Articles on: Policy Management

Creating an offboarding policy

Policies within Patronum are extremely powerful and can be used to create workflows for onboarding and offboarding of users based on specific criteria such as new users, job title or even date.

To create an Offboarding Policy workflow follow these steps:

WORKFLOW

From within the Policy section select the create (+) icon.

Give the policy a name and description. These will be used in any email notifications or approvals.
Create Workflow Policy

Start to define your policy be configuring the workflow conditions. From here you can define which users you want the policy to be applied to.
Policy Conditions
You can base your policy on all Users, by users in Organisation Unit, or by a Google Group. You can also exclude users based on a Google Group. For offboarding we typically see organisations moving their users to a specific Offboarding OU

Further filtering of your user cohort is possible, such as filtering on Last Sign In, End Date or Suspended
Policy Filters

The last section (Actions) with the Workflow is used to define specific users within the workflow.
Executor - Used when a user is being offboarded. The executor is the account that Patronum will move data to, such as contacts, files or calendar items.
Approval - This user is required to approve the workflow before it is allowed to run. It can also be used to change the executor for each specific offboarding user.
Notify - This user will be notified that the policy has begun.

Once the workflow elements have been completed and you have verified that you are happy, you can go on to define what the policy will do. NB. If a policy is affecting a large number of users additional approval is required before the policy is allowed to run.

PROFILE

Within the PROFILE section you can update user attributes such as Job Title, Manager, Department, Cost Centre and many more Google and Custom defined attributes.

GROUP

Within the Group section you can automatically REMOVE users as part of your offboarding process. Select the smaller of the blue circles to open the deprovisioning options.

Offboarding Users from Google Groups

CALENDAR

Transfer Google Workspace users Google Calendar to an Executor , Delete Events, and also remove user as an attendee

Offboarding Google Workspace calendars

CONTACTS

Automatically transfer Google Contact Sharing to an Executor or remove ex-employee from users my contacts.

Deprovision Google Contacts

FILES

Transfer ownership of files to an Executor from within the FILES policy or transfer files to a Google Shared Drive.

File deprovisioning options.

The options are:-
Privacy level - Decide which files you want to transfer.

All Files - Transfers all files from the user
Unshared files only - Transfers only the unshared files of a user. Use this option if you want to transfer all none shared files.
Shared fils only - Transfers those files that have been shared with others.

Transfer all files to Shared Drive - This option moves all files owned by the user to a designated Shared Drive. A path can be selected using the macros such as {{fname}} {{lname}} Files. To include an existing folder use the format /folder/folder/

Transfer ownership of all files to executor - This option changes the ownership of all files to that of the executor user within the policy, and moves the files into the executors My Drive within the defined path.

Request access change for External files - This option will email the external owners of files that the user has access to informing them of the users departure, and requesting a transfer of access to an executor. For files that the user has Editor access to the executor is automatically given editor access.

Remove external file access - This option will automatically removes all external file access to the leavers files as part of deprovisioning the user.

Remove access to shared files - This option removes the users access to any internal files, folders and Shared Drives.

Exclude transfer of files within a specific folder - This option allows the administrator to ignore a specific folder within the users Google Drive for privacy related concerns.

Looker Studio - This option allows for the transferring of Looker Studio data to the executor.

Notification - Allows the administrator to send an email to a specific user once the transfer of file data has been completed.

SETTINGS

Patronum supports a wealth of additional offboarding Google Workspace actions, from Vacation Responder, Delegated Access and Security. From within the SETTINGS section you have access to all of these settings.

Patronum Security Offboarding options.

LICENSES

Remove specific licenses or allocate new ones. Patronum allows you to add Google Archive User licenses, or Cloud Identity Free licenses as part of your offboarding process.

ROLES

Within the Roles section you can automatically REMOVE users from Google Admin Role.

BACKUP

If you have integrated our backup solution with Patronum you can automatically initiate a backup as part of your offboarding process to make sure you have a full and complete backup of the users data.

SPACES

Within the Spaces section you can automatically REMOVE users from all Google Chat Spaces as part of offboarding.

Updated on: 11/07/2024

Was this article helpful?

Share your feedback

Cancel

Thank you!