This document lists the events and parameters for
Security Settings
Admin Audit activity events. You can retrieve these events by
calling Activities.list()
with applicationName=admin.
Security Settings
Events of this type are returned with type=SECURITY_SETTINGS.
(Context-aware access) Access level assignment changed for an app
| Event details |
| Event name |
CHANGE_CAA_APP_ASSIGNMENTS |
| Parameters |
APPLICATION_NAME |
string
The application's name.
|
CAA_ASSIGNMENTS_NEW |
string
CAA assignments new.
|
CAA_ASSIGNMENTS_OLD |
string
CAA assignments old.
|
CAA_ENFORCEMENT_ENDPOINTS_NEW |
string
CAA enforcement endpoints new.
Possible values:
CAA_WEB_VERSION
CAA enforcement endpoints value type - web version.CAA_WEB_VERSION_AND_1P_OAUTH_CLIENTS
CAA enforcement endpoints value type - web version and 1p oauth clients.CAA_WEB_VERSION_AND_1P_OAUTH_CLIENTS_AND_APIS
CAA enforcement endpoints value type - web version and 1p oauth clients and APIs (without exemptions).CAA_WEB_VERSION_AND_1P_OAUTH_CLIENTS_AND_APIS_WITH_EXEMPTION
CAA enforcement endpoints value type - web version and 1p oauth clients and APIs (with exemptions).CAA_WEB_VERSION_AND_APIS
CAA enforcement endpoints value type - web version and APIs (without exemptions).CAA_WEB_VERSION_AND_APIS_WITH_EXEMPTION
CAA enforcement endpoints value type - web version and APIs (with exemptions).WEB_APP
CAA enforcement endpoint type - web app.WEB_APP_AND_1P_OAUTH_CLIENTS
CAA enforcement endpoint type - web app and 1p oauth clients.
|
CAA_ENFORCEMENT_ENDPOINTS_OLD |
string
CAA enforcement endpoints old.
Possible values:
CAA_WEB_VERSION
CAA enforcement endpoints value type - web version.CAA_WEB_VERSION_AND_1P_OAUTH_CLIENTS
CAA enforcement endpoints value type - web version and 1p oauth clients.CAA_WEB_VERSION_AND_1P_OAUTH_CLIENTS_AND_APIS
CAA enforcement endpoints value type - web version and 1p oauth clients and APIs (without exemptions).CAA_WEB_VERSION_AND_1P_OAUTH_CLIENTS_AND_APIS_WITH_EXEMPTION
CAA enforcement endpoints value type - web version and 1p oauth clients and APIs (with exemptions).CAA_WEB_VERSION_AND_APIS
CAA enforcement endpoints value type - web version and APIs (without exemptions).CAA_WEB_VERSION_AND_APIS_WITH_EXEMPTION
CAA enforcement endpoints value type - web version and APIs (with exemptions).WEB_APP
CAA enforcement endpoint type - web app.WEB_APP_AND_1P_OAUTH_CLIENTS
CAA enforcement endpoint type - web app and 1p oauth clients.
|
GROUP_NAME |
string
Group Name.
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
TARGET_ENTITY_NAME |
string
CAA Target Entity name.
|
TARGET_ENTITY_TYPE |
string
CAA Target Entity type.
Possible values:
GROUP
A distribution entity label for a Google group.ORG_UNIT
A distribution entity label for an organizational unit.
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=CHANGE_CAA_APP_ASSIGNMENTS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
For {TARGET_ENTITY_TYPE} [{TARGET_ENTITY_NAME}]:Before:Access level [{CAA_ASSIGNMENTS_OLD}] applied to [{CAA_ENFORCEMENT_ENDPOINTS_OLD}] of [{APPLICATION_NAME}].After:Access level [{CAA_ASSIGNMENTS_NEW}] applied to [{CAA_ENFORCEMENT_ENDPOINTS_NEW}] of [{APPLICATION_NAME}]. |
All access to unconfigured third-party apps blocked for users under 18
All third party API access blocked for users under 18.
