Table of Contents
1. Why Google Workspace Archiver User?
Understand Why do we even need archive user license
2. What is Archive User SKU?
What exactly is Google Workspace Archive User License SKU?
7. Archive Multiple Users
Instructions on how to archive multiple users via CSV file.
Why do we need Google Workspace Archive User?
Instead of straight away jumping to Google Workspace Archive SKU as a solution, let us first discuss the problem to understand why do we even need something like it in the first place?
The Problem
Employees join and leave your company, this is a part of business lifecycle, everyone at some point leaves an organization for a better opportunity.
However, these former employees usually leave behind lots of valuable data that can be in the form of emails, documents, chat, video recordings etc.
As a business you need to keep this data for future references whether to get some insights from it OR to mere meet your data retention compliance.
So, as a Google Workspace customer, you use Google Vault, which helps you retain all of this valuable data.
(Note – If you are not familiar with Google Vault, consider learning about it in this Definitive Guide to Google Vault)
So far so good.
But there is a problem here…………………..
To retain your former employees data in Google Vault, you need to keep their Google Workspace license, and it costs you same amount of money as they are still active users.
So what do you do? How do you retain their data but without paying equal money as your active Google Workspace users?
You guessed the answer – Google Workspace Archive User SKU – Let’s talk about it now.
What is Google Workspace Archive User License SKU?
As we now understand the problem at hand, let’s discuss how archive user SKU can help us save money on our Google Workspace licensing along with securely retain our former employees data.
The Solution - Google Workspace Archive User License
So…….
What is Google Workspace Archive User?
Archive User SKU is a Google Workspace license type for businesses using Google Workspace Business or Enterprise. It allows businesses to retain data of their former employees at less cost than active or suspended users license price.
Google Workspace Archive User SKU Advantages-:
- Cost Savings -: You may save on your Google Workspace licensing with archiving user.
- Ease of Administration -: You can archive users right from your Google Workspace Admin Console, It also provides unarchiving flexibility, so you can anytime unarchive the user to provide him/her an active account back if required.
- Complete Data Coverage -: It covers all the data as per the policies you have configured in Google Vault, so you can put the user on legal hold, search Vault, export data etc.
- Rich User Experience -: Viewers and Editors can still see/edit the documents and sites shared by archived user.
- Data Security -: Archive users data is also scanned like active users for DLP policies (if on Enterprise SKU and DLP configured, we’ll talk in details about it)
Google Workspace Archive User SKU Limitations-:
- No Directory Integration -: We do not get flexibility to manage (assign / unassign) Archive user licenses via Google Cloud Directory Sync.
- No OU based automatic licensing -: Unlike other Google Workspace license type, you can not assign archive licenses automatically based on the Organization Unit (OU) membership.
(I will show you a workaround for it though leveraging script later in this post when we talk about license assignment). - No online Purchase option -: There is no option to purchase Archive Licenses online, you would need to contact either Google Sales OR Reseller representative.
Google Workspace Archive User SKU Pricing
In this section, let’s cover cost of Google Workspace Archive License SKU, and how you can save on licensing by choosing the right type of licenses for archiving users.
Google Workspace Archive User License Cost
Google Workspace Archive license comes in two flavors (business and enterprise) which can be assigned respectively to former employees, and I will talk about it in great details in our AU license assignment section.
You should contact your Google sales rep OR Google Workspace reseller to understand the pricing in details.
Which Google Workspace Archive User License should you purchase?
So you might have seen above that archive user license should be respective to the license which you had assigned to your former employee.
For e.g -: Your former employee had Google Workspace Enterprise license assigned, then you would (ideally) be assigning him Google Workspace Archive – Enterprise).
I mentioned “Ideally” for a reason, though nobody can stop you to assign a lower level archive license but thats not recommended.
So let’s say you had assigned Google Workspace Enterprise license to your user who is now leaving your company, though you can assign him “Google Workspace Archive – Business license” too, but then you will not get enterprise functionality on this user, e.g your DLP policies will not be applied to this archived user.
License Assignment Reference Table
| My Former employee / User had | I should assign |
|---|---|
| Google Workspace Enterprise License | Google Workspace Enterprise - Archived User |
| Google Workspace Business License | Google Workspace Business - Archived User |
How do you purchase Google Workspace Archive User Licenses?
I invested some time on Google Workspace pricing page to find an option to purchase archiving licenses online, but it seems Google does not sell them this way.
Google Support documentation however suggests to talk to Google sales team for it, or you should be able to contact your Google Workspace reseller to buy these licenses.
If you are not yet engaged with a Google partner, you may consider exploring Google’s Partner Directory.
