3 Routine Google Workspace Admin Tasks (and how to automate them)

This post is written by Vince Marino, CPO at Afi.ai, developer of the youngest Google Workspace backup platform. 

Google Workspace (formerly G Suite) requires a lot less maintenance and administrative effort compared to traditional on-premise email and productivity software tools. 

It also completely eliminates the need to manage hardware, in addition to featuring automated backup, security, and workflow automation capabilities.

However, Google Workspace admins still need to invest significant time to manage the system, as well as implementing security and access control policies. 

In this post, I’ll discuss three of the most important routine Google Workspace admin tasks and how to automate them.

1. User Onboarding/Offboarding in Google Workspace

An average organization has around 16% annual employee turnover rate, according to the 2018 Mercer US Turnover Survey. 

This means that a Google Workspace admin in an organization with 1,000 workers needs to onboard and offboard approximately 300 employees per year (assuming all departing employees are replaced). This translates into nearly one offboarding/onboarding operation every day.

Now let’s look at the offboarding process in a little more detail as it typically carries a higher security and data loss risk than onboarding. 

So the usual offboarding workflow includes the following steps:

• Password reset to revoke access from the departing employee.
• Setting up the email forwarding or email alias.
• Transferring ownership of shared folders and shared Drives.
• Archival of user data.
• Account suspension/deletion.

Most admins follow this or a similar process manually. Some admins are even trying to use scripts to automate the process (a few of them are available on GitHub). However, DIY and manual approaches often result in data loss and business interruptions when the data archival and email forwarding steps don’t happen on time.

To that, GAT Flow provides the most mature and feature-rich tool to automate onboarding and offboarding in Google Workspace. The approval workflow GAT Flow implements is essential in engaging all relevant stakeholders to take over data ownership from departing workers, as well as grant permissions to new employees.

Checkout GAT’s blog post: Safely Offboard Google Workspace Users Leaving your Company (in 5 Steps)

2. Google Workspace user data recovery 

Another example of a repetitive admin task is the recovery of items accidentally deleted from Google Workspace. 

Users often accidentally overwrite or delete Google Drive directories, files, and Gmail messages and need the IT team’s help to restore that data. 

Native Google capabilities normally enable data recovery within 25-55 days after the deletion happens (depending on the data type). This process requires significant manual effort from admins and the short retention limit may lead to permanent data loss.

In our experience, many admins either rely on native Google Workspace data recovery options, subscribe to Google Vault, or implement a DIY backup system based on scripts and Google Takeout service. These three backup options are often sufficient when the number of recovery requests is small and infrequent, but may fail at a larger scale. 

The most significant drawback of native and DIY data protection options is their lack of automated data recovery features. While they can help export the data offline, they don’t provide tools to recover the data back to Google Workspace. For example, if a user deletes a folder with many files and subfolders in it, admins will need to manually reinstate the directory structure. 

That’s why many admins use third-party Google Workspace backup services to automate data backup and recovery, as well as overcome the 25-55 days native data recovery limit. 

Such backup services also provide advanced capabilities such as automated archiving of deleted/offboarded users and end-user self-service recovery.

3. Drive file-sharing exposure audit

Another important Google Workspace admin task is data sharing exposure control. 

In most organizations, employees share out data with external users to collaborate with them. Over time, the number of externally shared files accumulates and may become hard to manage. 

Sometimes users may also mistakenly share sensitive data or add sensitive data later on to folders already shared out externally. 

Admins can control external file sharing using the Google Workspace File Sharing Exposure report available in the Business edition. Google also lets you set different sharing permissions in different Organizational Units if you have the Business (or higher) edition. 

These options, however, provide limited flexibility and require regular manual reviews of shared items and sharing permissions. 

One way to automate the file-sharing exposure audit task is by using Google Access Manager. This approach, however, requires significant effort to develop, customize and maintain scripts on a regular basis. 

Using a cloud-based audit automation tool helps you assign granular sharing policies and monitor file sharing using pre-built aggregated reports. 

In our experience, GAT+ provides one of the most comprehensive Google Workspace audit and analysis tools. It enables you to configure automated triggers and alerts that help you manage file-sharing exposure in a fully automated way, thus saving you plenty of time and effort, as well as giving you peace of mind.

Checkout GAT’s blog post: 6 Google Drive Data Loss Prevention Practices Every CIO Must Know