The Suspension Gate: Why IT Support Can't Run Migrations on Active Accounts
Before an IT support user can migrate or transfer data in MonitorWorkspace, the account must be suspended. Here's why that's a governance feature, not a limitation.
When an employee leaves, the offboarding sequence matters. You need to transfer their email, export their chat, clean up their groups, and eventually delete the account. If you do that while the account is still active, you're moving a target that's still in motion.
MonitorWorkspace enforces a specific gate for IT Support role users: the Delete Prep panel — migration and transfer controls — is only accessible for accounts that are already suspended.
If the account is active, the panel doesn't render. Instead, the IT Support user sees a message: Suspend the account first, with a direct link to Google Admin Console. There's nothing to click past. The gate is real.
Why Active Accounts During Migration Are a Problem
An active account during a data migration can produce incomplete transfers, missed messages, and a moving snapshot instead of a clean cutoff.
More practically: if a user still has active sessions when you start migrating their data, they can send email during the transfer window. Those messages may not be captured, depending on timing. If they're accessing Drive files during an export, you get a partial state.
Suspension closes all active sessions, invalidates tokens, and prevents new logins. The account is dormant. What you transfer is what exists — completely, at that point in time.
Admin and owner roles bypass this gate. They see Delete Prep regardless of whether the account is suspended or active, because they have the judgment and the permissions to handle edge cases. The gate applies specifically to IT Support.
The Two-Step Workflow This Creates
The suspension gate enforces a clean handoff between two systems: Google Admin Console and MonitorWorkspace.
Step one happens in Google Admin Console: suspend the account. This requires a deliberate action in Google's interface — finding the user and suspending them. It's not automated, and it shouldn't be. Suspension is a significant action that needs a human decision.
Step two happens in MonitorWorkspace: the IT Support user navigates to the suspended user's profile, opens Delete Prep, configures the migration, and submits a request for owner approval.
The gate means step two literally cannot happen before step one. An IT Support user cannot accidentally start migrating an account that's still active, even under time pressure.
The Approval Layer
IT Support users don't execute migrations directly — they submit requests. The account owner sees the request in a Pending Approvals panel on the Transfers page: who requested it, which account, where the data is going, what options were configured.
The owner approves or denies and can add a reviewer note. The IT Support user gets an email with the outcome — including the reviewer note if the request was denied.
The full sequence for an IT Support-initiated offboarding:
- Suspend the account in Google Admin Console
- Navigate to the suspended user's profile in MonitorWorkspace
- Open Delete Prep (now accessible for IT Support)
- Configure the migration
- Submit for approval
- Owner reviews and approves
- Transfer runs
Each step is deliberate. Each step is logged. The audit trail includes both the suspension event from Google's logs and the migration request from MonitorWorkspace's audit log — two linked records of the same offboarding event.
What Gets Logged
Three audit events cover the IT Support offboarding workflow:
| Event | Triggered by |
|---|---|
MBR_ROLE_CHANGE | Owner assigns the IT Support role |
TRANSFER_REQ_SUBMIT | IT Support submits a migration request |
TRANSFER_REQ_REVIEW | Owner approves or denies the request |
These entries are audit-logged with actor email, timestamp, and entity — queryable alongside the rest of your org's audit history.
The Part That Surprised Us
We originally considered making the suspension requirement an informational warning — show a banner, let the IT Support user proceed if they acknowledged it.
We decided against it. A warning that can be bypassed is training people to click through warnings. The whole point of scoped access is that the boundaries are real. A soft gate is not a gate.
The stronger position — don't render the panel, period, for active accounts — turned out to be cleaner UX as well. There's no ambiguity. You either see the Delete Prep controls or you see the instruction to suspend first. No grayed-out buttons, no tooltip to read, no checkbox to acknowledge. The interface matches the intended workflow exactly.
What This Means for Offboarding
Data migrations during offboarding happen under time pressure. People want accounts cleaned up quickly. Time pressure is exactly when shortcuts get taken and steps get skipped.
Building the suspension check into the UI removes one of those shortcuts — not through policy or training, but through the interface itself. The workflow enforces the right sequence automatically.
This is one of the access patterns available to the IT Support role in MonitorWorkspace. See the full overview: How to Give Your Helpdesk the Right Level of Google Workspace Access.