In this article, we will explore how automatically suspend inactive users in Google Workspace. Suspending inactive users is an important step in maintaining the security, compliance, and cost-effectiveness of your Google Workspace environment. In your massive corporate user list, it's not uncommon to find "zombie" user accounts once a while. You may not remember who they are and why they aren't active. These inactive user accounts exposes your IT administration in risk.

Definition of Inactive User
An Inactive User in this article is a user who didn't sign in for a set amount of time, e.g. 30 days. It's a concept from this article, not from Google. Not to confuse with Admin Console's user status, which is one of 3 states, Active, Suspended and Archived.
Inactive Users in G Suite
Inactive Users in Google Workspace

Google automatically signed any Google Workspace user out of Google service after two weeks, aka control session length, that more or less protects your organization's data. In Google Workspace Business, Enterprise, Education and Cloud Identity Premium tiers, the control session length is configurable from 1 hr to 30 days or never expires, see Set session length for Google services.

Google session control in Admin Console > Security
Google session control in Admin Console > Security

Having that said, this article's main focus is beyond the session control:

  • On one hand, these inactive users is a security concern. Although the sessions expire, those inactive users are still accessible with correct login credentials. If the user left the company and the account associated was not terminated, the corporate data is at risk.
  • On the other hand, taking care of these inactive user accounts is manual and time consuming. You have no time to track and clear these zombie accounts. Deleting hundreds or thousands inactive accounts manually is not fun.
Foresight, an automation building tool for Google Workspace, has the capability to address this IT security issue.


In this demo, we create an automation rule that watches inactive users whose last login time is exact 30 days ago. For example, if today is 2020/09/01 then any users who most recently signed in at 2020/08/02 will be suspended. The rule also appends an Email action so you receive an email notification for such change.


The automation rule is easy to build. Follow these steps,

  1. Sign into Foresight.
  2. Go to Rules.
  3. Click new rule button button at the bottom right to initiate a new automation rule.
  4. In the Select a trigger page, click the User turned inactive trigger.
  5. Click Sign in with Google button to grant Foresight permission to connect with your Google service. You also need to be an admin role that have privileges to manage users.
  6. In Inactivity timeout field, input the days after which users are regarded as inactive. 30 days? 60 days? 6 months? It's up to you.
  7. Click NEXT.
  8. In the Select an action page, click the Suspend user action.
  9. Now click on Primary email field, to populate the variable menu. Select User Primary Email variable. This variable is the primary email of inactive user passed from the User turned inactive trigger.
  10. Click ADD NEXT ACTION and select Email action and Create a body for your email. Also, select the Add variable option [v icon] and embed the User CSV Download Link. Click Review.
  11. Now, Foresight is actively watching your user directory and automatically suspends inactive users for you.


  • You may not immediately see any notifications from Foresight because there were no one who signed in exactly 60 days ago. But someone signed in 29 days ago will trigger the rule tomorrow if s/he still does not sign in by then.
  • Those users who already passed the inactivity timeout before you set up the rule will never trigger the rule. In another words, if you set the timeout as 60 days, users who last signed in at 61 days ago or 75 days ago would never knock the door.
  • Ensure inactivity timeout is longer than session length. That a user signed in 1 month ago does not mean s/he was not using Google services, if you set the session length as never expire.
  • Another use case: Automatically delete inactive users. If you intend to delete inactive users instead, replace the Suspend user action with a Delete user action. The configuration remains the same.
    Delete user action in Foresight
  • Suspend existing inactive users whose last sign-in time is more than X days. Since Foresight version 4.1.0, we added an Also include existing inactive users (not recommended) option in User turned inactive to accommodate this. The downsize is those existing inactive users will be reported and trigger every day if they are not suspended or deleted.

What's more?

This is one of many time-saving techniques Foresight help you with. You may also like Suspend Google Workspace users by Schedule, Delete Google Workspace Users By Schedule or Automated Welcome Email to Google Workspace New Users.

Try a 14-day free trial with Foresight and manage your tasks.