This document lists the events and parameters for
Security Settings
Admin Audit activity events. You can retrieve these events by
calling Activities.list()
with applicationName=admin
.
Security Settings
Events of this type are returned with type=SECURITY_SETTINGS
.
(Context-aware access) Access level assignment changed for an app
Event details |
Event name |
CHANGE_CAA_APP_ASSIGNMENTS |
Parameters |
APPLICATION_NAME |
string
The application's name.
|
CAA_ACCESS_ASSIGNMENTS_NEW |
string
CAA access levels new.
|
CAA_ACCESS_ASSIGNMENTS_OLD |
string
CAA access levels old.
|
CAA_ACCESS_LEVELS_NEW |
string
CAA access levels new.
|
CAA_ACCESS_LEVELS_OLD |
string
CAA access levels old.
|
CAA_ASSIGNMENTS_NEW |
string
CAA assignments new.
|
CAA_ASSIGNMENTS_OLD |
string
CAA assignments old.
|
CAA_ENFORCEMENT_ENDPOINTS_NEW |
string
CAA enforcement endpoints new.
Possible values:
CAA_WEB_VERSION CAA enforcement endpoints value type - web version.
CAA_WEB_VERSION_AND_1P_OAUTH_CLIENTS CAA enforcement endpoints value type - web version and 1p oauth clients.
CAA_WEB_VERSION_AND_1P_OAUTH_CLIENTS_AND_APIS CAA enforcement endpoints value type - web version and 1p oauth clients and APIs (without exemptions).
CAA_WEB_VERSION_AND_1P_OAUTH_CLIENTS_AND_APIS_WITH_EXEMPTION CAA enforcement endpoints value type - web version and 1p oauth clients and APIs (with exemptions).
CAA_WEB_VERSION_AND_APIS CAA enforcement endpoints value type - web version and APIs (without exemptions).
CAA_WEB_VERSION_AND_APIS_WITH_EXEMPTION CAA enforcement endpoints value type - web version and APIs (with exemptions).
WEB_APP CAA enforcement endpoint type - web app.
WEB_APP_AND_1P_OAUTH_CLIENTS CAA enforcement endpoint type - web app and 1p oauth clients.
|
CAA_ENFORCEMENT_ENDPOINTS_OLD |
string
CAA enforcement endpoints old.
Possible values:
CAA_WEB_VERSION CAA enforcement endpoints value type - web version.
CAA_WEB_VERSION_AND_1P_OAUTH_CLIENTS CAA enforcement endpoints value type - web version and 1p oauth clients.
CAA_WEB_VERSION_AND_1P_OAUTH_CLIENTS_AND_APIS CAA enforcement endpoints value type - web version and 1p oauth clients and APIs (without exemptions).
CAA_WEB_VERSION_AND_1P_OAUTH_CLIENTS_AND_APIS_WITH_EXEMPTION CAA enforcement endpoints value type - web version and 1p oauth clients and APIs (with exemptions).
CAA_WEB_VERSION_AND_APIS CAA enforcement endpoints value type - web version and APIs (without exemptions).
CAA_WEB_VERSION_AND_APIS_WITH_EXEMPTION CAA enforcement endpoints value type - web version and APIs (with exemptions).
WEB_APP CAA enforcement endpoint type - web app.
WEB_APP_AND_1P_OAUTH_CLIENTS CAA enforcement endpoint type - web app and 1p oauth clients.
|
GROUP_NAME |
string
Group Name.
|
MODE |
string
CAA Access Level Assignment mode.
Possible values:
ACTIVE CAA assignment mode - active.
MONITOR CAA assignment mode - monitor.
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
TARGET_ENTITY_NAME |
string
CAA Target Entity name.
|
TARGET_ENTITY_TYPE |
string
CAA Target Entity type.
Possible values:
GROUP A distribution entity label for a Google group.
ORG_UNIT A distribution entity label for an organizational unit.
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=CHANGE_CAA_APP_ASSIGNMENTS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
For {TARGET_ENTITY_TYPE} [{TARGET_ENTITY_NAME}]:
Before: Access level [{CAA_ACCESS_ASSIGNMENTS_OLD}] applied to {CAA_ENFORCEMENT_ENDPOINTS_OLD} of [{APPLICATION_NAME}] in [{MODE}] mode.
