Prevent user login without password change or suspension
56 views
Skip to first unread message
Alden Thompson
Nov 21, 2024, 11:01:36 AM11/21/24
to GAM for Google Workspace
Hi,
Is there a way to prevent a user from signing into their account WITHOUT changing their password or suspending their account?
Our administration team has tasked me with creating a leave of absence procedure, and part of that is making sure the staff member can't use their account because they're not supposed to be working, WHILE also receiving emails to be forwarded to whoever is covering for them.
I don't want to change the password because I want the process to be as seamless as possible for the user returning. Is anyone aware of a way to do this?
Here's my current process:
When user is starting leave of absence
gam update user $email suspended off
gam user $email signout
gam user $email vacation on subject "Auto Out of Office" message "This employee is out of the office." start 2000-01-01 end 2999-01-01
gam user $email add forwardingaddress $forwardto
gam user $email forward on keep $forwardto
gam update user $email gal false
gam user $email update user ou '/Staff/LOA'
When user is back
gam update user $email suspended off
gam user $email vacation off
gam user $email delete forwardingaddress $forwardto
gam user $email forward off
gam update user $email gal on
gam user $email update user ou '/Staff'
gam update user $email suspended off
gam user $email signout
gam user $email vacation on subject "Auto Out of Office" message "This employee is out of the office." start 2000-01-01 end 2999-01-01
gam user $email add forwardingaddress $forwardto
gam user $email forward on keep $forwardto
gam update user $email gal false
gam user $email update user ou '/Staff/LOA'
When user is back
gam update user $email suspended off
gam user $email vacation off
gam user $email delete forwardingaddress $forwardto
gam user $email forward off
gam update user $email gal on
gam user $email update user ou '/Staff'
✉ Kevin Melillo
Nov 21, 2024, 11:14:55 AM11/21/24
to google-ap...@googlegroups.com
If you leave the password the same, they will just sign in again. It is just human nature! Also, they will still have access from their mobile device. Also, when we have users on leave, we usually use Delegation to the users manager instead of forwarding. It's an option. We also have a status custom attribute set up with date, OU, and description... where we record the on leave date, On Leave or Terminated, and the OU
Our on leave process:
Sign the user out
randomize the user password
deprovision the user
remove mobile devices from the users account
add manager as delegate
add access to calendar for manager
map calendar to manager
create OOO responder
update custom status fields
--
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/google-apps-manager/ee882cbe-8bc5-4270-8d07-2dd1ab15645en%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages