Skip to content

5 Things a G Suite Admin Should Do When an Employee Leaves Your Company

3 minute read

lt purp security

A generation or so ago, it was typical for employees to work for the same company for 20 or more years. Now it’s common for someone to have worked for several different companies by the time they hit 30. All this job switching results in a lot of employee onboarding and offboarding for G Suite administrators.

G Suite admins are heavily involved in user lifecycle management and should ensure they have their processes nailed down for properly deleting a G Suite user from the company domain. Below are 5 important things all admins should consider before deleting a G Suite user.

1. Don’t Go About Deleting Willy Nilly

When it comes to deleting a user from your Google domain, your instinct will be to purge the account as soon as possible. The longer an unwanted account stays around, the longer your organization pays an unnecessary license fee, and the longer the account presents a potential security risk.

However, hastily deleting a G Suite user account can be equally as dangerous. Once an account is deleted, the data in that account cannot be retrieved by Google — ever. That means any vital business data — including information you may be legally required to retain for years to come — is gone forever. Moreover, if the deleted account also was the primary user for certain Google services like Google Analytics or AdWords, your company may lose access to all data in those applications as well. Professional G Suite domain administrators must balance the expediency of deleting a user account with the obligation to retain data and prevent interruption to key business operations.

2. Identify the User

The first step in deleting a G Suite user is to confirm the identity of the user. It seems obvious, but in large organizations (or even smaller family-run companies), there is a statistically significant likelihood that two users will have very similar names and usernames. (There are over 2.8 million people with the surname Smith in the United States alone). Be very sure that the jsmith@yourcompany.com account is the one you want to delete, not jssmith@ yourcompany.com.

3. Determine the Security Risk Level

Once you’ve confirmed the identity of the departing user, you must assess the security risk posed by that user’s G Suite account. In the vast majority of cases, this risk is relatively low. So long as the user left the company in reasonably amicable fashion — and so long as the domain administrator was given timely (preferably simultaneous or advance) notice of that departure — you can take the time necessary to minimize the impact of the departure on your organization and your data.

If the departure was unplanned or less than amicable — as in, the employee was fired under protest and harbors ill will toward your organization — you may need to treat the account as a moderate security risk.

If the departed user was abusing company resources or using elements of the G Suite domain to undertake criminal activities, this would represent a high security risk, and you would be best served to purge the user account as quickly as possible. Similarly, if an account was compromised by outside attackers to the degree that it is preferable to purge the account and give an employee an entirely new G Suite identity, you would need to move with all due haste to erase the hacked account.

4. Change the User Password

By changing the user’s password, you prevent the departing employee from logging in again (to steal data, inflict damage or simply muddy up the deprovisioning process). Just be sure to retain the password for your records! You’ll need it to log in and perform many of the subsequent steps in the deprovisioning a user process.

5. Identify an Account “Executor”

Someone needs to take on the responsibility for dispersing all the vital organizational data hidden in the departing user’s account. This “Executor” of the departing user’s account will be responsible for the account until it is ultimately deleted.

There are obviously more steps to actually going about and deleting the user from your G Suite domain but the five steps above make for a good starting point. There will be more steps if the user you’re deleting is a high risk in terms of security so always be aware of the potential security risk that the user poses to the company.

Sign up for our newsletter