After: Access level [{CAA_ACCESS_ASSIGNMENTS_NEW}] applied to {CAA_ENFORCEMENT_ENDPOINTS_NEW} of [{APPLICATION_NAME}] in [{MODE}] mode. |
All access to unconfigured third-party apps blocked for users under 18
All third party API access blocked for users under 18.
Event details |
Event name |
UNDERAGE_BLOCK_ALL_THIRD_PARTY_API_ACCESS |
Parameters |
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=UNDERAGE_BLOCK_ALL_THIRD_PARTY_API_ACCESS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
All access to unconfigured third-party apps blocked for users under 18 for {ORG_UNIT_NAME}
|
All third party API access blocked
Event details |
Event name |
BLOCK_ALL_THIRD_PARTY_API_ACCESS |
Parameters |
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=BLOCK_ALL_THIRD_PARTY_API_ACCESS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
All third party API Access blocked
|
All third party API access unblocked
Event details |
Event name |
UNBLOCK_ALL_THIRD_PARTY_API_ACCESS |
Parameters |
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=UNBLOCK_ALL_THIRD_PARTY_API_ACCESS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
All third party API Access unblocked
|
Allow 2-Step Verification
Event details |
Event name |
ALLOW_STRONG_AUTHENTICATION |
Parameters |
DOMAIN_NAME |
string
The primary domain name.
|
NEW_VALUE |
string
The new SETTING_NAME value that was set during this event.
|
OLD_VALUE |
string
The previous SETTING_NAME value that was replaced during this event.
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=ALLOW_STRONG_AUTHENTICATION&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
Allow 2-Step Verification has been set from {OLD_VALUE} to {NEW_VALUE} for {DOMAIN_NAME}
|
Allow Google Sign-in only access to unconfigured third-party apps for users under 18
Allow Google Sign-in only third party API access for users under 18.
Event details |
Event name |
UNDERAGE_SIGN_IN_ONLY_THIRD_PARTY_API_ACCESS |
Parameters |
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=UNDERAGE_SIGN_IN_ONLY_THIRD_PARTY_API_ACCESS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
Allow Google Sign-in only access to unconfigured third-party apps for users under 18 for {ORG_UNIT_NAME}
|
Allow Google Sign-in only third party API access
Event details |
Event name |
SIGN_IN_ONLY_THIRD_PARTY_API_ACCESS |
Parameters |
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=SIGN_IN_ONLY_THIRD_PARTY_API_ACCESS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
Allow Google Sign-in only third party API access
|
API Access Allowed
Event details |
Event name |
ALLOW_SERVICE_FOR_OAUTH2_ACCESS |
Parameters |
OAUTH2_SERVICE_NAME |
string
OAuth2 service name.
Possible values:
APPS_SCRIPT Apps Script Service name.
APPS_SCRIPT_RUNTIME
CALENDAR
CLASSROOM Classroom service.
CLOUD_BILLING
CLOUD_MACHINE_LEARNING
CLOUD_PLATFORM
CLOUD_SEARCH Cloud search service.
CONTACTS
DRIVE
DRIVE_HIGH_RISK
GMAIL
GMAIL_HIGH_RISK
GROUPS Groups service.
GSUITE_ADMIN
TASKS Tasks service.
VAULT
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=ALLOW_SERVICE_FOR_OAUTH2_ACCESS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
{OAUTH2_SERVICE_NAME} API Access is allowed for {ORG_UNIT_NAME}
|
API Access Blocked
Event details |
Event name |
DISALLOW_SERVICE_FOR_OAUTH2_ACCESS |
Parameters |
OAUTH2_SERVICE_NAME |
string
OAuth2 service name.
Possible values:
APPS_SCRIPT Apps Script Service name.
APPS_SCRIPT_RUNTIME
CALENDAR
CLASSROOM Classroom service.
CLOUD_BILLING
CLOUD_MACHINE_LEARNING
CLOUD_PLATFORM
CLOUD_SEARCH Cloud search service.
CONTACTS
DRIVE
DRIVE_HIGH_RISK
GMAIL
GMAIL_HIGH_RISK
GROUPS Groups service.
