Possible to automate Account Suspension/Deletion workflow?
731 views
Skip to first unread message
AAsfe Regss
Jun 10, 2016, 12:53:28 PM6/10/16
to Google Apps Manager
Hi,
We're trying to see if following workflow is possible through GAM
Suspend user
1. change password
2. sign out all session and delete all recovery methods
2-1. prevent all mobile logins
3. delegate email access to a designated account
Delete user
1. change password
2. sign out all session and delete all recovery methods
2-1. prevent all mobile logins
3. if configured, make a google takeout
4. if configured, transfer all email to designated account
5. delete account and transfer all google file ownership to designated account
EL
Jun 10, 2016, 2:56:42 PM6/10/16
to Google Apps Manager
This isn't exactly what you are looking for but its a starting point, look at the example on this page: https://github.com/jay0lee/GAM/wiki/SecurityExamples#deprovisioning-a-user
I would consider simplifying your off boarding process where you would suspend a user before you delete them so you combine many of your steps you listed.
AAsfe Regss
Jun 10, 2016, 8:47:39 PM6/10/16
to Google Apps Manager
Hi,
Thanks for the suggestion, I think the Deprovisioning A User example perfectly covers the steps I needed for the Suspension workflow. (Though I'm not entirely sure if user would be prevented from logging in or any active session will be killed?)
For the Delete workflow, it seems that the only thing I am unable to find information on is the goolge takeout. It doesn't seem possible currently to make a google takeout through GAM?
Another question, when use the delete command, it doesn't seem to have a parameter regarding target owner transfer to files, does that mean we need to transfer all application data on before deleting the account? (As oppose to delete in google, as part of delete, it'll ask if we want to transfer application ownership)
For the Delete workflow, it seems that the only thing I am unable to find information on is the goolge takeout. It doesn't seem possible currently to make a google takeout through GAM?
Another question, when use the delete command, it doesn't seem to have a parameter regarding target owner transfer to files, does that mean we need to transfer all application data on before deleting the account? (As oppose to delete in google, as part of delete, it'll ask if we want to transfer application ownership)
EL
Jun 11, 2016, 4:19:02 PM6/11/16
to Google Apps Manager
You will need to test it, but typically when a users tokens are revoked they are forced to sign back in, if you have suspended the user in Google for Work when they attempt to sign back in they will see that they are now suspended.
For your delete workflow you will need to add a step to transfer data, check out this page; https://github.com/jay0lee/GAM/wiki/Data-Transfers
Once the transfer is completed you can then delete the account.
Reply all
Reply to author
Forward
0 new messages