Table of Contents
7. Archive Multiple Users
Instructions on how to archive multiple users via CSV file.
Why do we need G Suite Archive User?
Instead of straight away jumping to G Suite Archive SKU as a solution, let us first discuss the problem to understand why do we even need something like it in the first place?
The Problem
Employees join and leave your company, this is a part of business lifecycle, everyone at some point leaves an organization for a better opportunity.
However, these former employees usually leave behind lots of valuable data that can be in the form of emails, documents, chat, video recordings etc.
As a business you need to keep this data for future references whether to get some insights from it OR to mere meet your data retention compliance.
So, as a G Suite customer, you use Google Vault, which helps you retain all of this valuable data.
(Note – If you are not familiar with Google Vault, consider learning about it in this Definitive Guide to Google Vault)
So far so good.
But there is a problem here…………………..
To retain your former employees data in Google Vault, you need to keep their G Suite license, and it costs you same amount of money as they are still active users.
So what do you do? How do you retain their data but without paying equal money as your active G Suite users?
You guessed the answer – G Suite Archive User SKU – Let’s talk about it now.
What is G Suite Archive User License SKU?
As we now understand the problem at hand, let’s discuss how archive user SKU can help us save money on our G Suite licensing along with securely retain our former employees data.
The Solution - G Suite Archive User License
So…….
What is G Suite Archive User?
Archive User SKU is a G Suite license type for businesses using G Suite Business or Enterprise. It allows businesses to retain data of their former employees at less cost than active or suspended users license price.
G Suite Archive User SKU Advantages-:
- Cost Savings -: You may save on your G Suite licensing with archiving user.
- Ease of Administration -: You can archive users right from your G Suite Admin Console, It also provides unarchiving flexibility, so you can anytime unarchive the user to provide him/her an active account back if required.
- Complete Data Coverage -: It covers all the data as per the policies you have configured in Google Vault, so you can put the user on legal hold, search Vault, export data etc.
- Rich User Experience -: Viewers and Editors can still see/edit the documents and sites shared by archived user.
- Data Security -: Archive users data is also scanned like active users for DLP policies (if on Enterprise SKU and DLP configured, we’ll talk in details about it)
G Suite Archive User SKU Limitations-:
- No Directory Integration -: We do not get flexibility to manage (assign / unassign) Archive user licenses via Google Cloud Directory Sync.
- No OU based automatic licensing -: Unlike other G Suite license type, you can not assign archive licenses automatically based on the Organization Unit (OU) membership.
(I will show you a workaround for it though leveraging script later in this post when we talk about license assignment). - No online Purchase option -: There is no option to purchase Archive Licenses online, you would need to contact either Google Sales OR Reseller representative.
G Suite Archive User SKU Pricing
In this section, let’s cover cost of G Suite Archive License SKU, and how you can save on licensing by choosing the right type of licenses for archiving users.
G Suite Archive User License Cost
G Suite Archive license comes in two flavors (business and enterprise) which can be assigned respectively to former employees, and I will talk about it in great details in our AU license assignment section.
You should contact your Google sales rep OR G Suite reseller to understand the pricing in details.
Which G Suite Archive User License should you purchase?
So you might have seen above that archive user license should be respective to the license which you had assigned to your former employee.
For e.g -: Your former employee had G Suite Enterprise license assigned, then you would (ideally) be assigning him G Suite Archive – Enterprise).
I mentioned “Ideally” for a reason, though nobody can stop you to assign a lower level archive license but thats not recommended.
So let’s say you had assigned G Suite Enterprise license to your user who is now leaving your company, though you can assign him “G Suite Archive – Business license” too, but then you will not get enterprise functionality on this user, e.g your DLP policies will not be applied to this archived user.
License Assignment Reference Table
| My Former employee / User had | I should assign |
|---|---|
| G Suite Enterprise License | G Suite Enterprise - Archived User |
| G Suite Business License | G Suite Business - Archived User |
How do you purchase G Suite Archive User Licenses?
I invested some time on G Suite pricing page to find an option to purchase archiving licenses online, but it seems Google does not sell them this way.
Google Support documentation however suggests to talk to Google sales team for it, or you should be able to contact your G Suite reseller to buy these licenses.
If you are not yet engaged with a Google partner, you may consider exploring Google’s Partner Directory.