| Event details |
| Event name |
UNDERAGE_BLOCK_ALL_THIRD_PARTY_API_ACCESS |
| Parameters |
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=UNDERAGE_BLOCK_ALL_THIRD_PARTY_API_ACCESS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
All access to unconfigured third-party apps blocked for users under 18 for {ORG_UNIT_NAME}
|
All third party API access blocked
| Event details |
| Event name |
BLOCK_ALL_THIRD_PARTY_API_ACCESS |
| Parameters |
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=BLOCK_ALL_THIRD_PARTY_API_ACCESS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
All third party API Access blocked
|
All third party API access unblocked
| Event details |
| Event name |
UNBLOCK_ALL_THIRD_PARTY_API_ACCESS |
| Parameters |
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=UNBLOCK_ALL_THIRD_PARTY_API_ACCESS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
All third party API Access unblocked
|
Allow 2-Step Verification
| Event details |
| Event name |
ALLOW_STRONG_AUTHENTICATION |
| Parameters |
DOMAIN_NAME |
string
The primary domain name.
|
NEW_VALUE |
string
The new SETTING_NAME value that was set during this event.
|
OLD_VALUE |
string
The previous SETTING_NAME value that was replaced during this event.
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=ALLOW_STRONG_AUTHENTICATION&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
Allow 2-Step Verification has been set from {OLD_VALUE} to {NEW_VALUE} for {DOMAIN_NAME}
|
Allow Google Sign-in only access to unconfigured third-party apps for users under 18
Allow Google Sign-in only third party API access for users under 18.
| Event details |
| Event name |
UNDERAGE_SIGN_IN_ONLY_THIRD_PARTY_API_ACCESS |
| Parameters |
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=UNDERAGE_SIGN_IN_ONLY_THIRD_PARTY_API_ACCESS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
Allow Google Sign-in only access to unconfigured third-party apps for users under 18 for {ORG_UNIT_NAME}
|
Allow Google Sign-in only third party API access
| Event details |
| Event name |
SIGN_IN_ONLY_THIRD_PARTY_API_ACCESS |
| Parameters |
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=SIGN_IN_ONLY_THIRD_PARTY_API_ACCESS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
Allow Google Sign-in only third party API access
|
API Access Allowed
| Event details |
| Event name |
ALLOW_SERVICE_FOR_OAUTH2_ACCESS |
| Parameters |
OAUTH2_SERVICE_NAME |
string
OAuth2 service name.
Possible values:
APPS_SCRIPT
Apps Script Service name.APPS_SCRIPT_RUNTIMECALENDARCLASSROOM
Classroom service.CLOUD_BILLINGCLOUD_MACHINE_LEARNINGCLOUD_PLATFORMCLOUD_SEARCH
Cloud search service.CONTACTSDRIVEDRIVE_HIGH_RISKGMAILGMAIL_HIGH_RISKGROUPS
Groups service.GSUITE_ADMINTASKS
Tasks service.VAULT
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=ALLOW_SERVICE_FOR_OAUTH2_ACCESS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
{OAUTH2_SERVICE_NAME} API Access is allowed for {ORG_UNIT_NAME}
|
API Access Blocked
| Event details |
| Event name |
DISALLOW_SERVICE_FOR_OAUTH2_ACCESS |
| Parameters |
OAUTH2_SERVICE_NAME |
string
OAuth2 service name.
Possible values:
APPS_SCRIPT
Apps Script Service name.APPS_SCRIPT_RUNTIMECALENDARCLASSROOM
Classroom service.CLOUD_BILLINGCLOUD_MACHINE_LEARNINGCLOUD_PLATFORMCLOUD_SEARCH
Cloud search service.CONTACTSDRIVEDRIVE_HIGH_RISKGMAILGMAIL_HIGH_RISKGROUPS
Groups service.GSUITE_ADMINTASKS
Tasks service.VAULT
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=DISALLOW_SERVICE_FOR_OAUTH2_ACCESS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
{OAUTH2_SERVICE_NAME} API Access is blocked for {ORG_UNIT_NAME}
|
app access settings collection id change.
| Event details |
| Event name |
CHANGE_APP_ACCESS_SETTINGS_COLLECTION_ID |
| Parameters |
DOMAIN_NAME |
string
The primary domain name.
|
NEW_VALUE |
string
The new SETTING_NAME value that was set during this event.
|
OLD_VALUE |
string
The previous SETTING_NAME value that was replaced during this event.
