Skip to main content
Search
< All Topics
Print

Google Workspace User Offboarding Checklist for Business

Posted
Updated
ByKartik Periasamy


📄 Google Workspace
🕑 6 min read
Cybergate IT Team
Google Workspace admin user offboarding checklist
Improper staff offboarding leaves ex-employees with access to company email and data – complete every step on this checklist.

When a staff member leaves your organisation, their Google Workspace account must be properly offboarded to prevent continued access to company email, Drive files, shared documents and all Google services. Skipping steps or simply changing the password without a proper process leaves security gaps and can result in data loss. This checklist covers every step in the correct order.

Do This on the Last Day of Employment

Every hour a former staff member has active access to their Google account is a risk. They can read all historical emails, download Drive files, access client information and delete data. Suspend the account at the end of the last working day.

Step 1: Suspend the Account (Do Not Delete)

admin.google.com Directory Users select user Suspend user
1

Suspend Immediately

Sign into admin.google.com with a super admin account. Go to Directory > Users. Search for the leaving user. Click on their name.

In the user detail page, click the three-dot menu (top right) and select Suspend user. Confirm. The account is immediately suspended – the user loses access to all Google services instantly.

A suspended account badge appears in the admin console. All their data (email, Drive, Calendar) remains intact and accessible to admins.

Suspend, Not Delete

Deleting starts an irreversible 20-day countdown to permanent data deletion. Always suspend first and complete all data transfer steps before deleting.

Step 2: Transfer Drive and Docs

admin.google.com Users select user Transfer Drive and Docs
2

Transfer My Drive Files to Manager

In the user detail page, look for the Transfer Drive and Docs option (it may be under a More options or three-dot menu). Click it.

In the transfer dialog:

  • Transfer to: Enter the manager’s Google Workspace email address
  • The transfer creates a new folder named [User’s Name] transferred files [date] in the manager’s My Drive

Click Transfer files. The transfer runs in the background and takes minutes to hours depending on the number of files. The admin receives an email when complete.

Note: Files in Shared Drives are not affected by this transfer – they remain in the Shared Drive and are still accessible to other members.

Step 3: Set Email Auto-Reply

3

Configure Auto-Reply for Incoming Emails

In the user detail page, click Email settings or look for Vacation responder / Auto-reply.

Enable the auto-reply and set a message such as:

Thank you for your email. [Staff Name] is no longer with [Company Name]. For assistance, please contact [Replacement or Department Email] or call [phone number]. We apologise for any inconvenience.

This ensures clients and contacts who email the leaving staff member receive an informative reply rather than silence or a delivery failure.

Google Workspace admin console user management
Admin console user detail page contains all offboarding actions
Google Workspace email forwarding setting
Set email forwarding to ensure no client emails are missed after the user leaves

Step 4: Set Up Email Forwarding (Optional but Recommended)

4

Forward Email to Manager

Set up forwarding so any emails sent to the departed staff member’s address are forwarded to their manager for 30 to 90 days. This catches any late client correspondence or important emails.

In the Google Admin console, go to Apps > Google Workspace > Gmail > User Settings. Or access it via the user detail page > Gmail settings. Configure Mail delegation so the manager can access the inbox, or set up a routing rule to forward all incoming mail to the manager’s address.

Set a reminder to remove the forwarding after 90 days and update the auto-reply to reflect the final deactivation.

Step 5: Remove from Groups and Shared Drives

5

Remove from Google Groups

Go to Directory > Groups. Search for all groups the user is a member of. Click each group and remove the user from the member list.

Alternatively, on the user detail page, the Groups section lists all group memberships. Remove from each group directly from this page.

6

Remove from Shared Drives

Go to Drive and Docs > Manage Shared Drives. Search for Shared Drives where the leaving user is a member. Click each Shared Drive > Manage members. Remove the leaving user from the member list.

This prevents access to team files even if the account is somehow reactivated.

Step 6: Revoke Third-Party App Access

7

Remove Connected Apps

Go to the user detail page. Click Security > Authorised applications. This shows all third-party apps the user has connected to their Google account via OAuth (signing in with Google).

Remove access for all applications by clicking the X next to each app. This prevents third-party apps from continuing to access company data through the user’s credentials.

Step 7: Delete Account (After 30 Days)

8

Delete the Account

After at least 30 days, and after confirming:

  • All Drive files have been transferred
  • Email auto-reply is set
  • No pending items in the account are needed
  • Licence has been reassigned to a new user (if applicable)

Go to the user detail page, click the three-dot menu and select Delete user. Confirm. The account enters the 20-day recovery window before permanent deletion.

Need IT Help in Malaysia?

Cybergate provides managed IT support for businesses across Malaysia. Our team is available Monday to Saturday, 9am to 6pm.

📞 Get Free Help
🛤 WhatsApp Us

Frequently Asked Questions

Always suspend first, never delete immediately. Deleting a Google Workspace account starts a 20-day window after which the account and all its data (including Drive files not transferred, emails, Calendar events) are permanently deleted. Suspending preserves all data while preventing the user from accessing their account. After completing the file transfer and email forwarding setup, wait at least 30 days before deleting to ensure nothing is missed.

Files in the suspended user’s My Drive remain in their account and are not accessible to other users until transferred. Files in Shared Drives remain accessible to other members of those Shared Drives regardless of the user’s account status. Transfer My Drive files to the manager as part of the offboarding process.

No. A suspended user cannot sign in to any Google services including Gmail, Drive, Meet, Calendar or any third-party app that uses Google sign-in. Their email address still receives incoming emails (which are stored in the suspended account), but the user cannot read or reply to them. Email forwarding can be set up by the admin even for suspended accounts.

Google provides a 20-day window after account deletion during which an admin can restore the account by going to admin.google.com > Users > click the three-dot menu > Restore user. After 20 days, the account and all data are permanently deleted and unrecoverable. Always suspend and wait before deleting.

CG
Cybergate IT Team
Managed IT support for Malaysian businesses since 2014. Microsoft Partner · Fortinet Technology Partner. About Us

Related Articles

Knowledge Base
How to Manage SharePoint and OneDrive External Sharing


Knowledge Base
How to Set Up MFA on Microsoft 365

Table of Contents