GSUITE_ADMIN
TASKS Tasks service.
VAULT
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=DISALLOW_SERVICE_FOR_OAUTH2_ACCESS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
{OAUTH2_SERVICE_NAME} API Access is blocked for {ORG_UNIT_NAME}
|
app access settings collection id change.
Event details |
Event name |
CHANGE_APP_ACCESS_SETTINGS_COLLECTION_ID |
Parameters |
DOMAIN_NAME |
string
The primary domain name.
|
NEW_VALUE |
string
The new SETTING_NAME value that was set during this event.
|
OLD_VALUE |
string
The previous SETTING_NAME value that was replaced during this event.
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
SETTING_NAME |
string
The unique name (ID) of the setting that was changed.
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=CHANGE_APP_ACCESS_SETTINGS_COLLECTION_ID&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
App Access Settings Collection for the org unit {ORG_UNIT_NAME} has changed from {OLD_VALUE} to {NEW_VALUE}
|
App added to Blocked list
Event details |
Event name |
ADD_TO_BLOCKED_OAUTH2_APPS |
Parameters |
OAUTH2_APP_ID |
string
OAuth2 application ID.
|
OAUTH2_APP_NAME |
string
Name of service.
|
OAUTH2_APP_TYPE |
string
OAuth2 application type.
Possible values:
ANDROID
CHROME_EXTENSION
IOS
OAUTH2_CLIENT
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=ADD_TO_BLOCKED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
{OAUTH2_APP_NAME} added to Blocked list for {ORG_UNIT_NAME}
|
App added to Limited list
Event details |
Event name |
ADD_TO_LIMITED_OAUTH2_APPS |
Parameters |
OAUTH2_APP_ID |
string
OAuth2 application ID.
|
OAUTH2_APP_NAME |
string
Name of service.
|
OAUTH2_APP_TYPE |
string
OAuth2 application type.
Possible values:
ANDROID
CHROME_EXTENSION
IOS
OAUTH2_CLIENT
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=ADD_TO_LIMITED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
{OAUTH2_APP_NAME} added to Limited list for {ORG_UNIT_NAME}
|
App added to Trusted by OAuth Scope list
Event details |
Event name |
ADD_TO_TRUSTED_BY_OAUTH_SCOPE_OAUTH2_APPS |
Parameters |
OAUTH2_APP_ID |
string
OAuth2 application ID.
|
OAUTH2_APP_NAME |
string
Name of service.
|
OAUTH2_APP_TYPE |
string
OAuth2 application type.
Possible values:
ANDROID
CHROME_EXTENSION
IOS
OAUTH2_CLIENT
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=ADD_TO_TRUSTED_BY_OAUTH_SCOPE_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
{OAUTH2_APP_NAME} added to trusted by OAuth scope list for {ORG_UNIT_NAME}
|
App allowlisted for exemption from API access blocks
Event details |
Event name |
ADD_TO_CAA_EXEMPT_OAUTH2_APPS |
Parameters |
OAUTH2_APP_ID |
string
OAuth2 application ID.
|
OAUTH2_APP_NAME |
string
Name of service.
|
OAUTH2_APP_TYPE |
string
OAuth2 application type.
Possible values:
ANDROID
CHROME_EXTENSION
IOS
OAUTH2_CLIENT
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=ADD_TO_CAA_EXEMPT_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
{OAUTH2_APP_NAME} allowlisted for exemption from API access blocks for {ORG_UNIT_NAME}
|
App no longer allowlisted for exemption from API access blocks
Event details |
Event name |
REMOVE_FROM_CAA_EXEMPT_OAUTH2_APPS |
Parameters |
OAUTH2_APP_ID |
string
OAuth2 application ID.
|
OAUTH2_APP_NAME |
string
Name of service.
|
OAUTH2_APP_TYPE |
string
OAuth2 application type.
Possible values:
ANDROID
CHROME_EXTENSION
IOS
OAUTH2_CLIENT
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=REMOVE_FROM_CAA_EXEMPT_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
{OAUTH2_APP_NAME} removed from allowlist for exemption from API access blocks for {ORG_UNIT_NAME}
|
App no longer trusted
Event details |
Event name |
REMOVE_FROM_TRUSTED_OAUTH2_APPS |
Parameters |
OAUTH2_APP_ID |
string
OAuth2 application ID.
|
OAUTH2_APP_NAME |
string
Name of service.
|
OAUTH2_APP_TYPE |
string
OAuth2 application type.