Impact of assigning Archive User license
Before archiving users, let us first understand its impact, and get clarity on what exactly happens when you assign G Suite archive license to a user.
This is what happens when you assign G Suite Archive User license to a user.
- Archived User can not login to G Suite services.
- Archived User can no longer receive emails, calendar invites or files.
- Gmail filters of archived users (e.g email forwarding filters setup in Gmail settings) will stop working.
Workaround –> however if you want to forward their emails, consider creating a default routing or content compliance policy in G Suite admin console which changes the envelope recipient from archiveduser@domain.com TO someactiveuser@domain.com. - Archived user’s data is retained in Google Vault as per your Vault retention rules, so Vault admins can search, investigate and export the data if required.
- Documents, Calendar invites and/or Google Sites owned by archived user will still be available for viewers and editors (within and outside domain as usual).
- DLP policies would be applied on archived users data too (if you have applied “G Suite Archive Enterprise” SKU), for e.g if you can create a new DLP policy saying “if the credit card number is found in docs, then block external sharing, it’ll be applied on archived user’s data too).
- Archived user will not show up in your G Suite Directory (contacts).
G Suite Suspend Vs Archive User
If you are wondering how does an archived user compare to suspended user, let us discuss it in this section.
G Suite Suspended vs Archived User
Archive user is kind of identical to suspended user, however it helps you save substantial amount of money, here is the table showing couple of minor differences between them.
| Particulars | What happens when you suspend a user in G Suite? | What happens when you archive a user in G Suite? |
|---|---|---|
| G Suite Access | Suspended Users can not login to G Suite | Archived Users can not login to G Suite |
| Data Retention | Data is retained in Google Vault | Data is retained in Google Vault |
| Do not receive emails | Do not receive emails | |
| Files | Visible to the ones whom it is shared with by suspended user. | Visible to the ones whom it is shared with by suspended user. |
| Sites | Visible to the ones whom it is shared with by suspended user. | Visible to the ones whom it is shared with by suspended user. |
| Calendar Events | Stay unless an admin transfer | Stay unless an admin transfer |
| Restore | Suspended Users can be reactivated | Archived Users can be Unarchived |
| Visible in Contacts Directory | No | No |
| License Management via Directory Sync | Yes | No |
Assign Archive License to Individual Users
In this section, let us explore ways to assign G Suite Archive License SKU to our users including 1:1 and bulk assignment.
Assign G Suite Archive License
There are a few ways to assign (and unassign) archive user license sku to users, I will cover all of them in this section-:
- Assign Archive User License to individual users.
- Assign Archive User license to users in bulk (via CSV).
- Assign Archive User license to via API.
Note -: At the time of writing this guide, Google does not provide a way to assign archive licenses via Google Cloud Directory Sync (GCDS), however I will update this post whenever/if that happens.
Assign G Suite Archive User License to individual users.
Assuming you have already procured archive user SKU, let me show you how you can assign to the required user right from G Suite Admin Console-:
To Archive a G Suite -:
1. Login to G Suite Admin Console
2. Go to Users
3. Click on “More” in front of the user whom you want to archive (as shown in the screenshot below)
4. From the options, select “Archive User” as shown in the screenshot below.
- Google will tell you a bit about the impact of assigning G Suite archiving license, Click “Archive” if you are ok with it.
- You would see a small confirmation message at the bottom saying “Username has been archived” as you see in the screennshot below.
- Now if you look at the user license assignment card, you would see that the user has been assigned a G Suite Enterprise (or Business) Archived User license.
UnArchive G Suite user
- To unarchive the user, simply go to the required user’s page in G Suite Admin console, and from the “More” menu, select “Unarchive User” as shown in the screenshot below.
2. Gogole will now show you the pop-up mentioning what would happen once you unarchivethe user, read through it, and if satisfied, click on “Unarchive”.
3. Now you will see a confirmation message at the bottom of the screen saying “Username has been unarchived”.
Assign Archive License to multiple Users
In this section, let us explore way to archive (and unarchivd) multiple G Suite users at once via uploading a csv file.
Assign G Suite Archive User License to multiple users via CSV file.
- if you have more than a users to archive, it would be painful to do it one by one, fortunately Google provides flexibility to assign Archive license to multiple users at once via CSV file.
