Skip to main content

Hello, curious if there is a way other districts handle this.

I have an audit setup for our checked out 1:1 student Chromebooks that looks for most recent user matching owner. The trouble being, when a student changes their name they get get a new email address to match the new name and their old email becomes an alias in Google (it still is all under the same profile in Google technically). This means IIQ now has a new email for them in their profile.

The issue I am seeing is the audit fails because it still sees them using their old email as most recent user (which IIQ does not tie into the existing profile that now has a new email).

Outside of having students remove old profiles from a ChromeBook and sign in under their new primary email are there any other solutions?

@BNeal 9839ec5 bisd303 Thank you for submitting your question to our community! 😄 

Interesting!! I would have assumed the devices would pass since the emails are tied to the same user. Do y’all sync with your SSO/MDM each night? 


Sorry for the delay, we do, but the problem is the old username/email becomes an alias in Google and their new name/username becomes primary which is what IIQ sees in the sync.

For example, Test Student has an email of teststudent123@email.org. They change their name to Test1 Student and their email in Google changes to test1student@email.org, teststudent123 becomes an alias. If they don’t remove/re-sign in to the Chromebook with the new email IIQ will continue to see a mismatch.


@BNeal 9839ec5 bisd303 Good afternoon! This is a really great question and I just wanted to provide some clarification on the cause of this issue from the apps and integrations team here in support. Currently this issue stems from how Googles audit logs function. When a users email changes, google treats the old and new addresses as part of the same profile as you mentioned, however historical login records are immutable. So each log entry will keep the same email value at the time the login occurred.

Since IIQ reads those records directly from the Google API, the system continues to see the old email for any logins that happened before the rename. The only way to get the data aligned again is for the student to sign back in using their new primary email, which generates fresh audit data under that address.

Right now, I suggest configuring your Google workspace to force users to re-authenticate after a rename or email update. Then update your Audit configuration in IIQ to allow more time for the users to login after the change. I understand this may not be ideal and I do apologize for any inconvenience this may cause you and your team.

That said, I know our product team and I would love to hear about any ideas for handling historical logins anyone may have in mind. Like potentially adding an option to allow matching verifications on google userID instead of user email. Please feel free to leave your feedback on our Idea exchange with the URL below!

https://community.incidentiq.com/topic/new?type=idea