Possible values:
ANDROID
CHROME_EXTENSION
IOS
OAUTH2_CLIENT
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=REMOVE_FROM_TRUSTED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
{OAUTH2_APP_NAME} no longer trusted for {ORG_UNIT_NAME}
|
App removed from Blocked list
Event details |
Event name |
REMOVE_FROM_BLOCKED_OAUTH2_APPS |
Parameters |
OAUTH2_APP_ID |
string
OAuth2 application ID.
|
OAUTH2_APP_NAME |
string
Name of service.
|
OAUTH2_APP_TYPE |
string
OAuth2 application type.
Possible values:
ANDROID
CHROME_EXTENSION
IOS
OAUTH2_CLIENT
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=REMOVE_FROM_BLOCKED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
{OAUTH2_APP_NAME} removed from Blocked list for {ORG_UNIT_NAME}
|
App removed from Limited list
Event details |
Event name |
REMOVE_FROM_LIMITED_OAUTH2_APPS |
Parameters |
OAUTH2_APP_ID |
string
OAuth2 application ID.
|
OAUTH2_APP_NAME |
string
Name of service.
|
OAUTH2_APP_TYPE |
string
OAuth2 application type.
Possible values:
ANDROID
CHROME_EXTENSION
IOS
OAUTH2_CLIENT
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=REMOVE_FROM_LIMITED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
{OAUTH2_APP_NAME} removed from Limited list for {ORG_UNIT_NAME}
|
App removed from Trusted by OAuth Scope list
Event details |
Event name |
REMOVE_FROM_TRUSTED_BY_OAUTH_SCOPE_OAUTH2_APPS |
Parameters |
OAUTH2_APP_ID |
string
OAuth2 application ID.
|
OAUTH2_APP_NAME |
string
Name of service.
|
OAUTH2_APP_TYPE |
string
OAuth2 application type.
Possible values:
ANDROID
CHROME_EXTENSION
IOS
OAUTH2_CLIENT
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=REMOVE_FROM_TRUSTED_BY_OAUTH_SCOPE_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
{OAUTH2_APP_NAME} removed from trusted by OAuth scope list for {ORG_UNIT_NAME}
|
App trusted
Event details |
Event name |
ADD_TO_TRUSTED_OAUTH2_APPS |
Parameters |
OAUTH2_APP_ID |
string
OAuth2 application ID.
|
OAUTH2_APP_NAME |
string
Name of service.
|
OAUTH2_APP_TYPE |
string
OAuth2 application type.
Possible values:
ANDROID
CHROME_EXTENSION
IOS
OAUTH2_CLIENT
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=ADD_TO_TRUSTED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
{OAUTH2_APP_NAME} trusted for {ORG_UNIT_NAME}
|
Apps added to Blocked list
Event details |
Event name |
MULTIPLE_ADD_TO_BLOCKED_OAUTH2_APPS |
Parameters |
OAUTH2_NUM_APPS |
integer
Number of OAuth2 apps.
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=MULTIPLE_ADD_TO_BLOCKED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
{OAUTH2_NUM_APPS} apps added to Blocked list for {ORG_UNIT_NAME}
|
Apps added to Limited list
Event details |
Event name |
MULTIPLE_ADD_TO_LIMITED_OAUTH2_APPS |
Parameters |
OAUTH2_NUM_APPS |
integer
Number of OAuth2 apps.
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=MULTIPLE_ADD_TO_LIMITED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
{OAUTH2_NUM_APPS} apps added to Limited list for {ORG_UNIT_NAME}
|
Apps added to Trusted by OAuth Scope list
Event details |
Event name |
MULTIPLE_ADD_TO_TRUSTED_BY_OAUTH_SCOPE_OAUTH2_APPS |
Parameters |
OAUTH2_NUM_APPS |
integer
Number of OAuth2 apps.
