIS triggers the reverse: immediate deprovisioning across all connected applications, device return initiated, access logs closed. The accounts don’t linger because there’s no human step that can be delayed or forgotten.

The Numbers Are Hard to Ignore

The math on manual vs. automated IT onboarding is worth doing explicitly.

A typical manual onboarding process, which includes accounts creation, device ordering and configuration, access verification, new hire orientation on their setup‚ takes 4 to 8 hours of IT staff time per person. At a fully loaded IT staff rate of $100 to $150 per hour, that’s ~$750 per new hire, just in IT labor.

For a company hiring 60 people in a year, that’s ~$40,000 in IT labor on new hire setup alone. That’s before counting the helpdesk tickets generated by the mistakes, the productivity lost by employees who couldn’t work on day one, and the security exposure from access that wasn’t provisioned or deprovisioned correctly.

Automated onboarding, run through a platform connected to your HRIS, reduces IT labor per hire by 60 to 80 percent. The savings accumulate fast. More importantly, the errors‚ the mismatched access levels, the late equipment, and the orphaned accounts‚ largely disappear.

What to Look for in a Solution

Not all IT automation is the same. If you’re evaluating options, here’s what matters:

HRIS integration is non-negotiable. The trigger for IT provisioning must be a real-time event in your HR system, not a form someone fills out. If the two systems aren’t connected, the delay and manual handoff come back.
Role-based access templates need to be configurable. Your company has roles that don’t look like anyone else’s. The platform needs to let you define exactly what each role gets and enforce it consistently, every time.
The system needs to handle the full lifecycle, not just onboarding. Promotions change access needs. Transfers between departments do too. Offboarding has to be as automated as onboarding, or you’ve only solved half the problem.
Reporting and audit trails matter. In a regulated industry, you need to be able to demonstrate that access was granted correctly and revoked promptly. A system that acts but doesn’t log is a compliance problem waiting to happen.

How Montra Handles This

Montra built the Via platform specifically for companies experiencing this kind of growth. Via connects directly to your HRIS and identity provider to automate the full employee IT lifecycle from a single place.
When your HR team creates a new hire record, Via reads it, maps the role to your access templates, provisions accounts across your connected applications, queues the device order, and updates your identity policies automatically, before the first human in IT is even aware of the hire.

When someone leaves, Via initiates immediate deprovisioning, triggers the device return workflow, and closes out the access logs with a full audit trail. For Atlanta-area companies that are growing fast‚ hiring 20, 50, or 100 people a year‚ Via is the reason IT doesn’t become the bottleneck. The provisioning scales with your headcount because it’s automated. The 10th hire in a month takes the same amount of IT labor as the first: almost none.

If your company is heading into a growth phase and you’re already feeling the strain on your IT team, this is the right time to look at what automated onboarding actually looks like in practice. We’re happy to walk you through it.

Montra Technologies is an Atlanta-based managed service provider and IT automation company. We help mid-market companies manage workforce technology, device lifecycle, SaaS access, and security compliance through our Via platform‚ built for scale and powered by agentic AI. Named to the Inc. 5000 two consecutive years and recognized by Channel Futures as an MSP 501 company.

See how Via can handle onboarding automatically for you.

What Agentic AI Means for Your IT

If you’ve heard an IT company claim they use “agentic AI” and wondered what that actually means in practice ‚ you’re not alone. The phrase is everywhere right now, but most explanations stop at the buzzword and never get to what does it do, and why you should care.

The answer: agentic AI, applied to IT management, means your IT systems act instead of wait. Instead of a human IT administrator triggering every provisioning task, access change, or device assignment, an AI-powered system monitors your business systems, detects what needs to happen, and executes it automatically‚ without a delay, and without a mistake caused by someone copy-pasting the wrong name into a form.

This is a fundamental shift in how managed IT services work. And for growing companies in Atlanta and beyond, it’s the difference between IT that scales with your business and IT that becomes a bottleneck every time you hire, promote, or offboard someone.

What “Agentic” Means

Traditional software is reactive. You log in, you click a button, something happens. AI-assisted software is helpful but still human-initiated. It suggests the next step, but you still take it.

Agentic AI is different. An agentic system has a goal, monitors for conditions, makes decisions, and takes actions independently. In an IT context, that looks like this:

Your HR system records a new hire starting in two weeks. Your agentic IT platform reads that signal, determines what applications, devices, and access levels that role requires, cross-references your security policies, and begins provisioning everything automatically in the background, days before the employee walks in the door.

No IT ticket. No manual checklist. No back-and-forth between HR and IT. The system acted.

Why This Matters More Than You Think

Manual IT management has a hidden cost most companies don’t fully measure, and it shows up most clearly in the requests that seem simple but never are. Consider what happens when someone submits a help desk ticket asking for temporary access for an executive while she’s on vacation:

The ticket sits in the queue until an IT admin gets to it
The admin reads the request and tries to figure out what it actually means: which systems, which dates, what level of access — then emails back to clarify and waits
Once the details are sorted, the admin manually edits the conditional access policies in Entra ID or Active Directory, scoping permissions by hand
Nobody sets an end date — because that requires a separate reminder, a separate task, a separate manual step
The executive returns from vacation. The access is still open. It stays open for weeks.
A security audit flags the over-provisioned account. IT spends another hour cleaning it up. A compliance incident gets logged.

A single routine request, the kind that comes in a dozen times a week at a growing company, consumed 3 to 6 hours of IT staff time, introduced real execution risk, and still ended with an error.