Impact of assigning Archive User license
Before archiving users, let us first understand its impact, and get clarity on what exactly happens when you assign Google Workspace archive license to a user.
This is what happens when you assign Google Workspace Archive User license to a user.
- Archived User can not login to Google Workspace services.
- Archived User can no longer receive emails, calendar invites or files.
- Gmail filters of archived users (e.g email forwarding filters setup in Gmail settings) will stop working.
Workaround –> however if you want to forward their emails, consider creating a default routing or content compliance policy in Google Workspace admin console which changes the envelope recipient from archiveduser@domain.com TO someactiveuser@domain.com. - Archived user’s data is retained in Google Vault as per your Vault retention rules, so Vault admins can search, investigate and export the data if required.
- Documents, Calendar invites and/or Google Sites owned by archived user will still be available for viewers and editors (within and outside domain as usual).
- DLP policies would be applied on archived users data too (if you have applied “Google Workspace Archive Enterprise” SKU), for e.g if you can create a new DLP policy saying “if the credit card number is found in docs, then block external sharing, it’ll be applied on archived user’s data too).
- Archived user will not show up in your Google Workspace Directory (contacts).
Google Workspace Suspend Vs Archive User
If you are wondering how does an archived user compare to suspended user, let us discuss it in this section.
Google Workspace Suspended vs Archived User
Archive user is kind of identical to suspended user, however it helps you save substantial amount of money, here is the table showing couple of minor differences between them.
| Particulars | What happens when you suspend a user in Google Workspace? | What happens when you archive a user in Google Workspace? |
|---|---|---|
| Google Workspace Access | Suspended Users can not login to Google Workspace | Archived Users can not login to Google Workspace |
| Data Retention | Data is retained in Google Vault | Data is retained in Google Vault |
| Do not receive emails | Do not receive emails | |
| Files | Visible to the ones whom it is shared with by suspended user. | Visible to the ones whom it is shared with by suspended user. |
| Sites | Visible to the ones whom it is shared with by suspended user. | Visible to the ones whom it is shared with by suspended user. |
| Calendar Events | Stay unless an admin transfer | Stay unless an admin transfer |
| Restore | Suspended Users can be reactivated | Archived Users can be Unarchived |
| Visible in Contacts Directory | No | No |
| License Management via Directory Sync | Yes | No |
Assign Archive License to Individual Users
In this section, let us explore ways to assign Google Workspace Archive License SKU to our users including 1:1 and bulk assignment.
Assign Google Workspace Archive License
There are a few ways to assign (and unassign) archive user license sku to users, I will cover all of them in this section-:
- Assign Archive User License to individual users.
- Assign Archive User license to users in bulk (via CSV).
- Assign Archive User license to via API.
Note -: At the time of writing this guide, Google does not provide a way to assign archive licenses via Google Cloud Directory Sync (GCDS), however I will update this post whenever/if that happens.
Assign Google Workspace Archive User License to individual users.
Assuming you have already procured archive user SKU, let me show you how you can assign to the required user right from Google Workspace Admin Console-:
To Archive a Google Workspace -:
1. Login to Google Workspace Admin Console
2. Go to Users
3. Click on “More” in front of the user whom you want to archive (as shown in the screenshot below)
4. From the options, select “Archive User” as shown in the screenshot below.
- Google will tell you a bit about the impact of assigning Google Workspace archiving license, Click “Archive” if you are ok with it.
- You would see a small confirmation message at the bottom saying “Username has been archived” as you see in the screennshot below.
- Now if you look at the user license assignment card, you would see that the user has been assigned a Google Workspace Enterprise (or Business) Archived User license.
UnArchive Google Workspace user
- To unarchive the user, simply go to the required user’s page in Google Workspace Admin console, and from the “More” menu, select “Unarchive User” as shown in the screenshot below.
2. Gogole will now show you the pop-up mentioning what would happen once you unarchivethe user, read through it, and if satisfied, click on “Unarchive”.
3. Now you will see a confirmation message at the bottom of the screen saying “Username has been unarchived”.
Assign Archive License to multiple Users
In this section, let us explore way to archive (and unarchivd) multiple Google Workspace users at once via uploading a csv file.
Assign Google Workspace Archive User License to multiple users via CSV file.
- if you have more than a users to archive, it would be painful to do it one by one, fortunately Google provides flexibility to assign Archive license to multiple users at once via CSV file.
- Let me show you how you can create the required CSV file and bulk archive required Google Workspace users.
Step 1 – Prepare the CSV File
- All you need in your CSV file is two columns named-:
(i) Email Address
(ii) New Status1. Column 1 – Email Address should have user’s Primary Email Address (Alias email would also work, but better to put primary).
