📖 2 mins read

Overview

This feature is ideal where Admins want to delegate the audit function to local managers or regional security personnel.

GAT+ allows anyone to audit any range of users based on the model of Google Groups, Google Classrooms, and Org Units.

It does not require passing on Google Admin authority. Selected auditors can be an individual user, group, or Org Unit. This allows you to have multiple auditors for a specified scope.

This process is documented in this Youtube video.

To Enable Audit Delegation, follow the instructions below.

Open GAT+ on the side menu enter the section called Delegated Auditors.

Click on  +  ‘Add new auditor’ 

GAT+: Create Delegated Auditors 1

For the below example 

  • Product (GAT+ or Shield)
  • Auditor – a user, group or OU
  • Audit scope  – Audit Users/Groups or Org.Units

GAT+: Create Delegated Auditors 2

  • Audit areas – choose which areas to be enabled or disabled for the selected auditor.

GAT+: Create Delegated Auditors 3

Note: Once the Delegated auditor is created, they can only access the scope given, and reports they generate will be based on the scope too.

Select the Valid to time expiration period for the Auditor.

Click on the Active and Save button.

GAT+: Create Delegated Auditors 4

Admin can verify the scope the auditor has by logging into GAT+ as the auditor, the admin will see exactly what an auditor will see.

GAT+: Create Delegated Auditors 5

You can read more about G Suite Audit delegation here. 

When the Auditor accesses the tool, they will have access only to the enabled areas.

In the Auditing Areas, they can utilize all of the features of GAT Unlock of course with Security Officer approval.

  • They can modify and remove permissions download or view file content.
  • They can download emails, view emails, and remove emails from users’ Gmail accounts.
  • They can set up email delegation to give one user direct delegation into another user’s Gmail account.

The Configuration tab – Security officer will be available only if the user is enabled as a Security Officer.

There might be some limitations in the audit sections in some areas.

For example in the Email section, the Delegated auditor has access to Email, Email Content Search, User statistics, External From/To, and Sender/Receiver tab. 

GAT+: Create Delegated Auditors 6

The Drive audit will display all Drive files from the scope of users.

Overall table will be available only if the auditor has a scope of all users in the domain  (domain-wide scope)

GAT+: Create Delegated Auditors 7

All the functionalities such as requesting access to the file and removing permissions are available for the Auditors.

GAT+: Create Delegated Auditors 8

Video: How to create delegated auditors in your G Suite domain

GAT+: Create Delegated Auditors 9

For any questions feel free to contact us at support@gatlabs.com

Thanks for sharing and spreading the word!