A generation or so ago, it was typical for employees to work for the same company for 20 or more years. Now it’s common for someone to have worked for several different companies by the time they hit 30. All this job switching results in a lot of employee onboarding and offboarding for Google Apps administrators.
Google Apps admins are heavily involved in user lifecycle management and should ensure they have their processes nailed down for properly deleting a Google Apps user from the company domain. Below are 5 important things all admins should consider before deleting a Google Apps user.
1. Don’t Go About Deleting Willy Nilly
When it comes to deleting a user from your Google Apps domain, your instinct will be to purge the account as soon as possible. The longer an unwanted account stays around, the longer your organization pays an unnecessary license fee, and the longer the account presents a potential security risk.
However, hastily deleting a Google Apps user account can be equally as dangerous. Once an account is deleted, the data in that account cannot be retrieved by Google — ever. That means any vital business data — including information you may be legally required to retain for years to come — is gone forever. Moreover, if the deleted account also was the primary user for certain Google services like Google Analytics or AdWords, your company may lose access to all data in those applications as well. Professional Google Apps domain administrators must balance the expediency of deleting a user account with the obligation to retain data and prevent interruption to key business operations.
2. Identify the User
The first step in deleting a Google Apps user is to confirm the identity of the user. It seems obvious, but in large organizations (or even smaller family-run companies), there is a statistically significant likelihood that two users will have very similar names and usernames. (There are over 2.8 million people with the surname Smith in the United States alone). Be very sure that the email@example.com account is the one you want to delete, not jssmith@ yourcompany.com.
3. Determine the Security Risk Level
Once you’ve confirmed the identity of the departing user, you must assess the security risk posed by that user’s Google Apps account. In the vast majority of cases, this risk is relatively low. So long as the user left the company in reasonably amicable fashion — and so long as the domain administrator was given timely (preferably simultaneous or advance) notice of that departure — you can take the time necessary to minimize the impact of the departure on your organization and your data.
If the departure was unplanned or less than amicable — as in, the employee was fired under protest and harbors ill will toward your organization — you may need to treat the account as a moderate security risk.
If the departed user was abusing company resources or using elements of the Google Apps domain to undertake criminal activities, this would represent a high security risk, and you would be best served to purge the user account as quickly as possible. Similarly, if an account was compromised by outside attackers to the degree that it is preferable to purge the account and give an employee an entirely new Google Apps identity, you would need to move with all due haste to erase the hacked account.
4. Change the User Password
By changing the user’s password, you prevent the departing employee from logging in again (to steal data, inflict damage or simply muddy up the deprovisioning process). Just be sure to retain the password for your records! You’ll need it to log in and perform many of the subsequent steps in the deprovisioning a user process.
5. Identify an Account “Executor”
Someone needs to take on the responsibility for dispersing all the vital organizational data hidden in the departing user’s account. This “Executor” of the departing user’s account will be responsible for the account until it is ultimately deleted.
There are obviously more steps to actually going about and deleting the user from your Google Apps domain but the five steps above make for a good starting point. There will be more steps if the user you’re deleting is a high risk in terms of security so always be aware of the potential security risk that the user poses to the company.
If interested in a handy guide that walks through a detailed checklist of all the steps an admin should take in order to safely and securely delete a user from Google Apps, check out Backupify’s eBook “How to Delete a Google Apps Account” – you’ll be glad you have it when Joe from accounting gives his notice.