2. Column 2 – New Status should be archived
Here is how your sample csv would look (You can also make a copy of this sample Google sheet to save some time-:
| Email Address | New Status |
|---|---|
| usertoarchive1@yourdomain.com | Archived |
| usertoarchive2@yourdomain.com | Archived |
| usertoarchive3@yourdomain.com | Archived |
| usertoarchive4@yourdomain.com | Archived |
| usertoarchive5@yourdomain.com | Archived |
Now let us upload this csv file in Google Workspace Admin console to apply archive license SKU.
1. Login to Google Workspace Admin Console and Go to Users
2. Click on “Bulk Upload Users” as shown in the screenshot below.
3. Attach your csv file as explained above, you can also use this Google sheet Archive User CSV template.
— Once you attach your archive user file, click on upload.
4. You will now see the progress in “Your Tasks” as you see in the screenshot below.
— Depending on the number of users in your archive user csv file, it may take a few seconds to minutes, and once complete, Google will show you the result (e.g success or error) along with option to download the log file.
UnArchive multiple Google Workspace users via CSV file.
Create CSV file-:
You CSV file should have two columns-:
Column 1 – Email Address – this should contain user’s primary email id.
Column 2 – New Status (this should contain the word Active).
Your final CSV will look like the following one-:
| Email Address | New Status |
|---|---|
| usertoarchive1@yourdomain.com | Active |
| usertoarchive2@yourdomain.com | Active |
| usertoarchive3@yourdomain.com | Active |
| usertoarchive4@yourdomain.com | Active |
| usertoarchive5@yourdomain.com | Active |
Now follow the same process as we followed while archiving the users (e.g upload this csv file in Google Workspace Admin console –> Users . –> Upload bulk users –> attach your csv.
If everything goes fine, you would see the success message in the tasks (as shown here), and all your users in csv will be unarchived.
Automatically archive users based on Org Unit membership
Automatically assign Google Workspace Archive User license based on Org Unit membership
You might be familiar with automatic license assignment feature in Google Workspace, all you have to do there is to select your organization unit and assign a specific license.
Then onwards, once a new user is either created or moved in that Org Unit, Google will automatically assign license to him/her.
Above feature is great, but unfortunately it does not work with “Google Workspace Archive User SKU” :(.
However, we can leverage Google Apps Script to automate it, essentially our workflow will look like this-:
1. Get a list of all the users in our required Org Unit (e.g Archived_Users).
2. Search for unarchived users in this list.
3. Archive all users who are active.
4. Create a trigger (cron job) to run a function which does #1,2 and 3.
Here is a flow diagram to understand it better-:
function archiveUsers() {
// Get All users from Archived_Users Org. Unit, Please change the org unit path to yours.
var pageToken;
do {
var page = AdminDirectory.Users.list({
customer: "my_customer",
query: 'orgUnitPath=/Archived_Users',
maxResults: 100,
pageToken: pageToken
})
var archiveOuUsers = page.users
// Find the users who are not yet archived
for (i = 0; i < archiveOuUsers.length; i++) {
if (archiveOuUsers[i].archived == false) {
var userToBeArchived = archiveOuUsers[i].primaryEmail
// Archive the users who are still active.
try {
var archivalStatus = AdminDirectory.Users.patch({
archived: true
}, userToBeArchived)
} catch (e) {
Logger.log(e.message)
}
}
}
pageToken = page.nextPageToken;
// Run the script till the time we have next set of users available as per pakeToken
} while (pageToken);
}
Google Workspace Archive User SKU - FAQs
Here am listing some of the frequently asked questions about Google Workspace Archive User SKU, if you have any question, please comment in the bottom, and I will add it (along with the answer) to FAQs.
FAQ
Most frequent questions and answers about Google Workspace Archive User License SKU
As of today, Google does not provide option to assign (or unassign) Google Workspace Archive license via Google Cloud Directory Sync (GCDS).
However, You may consider following as a prospective solution for now-:
- Exclude your “Archived_Users” Org Unit from GCDS.
- Create a cron job which calls Directory API to list users in your Archive_Users Org Unit.
- Search within this list to find users who are still active.
- Make a patch API call with archived=true to archive these active users.
Please watch the video above where I show how you can exactly do that with Google Apps Script (I have provided the script as well for you to copy and use).
It is not, and unless am missing something, it does not make sense either.
Why would you create a user with archive state?
You can only assign Google Workspace Archive User license to an active Google Workspace Business OR Google Workspace Enterprise user.
It depends.
If the concerned user is part of an Organizational Unit which has automated license assignment turned on, then yes, license will be assigned automatically upon unarchiving the user, otherwise not.