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
SETTING_NAME |
string
The unique name (ID) of the setting that was changed.
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=CHANGE_APP_ACCESS_SETTINGS_COLLECTION_ID&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
App Access Settings Collection for the org unit {ORG_UNIT_NAME} has changed from {OLD_VALUE} to {NEW_VALUE}
|
App added to Blocked list
| Event details |
| Event name |
ADD_TO_BLOCKED_OAUTH2_APPS |
| Parameters |
OAUTH2_APP_ID |
string
OAuth2 application ID.
|
OAUTH2_APP_NAME |
string
Name of service.
|
OAUTH2_APP_TYPE |
string
OAuth2 application type.
Possible values:
ANDROIDCHROME_EXTENSIONIOSOAUTH2_CLIENT
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=ADD_TO_BLOCKED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
{OAUTH2_APP_NAME} added to Blocked list for {ORG_UNIT_NAME}
|
App added to Limited list
| Event details |
| Event name |
ADD_TO_LIMITED_OAUTH2_APPS |
| Parameters |
OAUTH2_APP_ID |
string
OAuth2 application ID.
|
OAUTH2_APP_NAME |
string
Name of service.
|
OAUTH2_APP_TYPE |
string
OAuth2 application type.
Possible values:
ANDROIDCHROME_EXTENSIONIOSOAUTH2_CLIENT
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=ADD_TO_LIMITED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
{OAUTH2_APP_NAME} added to Limited list for {ORG_UNIT_NAME}
|
App no longer trusted
| Event details |
| Event name |
REMOVE_FROM_TRUSTED_OAUTH2_APPS |
| Parameters |
OAUTH2_APP_ID |
string
OAuth2 application ID.
|
OAUTH2_APP_NAME |
string
Name of service.
|
OAUTH2_APP_TYPE |
string
OAuth2 application type.
Possible values:
ANDROIDCHROME_EXTENSIONIOSOAUTH2_CLIENT
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=REMOVE_FROM_TRUSTED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
{OAUTH2_APP_NAME} no longer trusted for {ORG_UNIT_NAME}
|
App removed from Blocked list
| Event details |
| Event name |
REMOVE_FROM_BLOCKED_OAUTH2_APPS |
| Parameters |
OAUTH2_APP_ID |
string
OAuth2 application ID.
|
OAUTH2_APP_NAME |
string
Name of service.
|
OAUTH2_APP_TYPE |
string
OAuth2 application type.
Possible values:
ANDROIDCHROME_EXTENSIONIOSOAUTH2_CLIENT
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=REMOVE_FROM_BLOCKED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
{OAUTH2_APP_NAME} removed from Blocked list for {ORG_UNIT_NAME}
|
App removed from Limited list
| Event details |
| Event name |
REMOVE_FROM_LIMITED_OAUTH2_APPS |
| Parameters |
OAUTH2_APP_ID |
string
OAuth2 application ID.
|
OAUTH2_APP_NAME |
string
Name of service.
|
OAUTH2_APP_TYPE |
string
OAuth2 application type.
Possible values:
ANDROIDCHROME_EXTENSIONIOSOAUTH2_CLIENT
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=REMOVE_FROM_LIMITED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
{OAUTH2_APP_NAME} removed from Limited list for {ORG_UNIT_NAME}
|
App trusted
| Event details |
| Event name |
ADD_TO_TRUSTED_OAUTH2_APPS |
| Parameters |
OAUTH2_APP_ID |
string
OAuth2 application ID.
|
OAUTH2_APP_NAME |
string
Name of service.
|
OAUTH2_APP_TYPE |
string
OAuth2 application type.
Possible values:
ANDROIDCHROME_EXTENSIONIOSOAUTH2_CLIENT
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=ADD_TO_TRUSTED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
{OAUTH2_APP_NAME} trusted for {ORG_UNIT_NAME}
|
Apps added to Blocked list
| Event details |
| Event name |
MULTIPLE_ADD_TO_BLOCKED_OAUTH2_APPS |
| Parameters |
OAUTH2_NUM_APPS |
integer
Number of OAuth2 apps.
