Clear search
Close search
Google apps
Main menu

Get started: Vault administrators

Welcome to Google Vault! This guide will walk you through the steps to get Vault up and running for your organization.

Important: Vault won't preserve data according to your organization's policies and legal requirements until you complete these steps. You must choose a default retention policy and/or custom rule as described in Step 5 in order for Vault to retain your data.

Before you proceed, make sure:

  • You are a G Suite super administrator for your organization; only super administrators can complete the steps in this guide.
  • You have G Suite or G Suite for Education.
  • Google Vault has been purchased for your organization.

Click each step below to learn how to complete it.

1. Assign Vault licenses

Assign licenses to everyone (full-domain licensing) or to just a subset of people (partial-domain licensing).

  1. Consult with people in your organization who understand its business and legal requirements to decide who needs a Vault license.
  2. Follow the steps in the full-domain or partial-domain licensing article.
2. Specify who in your domain can access the Vault console

Only users with appropriate permissions can log on to

  1. Sign in to the Admin console, using your administrator account email address (including username and domain) and password.
  2. On the dashboard, click Apps, then click G Suite.
  3. Click Vault and choose one of the following options:
    • ON for everyone: everyone in your organization can access Vault.
    • ON for some organizations: only organizational units (OUs) that you specify can access Vault. Learn more about creating OUs.
    • OFF: no one in your organization can access Vault.
3. Grant privileges to authorized employees

Grant privileges to employees who you want to create retention rules, place litigation holds, or perform investigations. This step is not mandatory for the initial setup of Vault.

  1. Understand the various privileges that you can grant users.
  2. Follow the steps in the Grant administrator privileges article.
4. Sign in to Vault
After purchasing Vault or starting the 30-day trial, we recommend that you wait 30 to 60 minutes before signing in to If you sign in immediately after purchase, you might not see all the areas of Vault that you have access to.

Now that Google Vault is enabled and licenses have been assigned in the Admin console, sign in to Vault by doing the following:

  1. Go to
  2. Sign in with your G Suite username and password.

Other authorized employees in your domain will sign in to Vault the same way after you've given them access.

5. Set your organization's default retention period for archiving

Set a default retention policy to control how long your organization's messages are archived before being permanently expunged from your users' mailboxes and all Google systems. Your organization should have a policy about the amount of time messages should be retained. We recommend that you consult your organization's legal team when you set up a default retention rule.

The retention period starts on the date a message is received, NOT the date you set the rule. For example, you set the default for 3650 days (10 years). If a user received a message on January 5, 2004, that message would be removed from the user's mailbox on January 5, 2014, and from Vault shortly thereafter. Learn details about how retention works.

After the time period defined by a default retention policy (or custom rule) elapses, messages retained by those rules are permanently deleted and cannot be restored.
  1. In Google Vault, click Retention in the left navigation.
  2. Click Modify default retention period.
  3. In the dialog that appears, select one of these three options:
    • Do not specify a default retention period: User content isn't retained in Vault. Unless a custom rule or hold applies, user-deleted content is expunged 30 days after deletion, with no recovery options. Your organization's default retention period is automatically set to this option unless you change it.
    • Retain data indefinitely: User content is permanently available in Vault, unless a custom rule applies.
    • Retain data for a specified number of days: User content is retained for the number of days you specify (up to 36,500), unless a custom rule or hold applies. Shortly after this period elapses, content is removed from user mailboxes and deleted from Google systems with no recovery options. If you select this option, click Next, type the number of days for the retention period, then click Set. Select the checkboxes to verify that you understand your content will be deleted at the end of the retention period if no other rules or holds apply. 
  4. Click Submit.

Important notes:

  • What happens after you set the default retention rule: Unless a custom rule or hold applies to them, current and future messages in your users' mailboxes are preserved in and expunged from Vault according to the default retention rule.
  • What happens when a user deletes a message: The message is removed from that user's mailbox. However, when the default retention rule or a custom rule applies, the message is still available in Vault for the remainder of the retention period.

Google Vault is now up and running! Vault will preserve your domain's mail and on-the-record chats for the retention period you specified. Learn more about the default retention rule and custom rules.

Was this article helpful?
How can we improve it?