Sign out a user from a lost or stolen device

To sign out of your Google Account on your own device, go here instead.

Supported editions for this feature: Business Starter, Standard and Plus; Enterprise; Education Fundamentals, Standard, Teaching and Learning Upgrade, and Plus; G Suite Basic and Business; Essentials; Cloud Identity Free and Premium.  Compare your edition

As an administrator, you can block unauthorized access to a user's Google Account if their device is lost or stolen. You can sign the user out of all current HTTP sessions and reset their sign-in cookies. When you reset sign-in cookies, users must enter their username and password to sign back in to their account. 

Note: If you suspended a user, their sign-in cookies are automatically reset and you don't need to complete these steps.

When a device is at risk

An unauthorized user could potentially access your organization's Google data on a lost or stolen device in the following scenarios:

  • The device has an open connection to the user’s managed Google Account (for example, their Google Workspace or Cloud Identity account).
  • The device stores cookies that allow it to connect automatically, without the user entering a username and password.
  • The user installed a third-party service on the device and gave it access to their Google data.

Reset a user’s sign-in cookies

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Users.
  3. In the Users list, find the user. If you need help, see Find a user account.
  4. Click the user's name to open the user's account page.
  5. Click Securityand thenSign-in cookiesand thenReset.
  6. (Optional) To return to the user’s account page, at the top right, click the Up arrow "" .

It can take up to an hour to sign the user out of current Gmail HTTP sessions. The time for other apps can vary.

Wipe a mobile device

If the mobile device is managed by Google endpoint management, you can remotely remove data from the device. The user can still access their Google data through web apps and other authorized mobile devices.

Revoke authorized access

Users can allow third-party services to access their managed Google Account. For example, a user might install a diagramming app that needs access to their Google Drive files so it can create diagrams or flowcharts. When the app is installed, it asks the user to grant access to the data for their Google service.

If a device is lost or stolen, you can revoke this access so the app can’t access the user’s data anymore. For details, see View user security settings and revoke access.

Was this helpful?
How can we improve it?

Need more help?

Sign in for additional support options to quickly solve your issue