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=MULTIPLE_ADD_TO_BLOCKED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
{OAUTH2_NUM_APPS} apps added to Blocked list for {ORG_UNIT_NAME}
|
Apps added to Limited list
| Event details |
| Event name |
MULTIPLE_ADD_TO_LIMITED_OAUTH2_APPS |
| Parameters |
OAUTH2_NUM_APPS |
integer
Number of OAuth2 apps.
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=MULTIPLE_ADD_TO_LIMITED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
{OAUTH2_NUM_APPS} apps added to Limited list for {ORG_UNIT_NAME}
|
Apps added to Trusted list
| Event details |
| Event name |
MULTIPLE_ADD_TO_TRUSTED_OAUTH2_APPS |
| Parameters |
OAUTH2_NUM_APPS |
integer
Number of OAuth2 apps.
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=MULTIPLE_ADD_TO_TRUSTED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
{OAUTH2_NUM_APPS} apps added to Trusted list for {ORG_UNIT_NAME}
|
Apps lists bulk upload
| Event details |
| Event name |
OAUTH_APPS_BULK_UPLOAD |
| Parameters |
BULK_UPLOAD_SUCCESS_OAUTH_APPS_NUMBER |
string
Bulk upload successful oauth app number.
|
BULK_UPLOAD_TOTAL_OAUTH_APPS_NUMBER |
string
Bulk upload total oauth app number.
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=OAUTH_APPS_BULK_UPLOAD&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
{BULK_UPLOAD_SUCCESS_OAUTH_APPS_NUMBER} of {BULK_UPLOAD_TOTAL_OAUTH_APPS_NUMBER} rows successfully uploaded
|
Apps lists bulk upload notification
| Event details |
| Event name |
OAUTH_APPS_BULK_UPLOAD_NOTIFICATION_SENT |
| Parameters |
USER_EMAIL |
string
The user's primary email address.
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=OAUTH_APPS_BULK_UPLOAD_NOTIFICATION_SENT&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
Notification of bulk upload for apps list sent to {USER_EMAIL}
|
Block On Device Access
Summary message to display in the audit log when device access for OAuth2 apps is blocked.
| Event details |
| Event name |
BLOCK_ON_DEVICE_ACCESS |
| Parameters |
OAUTH2_SERVICE_NAME |
string
OAuth2 service name.
Possible values:
APPS_SCRIPT
Apps Script Service name.APPS_SCRIPT_RUNTIMECALENDARCLASSROOM
Classroom service.CLOUD_BILLINGCLOUD_MACHINE_LEARNINGCLOUD_PLATFORMCLOUD_SEARCH
Cloud search service.CONTACTSDRIVEDRIVE_HIGH_RISKGMAILGMAIL_HIGH_RISKGROUPS
Groups service.GSUITE_ADMINTASKS
Tasks service.VAULT
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=BLOCK_ON_DEVICE_ACCESS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
Block on device {OAUTH2_SERVICE_NAME} access for {ORG_UNIT_NAME}
|
Change 2-Step Verification Enrollment Period Duration
| Event details |
| Event name |
CHANGE_TWO_STEP_VERIFICATION_ENROLLMENT_PERIOD_DURATION |
| Parameters |
GROUP_EMAIL |
string
The group's primary email address.
|
NEW_VALUE |
string
The new SETTING_NAME value that was set during this event.
|
OLD_VALUE |
string
The previous SETTING_NAME value that was replaced during this event.
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=CHANGE_TWO_STEP_VERIFICATION_ENROLLMENT_PERIOD_DURATION&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
2-step verification enrollment period duration for {ORG_UNIT_NAME} changed from {OLD_VALUE} to {NEW_VALUE}
|
Change 2-Step Verification Frequency
| Event details |
| Event name |
CHANGE_TWO_STEP_VERIFICATION_FREQUENCY |
| Parameters |
GROUP_EMAIL |
string
The group's primary email address.
|
NEW_VALUE |
string
The new SETTING_NAME value that was set during this event.
|
OLD_VALUE |
string
The previous SETTING_NAME value that was replaced during this event.