- Let me show you how you can create the required CSV file and bulk archive required G Suite users.
Step 1 – Prepare the CSV File
- All you need in your CSV file is two columns named-:
(i) Email Address
(ii) New Status1. Column 1 – Email Address should have user’s Primary Email Address (Alias email would also work, but better to put primary).
2. Column 2 – New Status should be archived
Here is how your sample csv would look (You can also make a copy of this sample Google sheet to save some time-:
| Email Address | New Status |
|---|---|
| usertoarchive1@yourdomain.com | Archived |
| usertoarchive2@yourdomain.com | Archived |
| usertoarchive3@yourdomain.com | Archived |
| usertoarchive4@yourdomain.com | Archived |
| usertoarchive5@yourdomain.com | Archived |
Now let us upload this csv file in G Suite Admin console to apply archive license SKU.
1. Login to G Suite Admin Console and Go to Users
2. Click on “Bulk Upload Users” as shown in the screenshot below.
3. Attach your csv file as explained above, you can also use this Google sheet Archive User CSV template.
— Once you attach your archive user file, click on upload.
4. You will now see the progress in “Your Tasks” as you see in the screenshot below.
— Depending on the number of users in your archive user csv file, it may take a few seconds to minutes, and once complete, Google will show you the result (e.g success or error) along with option to download the log file.
UnArchive multiple G Suite users via CSV file.
Create CSV file-:
You CSV file should have two columns-:
Column 1 – Email Address – this should contain user’s primary email id.
Column 2 – New Status (this should contain the word Active).
Your final CSV will look like the following one-:
| Email Address | New Status |
|---|---|
| usertoarchive1@yourdomain.com | Active |
| usertoarchive2@yourdomain.com | Active |
| usertoarchive3@yourdomain.com | Active |
| usertoarchive4@yourdomain.com | Active |
| usertoarchive5@yourdomain.com | Active |
Now follow the same process as we followed while archiving the users (e.g upload this csv file in G Suite Admin console –> Users . –> Upload bulk users –> attach your csv.
If everything goes fine, you would see the success message in the tasks (as shown here), and all your users in csv will be unarchived.
Automatically archive users based on Org Unit membership
Automatically assign G Suite Archive User license based on Org Unit membership
You might be familiar with automatic license assignment feature in G Suite, all you have to do there is to select your organization unit and assign a specific license.
Then onwards, once a new user is either created or moved in that Org Unit, Google will automatically assign license to him/her.
Above feature is great, but unfortunately it does not work with “G Suite Archive User SKU” :(.
However, we can leverage Google Apps Script to automate it, essentially our workflow will look like this-:
1. Get a list of all the users in our required Org Unit (e.g Archived_Users).
2. Search for unarchived users in this list.
3. Archive all users who are active.
4. Create a trigger (cron job) to run a function which does #1,2 and 3.
Here is a flow diagram to understand it better-:
function archiveUsers() {
// Get All users from Archived_Users Org. Unit, Please change the org unit path to yours.
var pageToken;
do {
var page = AdminDirectory.Users.list({
customer: "my_customer",
query: 'orgUnitPath=/Archived_Users',
maxResults: 100,
pageToken: pageToken
})
var archiveOuUsers = page.users
// Find the users who are not yet archived
for (i = 0; i < archiveOuUsers.length; i++) {
if (archiveOuUsers[i].archived == false) {
var userToBeArchived = archiveOuUsers[i].primaryEmail
// Archive the users who are still active.
try {
var archivalStatus = AdminDirectory.Users.patch({
archived: true
}, userToBeArchived)
} catch (e) {
Logger.log(e.message)
}
}
}
pageToken = page.nextPageToken;
// Run the script till the time we have next set of users available as per pakeToken
} while (pageToken);
}
G Suite Archive User SKU - FAQs
Here am listing some of the frequently asked questions about G Suite Archive User SKU, if you have any question, please comment in the bottom, and I will add it (along with the answer) to FAQs.
FAQ
Most frequent questions and answers about G Suite Archive User License SKU
As of today, Google does not provide option to assign (or unassign) G Suite Archive license via Google Cloud Directory Sync (GCDS).
However, You may consider following as a prospective solution for now-:
- Exclude your “Archived_Users” Org Unit from GCDS.
