As your organization's administrator, keep your organization's data safe and secure when an user leaves by completing the following best practices:
- Wipe any mobile devices
Use the Admin console to remotely remove data from the user's device. You can remote wipe the entire device or only erase your organization's data.
- Revoke password recovery access
Remove the user's recovery email address and phone number so they can't use the password recovery feature to access their old account.
- Change the user's password
This can greatly reduce the risk of unauthorized access to their old account.
- Revoke all OAuth 2.0 application tokens
Changing a user's password also revokes OAuth 2.0 tokens issued for accessing certain products. Review all authorized access and revoke any other authorized applications.
- Reset the user's sign-in cookies
This also reduces the risk of unauthorized access.
- Revoke security keys and app password access
Revoke any security keys or application-specific passwords that have been granted access to the user's account.
- Delete the user's account
Move any of the user's data that you want to save to another account. Then delete their original account completely. This is the best way to ensure they can't access your organization's data.