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=CHANGE_TWO_STEP_VERIFICATION_FREQUENCY&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
2-step verification frequency for {ORG_UNIT_NAME} changed from {OLD_VALUE} to {NEW_VALUE}
|
Change 2-Step Verification Grace Period Duration
| Event details |
| Event name |
CHANGE_TWO_STEP_VERIFICATION_GRACE_PERIOD_DURATION |
| Parameters |
GROUP_EMAIL |
string
The group's primary email address.
|
NEW_VALUE |
string
The new SETTING_NAME value that was set during this event.
|
OLD_VALUE |
string
The previous SETTING_NAME value that was replaced during this event.
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=CHANGE_TWO_STEP_VERIFICATION_GRACE_PERIOD_DURATION&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
2-step verification grace period duration for {ORG_UNIT_NAME} changed from {OLD_VALUE} to {NEW_VALUE}
|
Change 2-Step Verification Start Date
| Event details |
| Event name |
CHANGE_TWO_STEP_VERIFICATION_START_DATE |
| Parameters |
GROUP_EMAIL |
string
The group's primary email address.
|
NEW_VALUE |
string
The new SETTING_NAME value that was set during this event.
|
OLD_VALUE |
string
The previous SETTING_NAME value that was replaced during this event.
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=CHANGE_TWO_STEP_VERIFICATION_START_DATE&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
2-step verification start date has been changed from {OLD_VALUE} to {NEW_VALUE}
|
Change Allowed 2-step Verification Methods
| Event details |
| Event name |
CHANGE_ALLOWED_TWO_STEP_VERIFICATION_METHODS |
| Parameters |
ALLOWED_TWO_STEP_VERIFICATION_METHOD |
string
Allowed two-step verification method.
Possible values:
ANY
A label that targets any distribution.ONLY_SECURITY_KEY
|
GROUP_EMAIL |
string
The group's primary email address.
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=CHANGE_ALLOWED_TWO_STEP_VERIFICATION_METHODS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
2-step verification allowed 2-step verification methods for {ORG_UNIT_NAME} changed to {ALLOWED_TWO_STEP_VERIFICATION_METHOD}
|
Context Aware Access Enablement
| Event details |
| Event name |
TOGGLE_CAA_ENABLEMENT |
| Parameters |
NEW_VALUE |
string
The new SETTING_NAME value that was set during this event.
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=TOGGLE_CAA_ENABLEMENT&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
Context Aware Access has been {NEW_VALUE}.
|
Context Aware Access Error Message Change
| Event details |
| Event name |
CHANGE_CAA_ERROR_MESSAGE |
| Parameters |
NEW_VALUE |
string
The new SETTING_NAME value that was set during this event.
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=CHANGE_CAA_ERROR_MESSAGE&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
Error message has been changed to [{NEW_VALUE}]. (OrgUnit Name: {ORG_UNIT_NAME})
|
Domain Owned Apps not trusted
| Event details |
| Event name |
UNTRUST_DOMAIN_OWNED_OAUTH2_APPS |
| Parameters |
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=UNTRUST_DOMAIN_OWNED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
Domain Owned Apps removed from trusted list
|
Domain Owned Apps trusted
| Event details |
| Event name |
TRUST_DOMAIN_OWNED_OAUTH2_APPS |
| Parameters |
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=TRUST_DOMAIN_OWNED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
Domain Owned Apps added to trusted list
|
Enable Non-Admin User Password Recovery
| Event details |
| Event name |
ENABLE_NON_ADMIN_USER_PASSWORD_RECOVERY |
| Parameters |
GROUP_EMAIL |
string
The group's primary email address.
|
NEW_VALUE |
string
The new SETTING_NAME value that was set during this event.
|
OLD_VALUE |
string
The previous SETTING_NAME value that was replaced during this event.
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=ENABLE_NON_ADMIN_USER_PASSWORD_RECOVERY&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
Enable non-admin user password recovery setting in {ORG_UNIT_NAME} organization changed from {OLD_VALUE} to {NEW_VALUE}
|
Enforce 2-Step Verification
| Event details |
| Event name |
ENFORCE_STRONG_AUTHENTICATION |
| Parameters |
DOMAIN_NAME |
string
The primary domain name.
|
GROUP_EMAIL |
string
The group's primary email address.
|
NEW_VALUE |
string
The new SETTING_NAME value that was set during this event.
|
OLD_VALUE |
string
The previous SETTING_NAME value that was replaced during this event.