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=MULTIPLE_ADD_TO_TRUSTED_BY_OAUTH_SCOPE_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
{OAUTH2_NUM_APPS} apps added to Trusted by OAuth Scope list for {ORG_UNIT_NAME}
|
Apps added to Trusted list
Event details |
Event name |
MULTIPLE_ADD_TO_TRUSTED_OAUTH2_APPS |
Parameters |
OAUTH2_NUM_APPS |
integer
Number of OAuth2 apps.
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=MULTIPLE_ADD_TO_TRUSTED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
{OAUTH2_NUM_APPS} apps added to Trusted list for {ORG_UNIT_NAME}
|
Apps lists bulk upload
Event details |
Event name |
OAUTH_APPS_BULK_UPLOAD |
Parameters |
BULK_UPLOAD_SUCCESS_OAUTH_APPS_NUMBER |
string
Bulk upload successful oauth app number.
|
BULK_UPLOAD_TOTAL_OAUTH_APPS_NUMBER |
string
Bulk upload total oauth app number.
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=OAUTH_APPS_BULK_UPLOAD&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
{BULK_UPLOAD_SUCCESS_OAUTH_APPS_NUMBER} of {BULK_UPLOAD_TOTAL_OAUTH_APPS_NUMBER} rows successfully uploaded
|
Apps lists bulk upload notification
Event details |
Event name |
OAUTH_APPS_BULK_UPLOAD_NOTIFICATION_SENT |
Parameters |
USER_EMAIL |
string
The user's primary email address.
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=OAUTH_APPS_BULK_UPLOAD_NOTIFICATION_SENT&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
Notification of bulk upload for apps list sent to {USER_EMAIL}
|
Block On Device Access
Summary message to display in the audit log when device access for OAuth2 apps is blocked.
Event details |
Event name |
BLOCK_ON_DEVICE_ACCESS |
Parameters |
OAUTH2_SERVICE_NAME |
string
OAuth2 service name.
Possible values:
APPS_SCRIPT Apps Script Service name.
APPS_SCRIPT_RUNTIME
CALENDAR
CLASSROOM Classroom service.
CLOUD_BILLING
CLOUD_MACHINE_LEARNING
CLOUD_PLATFORM
CLOUD_SEARCH Cloud search service.
CONTACTS
DRIVE
DRIVE_HIGH_RISK
GMAIL
GMAIL_HIGH_RISK
GROUPS Groups service.
GSUITE_ADMIN
TASKS Tasks service.
VAULT
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=BLOCK_ON_DEVICE_ACCESS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
Block on device {OAUTH2_SERVICE_NAME} access for {ORG_UNIT_NAME}
|
Change 2-Step Verification Enrollment Period Duration
Event details |
Event name |
CHANGE_TWO_STEP_VERIFICATION_ENROLLMENT_PERIOD_DURATION |
Parameters |
GROUP_EMAIL |
string
The group's primary email address.
|
NEW_VALUE |
string
The new SETTING_NAME value that was set during this event.
|
OLD_VALUE |
string
The previous SETTING_NAME value that was replaced during this event.
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=CHANGE_TWO_STEP_VERIFICATION_ENROLLMENT_PERIOD_DURATION&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
2-step verification enrollment period duration for {ORG_UNIT_NAME} changed from {OLD_VALUE} to {NEW_VALUE}
|
Change 2-Step Verification Frequency
Event details |
Event name |
CHANGE_TWO_STEP_VERIFICATION_FREQUENCY |
Parameters |
GROUP_EMAIL |
string
The group's primary email address.
|
NEW_VALUE |
string
The new SETTING_NAME value that was set during this event.
|
OLD_VALUE |
string
The previous SETTING_NAME value that was replaced during this event.
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=CHANGE_TWO_STEP_VERIFICATION_FREQUENCY&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
2-step verification frequency for {ORG_UNIT_NAME} changed from {OLD_VALUE} to {NEW_VALUE}
|
Change 2-Step Verification Grace Period Duration
Event details |
Event name |
CHANGE_TWO_STEP_VERIFICATION_GRACE_PERIOD_DURATION |
Parameters |
GROUP_EMAIL |
string
The group's primary email address.
|
NEW_VALUE |
string
The new SETTING_NAME value that was set during this event.
|
OLD_VALUE |
string
The previous SETTING_NAME value that was replaced during this event.