Your requirement -: Our user has left, we have assigned him Google Workspace archive license, but we want to migrate his data to some other Google Workspace user in our domain, how can do that?
You can do that, but let me explain it a bit.
IMAP stops working (even if it is enabled) for archived user, so to migrate archived user’s data, you have 2 options-:
1. Migration Option One-:
(i) Change user’s password.
(ii) Migrate the data via data migration service (available within Google admin console for free or other migration services offered by Google)
(iii) Assign Archive user license once migration in completed.
2. Migration Option Two-:
(i) Assign Archive User License
(ii) Use any 3rd party migration tool which migrates via GMAIL API instead of IMAP, prominent ones are Migrationwiz and Cloudmigrator.
Detailed Question asked in Ok Goldy FB group-:
I would like to know what is the difference between VFE (Vault Former Employee) license and Google Workspace Archive User (AU) license apart from the point that AU costs the company.
Like what more does AU offers which VFE doesn’t? Anything special in terms of vault retention and auditing?
Also, when we migrate a user from VFE to AU, what are the changes we see?
Answer -:
I think VFE was more like an adjustment, but AU is a well planned SKU.
AU allows you to do a bit more, like running DLP scans which you can’t do with VFE.
No difference between the retention policies as they are still controlled by Vault on both.
You would need to manually assign AU licenses to users when migrating from VFE, though AU can’t be handled with Directory Sync for now, but Directory API has a property called isArchived = true or false which you can leverage to do this in bulk (script is provided in this post above).
VFE would also be going away, and AU would be streamlined to manage leaving users data, so it can also be considered as an upgraded version of VFE.
Yes.
I tested this, I SSHed into my GCP linux instance, and then archived this Google Workspace user, in less than couple of minutes I lost connection to the instance.
I started seeing this message then and couldn’t reconnect to the instance-:
Transferring SSH keys to the VM.
The key transfer to project metadata is taking an unusually long time. Transferring instead to instance metadata may be faster, but will transfer the keys only to this VM. If you wish to SSH into other VMs from this VM, you will need to transfer the keys accordingly.
Click here to transfer the key to instance metadata. Note that this setting is persistent and needs to be disabled in the Instance Details page once enabled.
You can drastically improve your key transfer times by migrating to OS Login.
Also, ideally I think recommendation would be leverage os login to give ssh
Ask it in the comments below, and I would try to answer it (if i can) as soon as I get time.
RECOMMENDED READING
Definitive guide to learn everything about Google Vault, and leverage it to retain, search, investigate and export data.
Do you want to unassign any Google Workspace license in bulk? use this simple and readymade Google Apps script
Learn about this new subscription from Google which makes it super easy to use Google Workspace for your team.
13 thoughts on “The Definitive Guide to Google Workspace Archive User License”
It appears that the enterprise AU license does not work for GWS Enterprise Standard today, do you know if there are plans to bring that functionality to the existing license type or will there be some kind of new one?
Hi Felipe – You should connect with formal channel (via partner engineer) to learn about the roadmap.
Hi Goldy,
For Google Workspace partners that are helping customers transition to AU, do you know if a internal process has been created regarding how orders will be submitted for those transitioning during the free entitlement period ( until Dec 31st, 2021) if they previously had VFE? For customers that are have online subscriptions, will customers have two support end dates? One for their Google Workspace subscription and one for their AU subscription?
Hi Brandon, please check with your partner engineer, I don’t have enough information on it, sorry.
Would you recommend a certain percentage of folks being archived in this new COVID times? Like 10% etc? Or is there a rule of thumb to recommend to customers?
Why can’t we assign an AU license to a former Basic Google Workspace SKU user ?
Google only offers Google Workspace Archive User license for Google Workspace business and Enterprise users, so you would get an error when applying archive license to Google Workspace basic user.
A work-around is to first apply Google Workspace business plan to this basic user, and then archive him/her.
Always amazing content Goldy.
Thank you Heather, glad you liked it, hope you are doing good:).
Thanks for putting this together – found it after stumbling upon the archive feature for one of my client’s accounts, and was looking for a way to enable it for our own account (as the reseller) – this helped! 🙂
Your welcome, glad you found this Google Workspace Archive user guide helpful.
I would like to know what is the difference between VFE (Vault Former Employee) license and AU (Archived User) license apart from the point that AU costs the company. Like what more does AU offers which VFE doesn’t? Anything special in terms of vault retention and auditing? When we migrate a user from VFE to AU, what are the changes we see?
This is a very good question, I have added it in the FAQ section along with my understanding of the difference between VFE and AU.