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
SETTING_NAME |
string
The unique name (ID) of the setting that was changed.
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=ENFORCE_STRONG_AUTHENTICATION&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
{SETTING_NAME} in security settings for your organization changed from {OLD_VALUE} to {NEW_VALUE}
|
Error message for restricted OAuth2 apps updated
Summary message to display in the audit log for Oauth2 scope management settings.
| Event details |
| Event name |
UPDATE_ERROR_MSG_FOR_RESTRICTED_OAUTH2_APPS |
| Parameters |
NEW_VALUE |
string
The new SETTING_NAME value that was set during this event.
|
OLD_VALUE |
string
The previous SETTING_NAME value that was replaced during this event.
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=UPDATE_ERROR_MSG_FOR_RESTRICTED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
Error message for restricted OAuth2 apps for your organization updated from {OLD_VALUE} to {NEW_VALUE}
|
Less Secure Apps Access setting changed
| Event details |
| Event name |
WEAK_PROGRAMMATIC_LOGIN_SETTINGS_CHANGED |
| Parameters |
GROUP_EMAIL |
string
The group's primary email address.
|
NEW_VALUE |
string
The new SETTING_NAME value that was set during this event.
|
OLD_VALUE |
string
The previous SETTING_NAME value that was replaced during this event.
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=WEAK_PROGRAMMATIC_LOGIN_SETTINGS_CHANGED&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
Setting changed for {ORG_UNIT_NAME} organization unit from {OLD_VALUE} to {NEW_VALUE}
|
Session Control Settings Change
Event name for change in session control settings.
| Event details |
| Event name |
SESSION_CONTROL_SETTINGS_CHANGE |
| Parameters |
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
REAUTH_APPLICATION |
string
Application for with reauthentication settings apply.
Possible values:
ADMIN_CONSOLE
Google admin console.CLOUD_ADMIN_TOOLS
Google cloud admin tools.
|
REAUTH_SETTING_NEW |
string
Old Session control settings.
Possible values:
INHERIT
Message to represent setting that inherits from its parent org unit.NEVER
Message to represent setting that never does reauthentication.
|
REAUTH_SETTING_OLD |
string
Old Session control settings.
Possible values:
INHERIT
Message to represent setting that inherits from its parent org unit.NEVER
Message to represent setting that never does reauthentication.
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=SESSION_CONTROL_SETTINGS_CHANGE&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
Session Control Settings updated for {REAUTH_APPLICATION} from {REAUTH_SETTING_OLD} to {REAUTH_SETTING_NEW}. (OrgUnit Name: {ORG_UNIT_NAME})
|
Session length changed
| Event details |
| Event name |
CHANGE_SESSION_LENGTH |
| Parameters |
NEW_VALUE |
string
The new SETTING_NAME value that was set during this event.
|
OLD_VALUE |
string
The previous SETTING_NAME value that was replaced during this event.
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=CHANGE_SESSION_LENGTH&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
Session length has been changed from {OLD_VALUE} to {NEW_VALUE}
|
Unblock on Device Access
Summary message to display in the audit log when device access for OAuth2 apps is unblocked.
| Event details |
| Event name |
UNBLOCK_ON_DEVICE_ACCESS |
| Parameters |
OAUTH2_SERVICE_NAME |
string
OAuth2 service name.
Possible values:
APPS_SCRIPT
Apps Script Service name.APPS_SCRIPT_RUNTIMECALENDARCLASSROOM
Classroom service.CLOUD_BILLINGCLOUD_MACHINE_LEARNINGCLOUD_PLATFORMCLOUD_SEARCH
Cloud search service.CONTACTSDRIVEDRIVE_HIGH_RISKGMAILGMAIL_HIGH_RISKGROUPS
Groups service.GSUITE_ADMINTASKS
Tasks service.VAULT
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=UNBLOCK_ON_DEVICE_ACCESS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
Unblock on device {OAUTH2_SERVICE_NAME} access for {ORG_UNIT_NAME}
|
