Flows

This is a placeholder page. Please see the links below for any child pages that exist.

Google Workspace Deprovisioner

Overview

Google Workspace Deprovisioner consists of a collection of flows built in Okta Workflows (“OWF”). The flows were created to provide a consistent and automated process for deprovisioning Google Workspace user accounts.

The deprovisioner is composed of 2 distinct parts.

Initial Offboarding

The following actions are performed on a Google Workspace user when an offboarding is triggered via a Slack slash command.

  • Signs a user out of all web and device sessions and reset their sign-in cookies.
  • Update user profile
    • reset password
    • remove from Global Address list
    • remove recovery email
    • remove recovery phone
    • move to /Former Team Members organizational unit
  • Remotely wipe coprorate Google Workspace data from mobile devices
  • Delete access tokens (OAuth tokens)
  • Delete application specific passwords (ASPs)
  • Delete verification tokens
  • Remove user membership from Google groups.
  • Create and set a vacation auto-reply in the user’s Gmail
  • Make manager a Gmail delegate
  • Create a transfer request and transfer the following data to the user’s manager
    • Google Drive
    • Google Calendar

Post-90 Day Offboarding

The following actions are performed after 90-days for an already offboarded user in Google Workspace

Last modified August 2, 2024: Create Google Workspace Deprovisioner in Okta Workflows (53b9bd05)
View page source - Edit this page - please contribute. Creative Commons License