Thursday, August 29, 2013

Steps for deprovisioning user accounts

Every organization has turn-over at some point. As a Google Apps Admin, it’s important to understand best practices for deprovisioning Google Apps user accounts. As easy as it is to click on that delete button hold off and follow the below steps when an employee departs.

If you need to deprovision many users at once and/or prefer to follow a step by step process consider adding FlashPanel from the Google Apps Marketplace

1. Change the user password:
By changing the password immediately, it ensures that company information remains internal. It also allows time for the Admin to get back into the account to transfer any necessary data.

2. Set Out-Of-Office notice:
Go into the user account using the new password and set the out-of-office notice to notify others of personnel change.

3. Determine valuable information: Make a quick list of the information that may need to be transferred. Some examples may include:
  • Emails
  • Shared Calendar/Project Calendars
  • Documents owned by that users
  • Groups that the user is an Owner of
  • Sites that the user is an Owner of

4. Add forwarding address OR delegate the email account:

Add Forwarding address: Use this option if you need a current team member to monitor the incoming emails of the old employee. In the old employee’s user account, go to the gear, then select ‘Settings’. Once in Settings, select the ‘Forwarding and POP/IMAP’ tab. 


Delegate the email account:
Use this option if you need a current team member to access both new and previous emails in the old employee’s account. This would allow the current team member to check the mailbox occasionally and have access to emails and labels. In Settings, go to ‘Accounts and Import’ and locate 'Grant access to your account'. Then select ‘Add another account’.

Note: The delegate of the old employee’s account will NOT be able to:

  • Change account settings
  • Use chat
  • Use Task lists
  • Use Gmail Labs
  • Change Themes
  • Use Offline Gmail

5. Transfer Document Ownership: If you delete a user account WITHOUT transferring document ownership of the documents, the docs will be deleted from the domain. In the Control Panel, go to Settings → Drive and Docs → Tools and set up the document transfer.

6. Share important calendar or project calendars:
In the old employee’s calendar, be sure the share important caledars with other individuals so the calendar is not deleted. Grant the highest permission (Make Changes AND Manage Sharing) to an existing employee. Click on calendar name on the left to ‘Share this calendar’

7. Transfer Google Groups: If the old employee is an Owner or Manager of a Google Group, you must reassign that Group to another individual. The group will disappear if the Owner is deleted before it is reassigned.

8. Transfer site ownership: If the departed employee is an owner of a site, you should assign new ownership of the site to another individual. Go to the site, click on Share, enter new person or select someone already listed. Click on drop down menu and select "Is owner"

9. Delete the user!
In the ‘Organization & userstab, select the check-box next to the user you wish to delete. Then select More actions’ and choose Delete users’. This will delete the selected users. Be sure you have the correct user selected to be deleted.

10. Add the deleted user as a nickname to an existing user account:
Use this tip to ensure that when a customer or client emails the old employee, the email won’t go unnoticed. Organization & users 
→Select username → Select ‘add a nickname’.
Note: You can recover a deleted user, within 5 days of deletion.

To Restore a Deleted User

To restore a deleted user, Go to the Admin Console then 'Organization & users'  List  Select 'Recently deleted users'.

Understanding What Can Be Restored
  • Users accounts can be restored up to 5 days after deletion.
  • Google can not guarantee full data recovery for the deleted account.
  • Restoring the account in a timely manner will restore more or all of the user's data such as email and calendar events.
  • If you do not see the user listed under 'Recently deleted users', the user account has been permanently deleted. 
With the above steps you can feel confident that  you have taken the necessary steps to ensure data is securely transferred before you delete a user.