Block access to G Suite on a lost device
You must be signed in as a super administrator for this task.
If a user loses their device, you can block unauthorized access to their account.
When a device is at risk
An unauthorized user could potentially access G Suite data on a lost or stolen device if:
- The device has an open connection to the user’s G Suite account.
- The device stores cookies that allow connecting without entering a username and password.
- The user installed a third-party service on the device and gave it access to their G Suite data.
Reset a user’s sign-in cookies
Here’s how to sign the user out of all current HTTP sessions and reset their sign-in cookies. Doing so requires them to enter their username and password to sign back in to their account.
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
- From the Admin console dashboard, go to Users.
- Click the user's name to open the user's account page.
- Click Account to open the settings.
- Scroll to Cookies and click Reset sign-in cookies.
- Click Reset sign-in cookies again to confirm.
It can take up to an hour to sign the user out of current Gmail HTTP sessions. The time for other applications can vary.
Wipe a mobile device
If the mobile device is managed by Google Mobile Management and synchronization is turned on, you can remotely remove data from the device. You can choose to remove all data or only G Suite data. The user’s G Suite data will still be available through a web browser and other authorized mobile devices.
Revoke authorized access
Users can allow third-party services to access their G Suite account. For example, a user might install a diagramming app that needs access to their Google Drive files so it can create diagrams or flowcharts. When the app is installed, it will ask the user to grant access to their G Suite data.
If a device is lost or stolen, you can revoke this access so the app can’t access the user’s data anymore. For details, see View user security settings and revoke access.