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=CHANGE_TWO_STEP_VERIFICATION_GRACE_PERIOD_DURATION&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
2-step verification grace period duration for {ORG_UNIT_NAME} changed from {OLD_VALUE} to {NEW_VALUE}
|
Change 2-Step Verification Start Date
Event details |
Event name |
CHANGE_TWO_STEP_VERIFICATION_START_DATE |
Parameters |
GROUP_EMAIL |
string
The group's primary email address.
|
NEW_VALUE |
string
The new SETTING_NAME value that was set during this event.
|
OLD_VALUE |
string
The previous SETTING_NAME value that was replaced during this event.
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=CHANGE_TWO_STEP_VERIFICATION_START_DATE&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
2-step verification start date has been changed from {OLD_VALUE} to {NEW_VALUE}
|
Change Allowed 2-step Verification Methods
Event details |
Event name |
CHANGE_ALLOWED_TWO_STEP_VERIFICATION_METHODS |
Parameters |
ALLOWED_TWO_STEP_VERIFICATION_METHOD |
string
Allowed two-step verification method.
Possible values:
ANY A label that targets any distribution.
ONLY_SECURITY_KEY
|
GROUP_EMAIL |
string
The group's primary email address.
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=CHANGE_ALLOWED_TWO_STEP_VERIFICATION_METHODS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
2-step verification allowed 2-step verification methods for {ORG_UNIT_NAME} changed to {ALLOWED_TWO_STEP_VERIFICATION_METHOD}
|
Context Aware Access Enablement
Event details |
Event name |
TOGGLE_CAA_ENABLEMENT |
Parameters |
NEW_VALUE |
string
The new SETTING_NAME value that was set during this event.
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=TOGGLE_CAA_ENABLEMENT&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
Context Aware Access has been {NEW_VALUE}.
|
Context Aware Access Error Message Change
Event details |
Event name |
CHANGE_CAA_ERROR_MESSAGE |
Parameters |
NEW_VALUE |
string
The new SETTING_NAME value that was set during this event.
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=CHANGE_CAA_ERROR_MESSAGE&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
Error message has been changed to [{NEW_VALUE}]. (OrgUnit Name: {ORG_UNIT_NAME})
|
Event details |
Event name |
TOGGLE_CAA_REMEDIATION_ENABLEMENT |
Parameters |
NEW_VALUE |
string
The new SETTING_NAME value that was set during this event.
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=TOGGLE_CAA_REMEDIATION_ENABLEMENT&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
Context Aware Access Remediation has been {NEW_VALUE}. (OrgUnit Name: {ORG_UNIT_NAME})
|
Disabled Edu over 18 users apps requests
Event details |
Event name |
EDU_OVER_18_APPROVAL_WORKFLOW_DISABLED |
Parameters |
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=EDU_OVER_18_APPROVAL_WORKFLOW_DISABLED&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
Disabled Edu over 18 users apps requests for {ORG_UNIT_NAME}
|
Disabled over 18 users making delegated apps requests
Event details |
Event name |
EDU_DELEGATED_USER_APPROVAL_WORKFLOW_DISABLED |
Parameters |
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=EDU_DELEGATED_USER_APPROVAL_WORKFLOW_DISABLED&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
Disabled over 18 users making delegated apps requests for {ORG_UNIT_NAME}
|
Disabled under 18 users apps requests
Event details |
Event name |
UNDERAGE_USER_APPROVAL_WORKFLOW_DISABLED |
Parameters |
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=UNDERAGE_USER_APPROVAL_WORKFLOW_DISABLED&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
Disabled under 18 users apps requests for {ORG_UNIT_NAME}
|
Disabled users over 18 to make apps requests
Event details |
Event name |
USER_APPROVAL_WORKFLOW_DISABLED |
Parameters |
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=USER_APPROVAL_WORKFLOW_DISABLED&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
Disabled users over 18 to make apps requests for {ORG_UNIT_NAME}
|
Domain Owned Apps not trusted
Event details |
Event name |
UNTRUST_DOMAIN_OWNED_OAUTH2_APPS |
Parameters |
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=UNTRUST_DOMAIN_OWNED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
Domain Owned Apps removed from trusted list
|
Domain Owned Apps trusted
Event details |
Event name |
TRUST_DOMAIN_OWNED_OAUTH2_APPS |
Parameters |
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=TRUST_DOMAIN_OWNED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
Domain Owned Apps added to trusted list
|
Enable Non-Admin User Password Recovery
Event details |
Event name |
ENABLE_NON_ADMIN_USER_PASSWORD_RECOVERY |
Parameters |
GROUP_EMAIL |
string
The group's primary email address.
|
NEW_VALUE |
string
The new SETTING_NAME value that was set during this event.
|
OLD_VALUE |
string
The previous SETTING_NAME value that was replaced during this event.
