This feature is ideal where Admins want to delegate the audit function to local managers or regional security personnel. GAT+ allows anyone to audit any range of users based on the model of Google Groups, Google Classrooms, and Org Units. It does not require passing on Google Admin authority. Selected auditors can be an individual user, group or Org Unit. This allows you to have multiple auditors for a specified scope.
This process is documented in this Youtube video.
To Enable Audit Delegation, go to the GAT+ on the side menu enter the section called Delegated Auditors.
Click on ‘Add new auditor’.
Now, set up the delegated auditors and give them scope.
For the above example, I just selected the product GAT+, choose one auditor Enrique and give him scope over the Sales team, choose the Valid time – until the access is granted or Indefinite expiration period(valid until the Admin revoke the access), then Save.
Note: Once the delegation is completed, the delegated auditors when they launch GAT+ will be able to run reports and audits similar to a super admin but only for the scope they’ve been given.
You can verify the scope the auditor has by logging into GAT+ as them, you will see exactly what an auditor will see.
Once the Delegated auditor is logged in they will have access to all Audit section of the tool as well as Security officer and Alarms from Configuration tab.
The Delegated auditor can use the Unlock feature for Email delegation and accessing files, by requesting access to the Security officer.
There are some limitations for Delegated auditors, based on the scope given.
In Email section the Delegated auditor has access to Email, Email Content Search, User statisics, External From/To and Sender/Receiver tab.
The Drive audit has File, File content search, Shared drives, Events and Folder tree tab.