- Create a cron job which calls Directory API to list users in your Archive_Users Org Unit.
- Search within this list to find users who are still active.
- Make a patch API call with archived=true to archive these active users.
Please watch the video above where I show how you can exactly do that with Google Apps Script (I have provided the script as well for you to copy and use).
It is not, and unless am missing something, it does not make sense either.
Why would you create a user with archive state?
You can only assign G Suite Archive User license to an active G Suite Business OR G Suite Enterprise user.
It depends.
If the concerned user is part of an Organizational Unit which has automated license assignment turned on, then yes, license will be assigned automatically upon unarchiving the user, otherwise not.
Your requirement -: Our user has left, we have assigned him G Suite archive license, but we want to migrate his data to some other G Suite user in our domain, how can do that?
You can do that, but let me explain it a bit.
IMAP stops working (even if it is enabled) for archived user, so to migrate archived user’s data, you have 2 options-:
1. Migration Option One-:
(i) Change user’s password.
(ii) Migrate the data via data migration service (available within Google admin console for free or other migration services offered by Google)
(iii) Assign Archive user license once migration in completed.
2. Migration Option Two-:
(i) Assign Archive User License
(ii) Use any 3rd party migration tool which migrates via GMAIL API instead of IMAP, prominent ones are Migrationwiz and Cloudmigrator.
Detailed Question asked in Ok Goldy FB group-:
I would like to know what is the difference between VFE (Vault Former Employee) license and G Suite Archive User (AU) license apart from the point that AU costs the company.
Like what more does AU offers which VFE doesn’t? Anything special in terms of vault retention and auditing?
Also, when we migrate a user from VFE to AU, what are the changes we see?
Answer -:
I think VFE was more like an adjustment, but AU is a well planned SKU.
AU allows you to do a bit more, like running DLP scans which you can’t do with VFE.
No difference between the retention policies as they are still controlled by Vault on both.
You would need to manually assign AU licenses to users when migrating from VFE, though AU can’t be handled with Directory Sync for now, but Directory API has a property called isArchived = true or false which you can leverage to do this in bulk (script is provided in this post above).
VFE would also be going away, and AU would be streamlined to manage leaving users data, so it can also be considered as an upgraded version of VFE.
Yes.
I tested this, I SSHed into my GCP linux instance, and then archived this G Suite user, in less than couple of minutes I lost connection to the instance.
I started seeing this message then and couldn’t reconnect to the instance-:
Transferring SSH keys to the VM.
The key transfer to project metadata is taking an unusually long time. Transferring instead to instance metadata may be faster, but will transfer the keys only to this VM. If you wish to SSH into other VMs from this VM, you will need to transfer the keys accordingly.
Click here to transfer the key to instance metadata. Note that this setting is persistent and needs to be disabled in the Instance Details page once enabled.
You can drastically improve your key transfer times by migrating to OS Login.
Also, ideally I think recommendation would be leverage os login to give ssh
Ask it in the comments below, and I would try to answer it (if i can) as soon as I get time.
RECOMMENDED READING
Definitive guide to learn everything about Google Vault, and leverage it to retain, search, investigate and export data.
Do you want to unassign any G Suite license in bulk? use this simple and readymade Google Apps script
Learn about this new subscription from Google which makes it super easy to use G Suite for your team.
8 thoughts on “The Definitive Guide to G Suite Archive User License”
Why can’t we assign an AU license to a former Basic G Suite SKU user ?
Google only offers G Suite Archive User license for G Suite business and Enterprise users, so you would get an error when applying archive license to G Suite basic user.
A work-around is to first apply G Suite business plan to this basic user, and then archive him/her.
Always amazing content Goldy.
Thank you Heather, glad you liked it, hope you are doing good:).
Thanks for putting this together – found it after stumbling upon the archive feature for one of my client’s accounts, and was looking for a way to enable it for our own account (as the reseller) – this helped! 🙂
Your welcome, glad you found this G Suite Archive user guide helpful.
I would like to know what is the difference between VFE (Vault Former Employee) license and AU (Archived User) license apart from the point that AU costs the company. Like what more does AU offers which VFE doesn’t? Anything special in terms of vault retention and auditing? When we migrate a user from VFE to AU, what are the changes we see?
This is a very good question, I have added it in the FAQ section along with my understanding of the difference between VFE and AU.