Agentic AI handles the entire sequence differently. When the Via AI sees that same ticket, it parses the request in seconds: who needs access, to which systems, for which dates. It sends a plain-language summary back to the requestor asking for confirmation. Once approved, it creates a scoped, time-bounded conditional access policy that activates on the start date, and automatically revokes on the end date, with a full audit trail. The requestor gets a notification. The ticket closes. The IT team never touches it.

That’s 10 times faster. And unlike the manual version, there’s nothing left to forget.

Where Agentic AI Is Already Working in IT Management

The most impactful applications of agentic AI in IT management today aren’t theoretical. They’re running right now inside well-managed companies.

Identity Lifecycle Automation

When an employee is hired, promoted, transferred, or terminated, their digital identity needs to change. New access granted. Old access revoked. Group memberships updated. Security roles adjusted. Done manually, this is tedious, error-prone, and often delayed, which creates real security exposure. Done with agentic AI, every identity change triggers automatically from your HRIS, with no human in the loop required.

Device Lifecycle Management

From procurement to deployment to refresh to retirement, a managed device goes through dozens of touchpoints over its lifespan. Agentic systems track where every device is, flag devices approaching end-of-life, automate imaging and configuration before deployment, and initiate return-materials-authorization (RMA) workflows when something breaks ‚all without an administrator manually tracking spreadsheets.

SaaS Access Reconciliation

The average company uses 80+ SaaS applications. Keeping track of who has access to what‚ and making sure terminated employees lose that access immediately‚ is nearly impossible to do manually at scale. Agentic IT management reconciles your active employee roster against your SaaS application access lists continuously, surfacing orphaned accounts, over-provisioned users, and compliance gaps automatically.

Security and Compliance Monitoring

Agentic systems can monitor policy compliance across your device fleet and user accounts in real time, alerting on deviations before they become incidents. When a device falls out of patch compliance or a user’s MFA configuration lapses, the system flags it‚ or in many cases, remediates it without waiting for a quarterly audit.

The Difference Between AI-Assisted and AI-Powered IT

It’s worth drawing a clear line here, because not all IT vendors who use the word “AI” mean the same thing.

AI-assisted IT means a human IT administrator uses AI tools to work faster, maybe a chatbot that helps write runbooks, or a dashboard that uses machine learning to surface anomalies. The human is still in the loop for every action.

AI-enabled IT is agentic AI‚ which means the software itself is the actor. The platform monitors conditions, makes decisions within defined parameters, and executes actions. The human sets the rules, reviews exceptions, and is only called upon for high risk actions. The system handles everything that fits within those rules, which is the vast majority of day-to-day IT operations.

For most growing companies, the distinction matters enormously. If your MSP is using AI to help their team work slightly faster, you’re getting marginal improvements. If your IT platform is agentic ‚Äî acting on your behalf continuously ‚Äî you’re getting a fundamentally different level of service.

What This Means for Atlanta Businesses Specifically

Atlanta is consistently one of the fas growing cities in teh US for small businesses. The companies winning here are in FinTech, healthcare, management consulting, enterprise SaaS, and cyversecurity. Businesses in these sectors are adding headcount quickly, often expanding into new offices or geographies, and operating in environments with regulatory and compliance requirements.

That growth creates pressure on IT. More hires mean more provisioning. New offices mean new device deployments. Compliance requirements mean constant policy enforcement. And every one of those tasks, done manually, adds to the IT backlog.

Agentic AI-powered IT management is built for this environment. It doesn’t get slower as you grow. The automation scales linearly with your headcount. The 10th hire is as well-provisioned as the 100th hire. The 50th offboarding is as thorough as the first.

Montra is headquartered in Atlanta and built the Via platform specifically for companies operating in this kind of high-growth, compliance-aware environment. We’ve seen firsthand what happens when a 50-person company tries to manage IT the same way it did at 20 people ‚ and we’ve built the automation to prevent it.

What to Ask Your MSP About AI

If you’re evaluating a managed service provider and they claim to use AI, here are five questions worth asking:

Is the AI taking actions or just making suggestions? An agentic system acts. A reporting dashboard doesn’t.
What triggers an automated action? The answer should be a specific business event, like a new hire in the HRIS, a device check-in failure, or a SaaS license anomaly.
What’s the human review process? Good agentic IT has guardrails. That is things the system does automatically within policy, and things it flags for human review. Ask where the line is.
Can you show me the automation? Any MSP with real agentic AI can demo it running. If the answer is a slide deck or a video, keep moving.
How does it integrate with my HRIS and identity provider? Agentic IT needs to connect to the systems that contain your sources of truth: your HR system and your Identity Provider, and your device management platform.

The Bottom Line

“Agentic AI” is a real capability today. It’s not a dream as long as it’s implemented correctly. For IT management, it means moving from a world where IT administrators manually execute every routine task to one where AI executes the routine automatically and IT administrators focus on architecture, exceptions, and strategy.

For growing companies, it means IT that doesn’t become a bottleneck as you scale. For leadership, it means fewer surprise IT failures and more predictable operations. For security and compliance teams, it means continuous enforcement rather than periodic audits.

Montra is one of the first and only managed IT service providers that has deployed a genuinely agentic platform and deployed it for Atlanta-area companies managing real growth. If you want to see what that looks like in practice, we’re happy to show you.

Montra Technologies is an Atlanta-based managed service provider (MSP) and IT automation company. We help mid-market companies manage workforce technology, devices, SaaS access, and security compliance through our services and Via platform, which is powered by agentic AI and built for scale. Named to the Inc. 5000 two consecutive years and recognized by Channel Futures as an MSP 501 company.