When an employee leaves your organization, their G Suite account remains active until a G Suite administrator takes action. Email still arrives in their inbox, mobile devices still sync, and all of their Google Drive documents still display the former employee as the file “owner.”
A G Suite administrator needs to secure the account, save the former employee’s data, and transfer information to other accounts. Here’s a five-step process that has worked for several organizations.
1. Secure access
a. First, remove data from mobile devices connected to the account. Login with a G Suite administrator account to the G Suite admin console at https://admin.google.com, choose Users, select the user’s name, then choose Account. Near the end of the account section, you’ll see the mobile devices connected to the account. Choose either Wipe this account to remove the organization’s data from the device, or Wipe this device to remove all data from the device. Repeat this process for each connected device.
b. Second, change the user’s password. Make a note of the new password. You’ll need it later.
c. Choose Reset sign-in cookies to require the user to re-login all devices.
d. Next, return to the user’s main settings page, then scroll down a bit (you may need to choose Show more) to the Security section. Revoke all application specific passwords and all authorized access items listed. I also recommend you turn off two-step authentication at this point.
e. Then, login to the former employee’s account and remove any recovery phone or email addresses associated with the account. I typically open a new incognito browser window, then go to https://myaccount.google.com, and login as the user. Choose Your personal info from the home screen, then remove any personal, external email addresses and phone numbers associated with the account.
You will now have control of the former employee’s account, and will have blocked the former employee’s access to the account data.
2. Save data
Use Google Takeout to save all data linked to the account. Open a new incognito browser window, go to https://google.com/takeout, and login with the former employee’s account. Select the data you wish to export, then choose Next. To export all data, leave everything selected. However, if there is a large amount of data, you may want to increase the maximum exported file segment size. The default is 2GB, with options up to 50GB. Choose Create archive.
After the archive is created, Google will send an email to the former employee’s account. You can check the email, then follow the link to download the archive file(s). Store these files securely. In some organizations, these files are stored on archival quality storage and kept with the employee’s human resource records.
You now have a copy of data from the former employee’s G Suite account.
3. Transfer data
To transfer mail and files, login as a G Suite administrator.
With the G Suite data migration service, a super administrator can transfer email from one G Suite account to another. Login to the G Suite admin console (https://admin.google.com), choose Data Migration and select email. For the migration source, pick G Suite, then supply the super administrator login information. (If you have enabled two-step authentication for your super administrator account–which you should do!–you’ll need to generate an application specific password.) After that, you’ll choose your source and destination accounts for the migration process.
An administrator can transfer ownership of files, too. From the admin console, choose Apps > G Suite > Drive and Docs > Transfer ownership. Then fill in the source and destination account owner information. (Another way to transfer files is to move files from the former employee’s Google Drive to a shared Team Drive. File ownership changes from the creator to the team when a file is moved to a Team Drive. These files remain, even after the original file owner’s account is deleted.)
To transfer Google Groups and/or Sites add another account as the owner.
Login with the employee’s account, to https://groups.google.com, choose a group, then select the group settings icon, and choose Membership and email settings, then Transfer ownership. You can then make another member of the group the owner.
Similarly, for Classic Google Sites, login to https://sites.google.com, choose a site, then choose settings, click Sharing and permissions, and then invite another person in the organization to be an owner of the site.
If you want to transfer contacts or calendars, export the data first, then import it into another account.
To export contacts, login as the user, go to https://contacts.google.com/ > (left menu) More > Export. You’ll need to go to the old version of Google Contacts, select the More menu, then Export. To import contacts into another account, go to https://contacts.google.com/ > (left menu) More > Import, then select the exported file.
To export calendar events, login as the user, go to https://calendar.google.com in a browser. From the list of calendars in the My calendars area on the left of the page, select the arrow to the right of a calendar, then choose Calendar settings, then Export this calendar. Save the file.
To add the events to any existing calendar, go to https://calendar.google.com, select the sprocket (in the upper right) for settings, choose Calendars, then Import calendars.
4. Delete account
Now, you’re ready to delete the former employee’s account. Login to the admin console, choose Users, then select the three-vertical dot menu to the right of the user, and choose Delete.
5. Add address as alias
Optionally, if the former employee’s account served as a login to any websites or services, you might want to keep the email address active as an alias. That way, you can recover the login to those sites much more easily, since any email sent to the address will appear in an active account.
To add an alias, login to the G Suite admin console, choose Users, then select a user, then Accounts, then Add an alias under Alias. (Note that the Alias is visible in one of the first images in this article.) Add the former employee’s email address. If you’ve just deleted the account, you may need to wait until the old account is fully cleared before you add it as an alias.
I’ve used this process several times to transition G Suite account data. I always follow the steps to secure account access and export account data, but I often transfer files only. Many times, clients don’t choose to move contacts or calendars into other accounts.
How does the process above compare to how your organization handles G Suite account transitions? Let me know in the comments or on social media!