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=ENABLE_NON_ADMIN_USER_PASSWORD_RECOVERY&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
Enable non-admin user password recovery setting in {ORG_UNIT_NAME} organization changed from {OLD_VALUE} to {NEW_VALUE}
|
Enabled Edu over 18 users apps requests
Event details |
Event name |
EDU_OVER_18_APPROVAL_WORKFLOW_ENABLED |
Parameters |
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=EDU_OVER_18_APPROVAL_WORKFLOW_ENABLED&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
Enabled Edu over 18 users apps requests for {ORG_UNIT_NAME}
|
Enabled over 18 users making delegated apps requests
Event details |
Event name |
EDU_DELEGATED_USER_APPROVAL_WORKFLOW_ENABLED |
Parameters |
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=EDU_DELEGATED_USER_APPROVAL_WORKFLOW_ENABLED&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
Enabled over 18 users making delegated apps requests for {ORG_UNIT_NAME}
|
Enabled under 18 users apps requests
Event details |
Event name |
UNDERAGE_USER_APPROVAL_WORKFLOW_ENABLED |
Parameters |
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=UNDERAGE_USER_APPROVAL_WORKFLOW_ENABLED&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
Enabled under 18 users apps requests for {ORG_UNIT_NAME}
|
Enabled users over 18 to make apps requests
Event details |
Event name |
USER_APPROVAL_WORKFLOW_ENABLED |
Parameters |
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=USER_APPROVAL_WORKFLOW_ENABLED&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
Enabled users over 18 to make apps requests for {ORG_UNIT_NAME}
|
Enforce 2-Step Verification
Event details |
Event name |
ENFORCE_STRONG_AUTHENTICATION |
Parameters |
DOMAIN_NAME |
string
The primary domain name.
|
GROUP_EMAIL |
string
The group's primary email address.
|
NEW_VALUE |
string
The new SETTING_NAME value that was set during this event.
|
OLD_VALUE |
string
The previous SETTING_NAME value that was replaced during this event.
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
SETTING_NAME |
string
The unique name (ID) of the setting that was changed.
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=ENFORCE_STRONG_AUTHENTICATION&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
{SETTING_NAME} in security settings for your organization changed from {OLD_VALUE} to {NEW_VALUE}
|
Error message for restricted OAuth2 apps updated
Summary message to display in the audit log for Oauth2 scope management settings.
Event details |
Event name |
UPDATE_ERROR_MSG_FOR_RESTRICTED_OAUTH2_APPS |
Parameters |
NEW_VALUE |
string
The new SETTING_NAME value that was set during this event.
|
OLD_VALUE |
string
The previous SETTING_NAME value that was replaced during this event.
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=UPDATE_ERROR_MSG_FOR_RESTRICTED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
Error message for restricted OAuth2 apps for your organization updated from {OLD_VALUE} to {NEW_VALUE}
|
Less Secure Apps Access setting changed
Event details |
Event name |
WEAK_PROGRAMMATIC_LOGIN_SETTINGS_CHANGED |
Parameters |
GROUP_EMAIL |
string
The group's primary email address.
|
NEW_VALUE |
string
The new SETTING_NAME value that was set during this event.
|
OLD_VALUE |
string
The previous SETTING_NAME value that was replaced during this event.
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=WEAK_PROGRAMMATIC_LOGIN_SETTINGS_CHANGED&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
Setting changed for {ORG_UNIT_NAME} organization unit from {OLD_VALUE} to {NEW_VALUE}
|
Session Control Settings Change
Event name for change in session control settings.
Event details |
Event name |
SESSION_CONTROL_SETTINGS_CHANGE |
Parameters |
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
REAUTH_APPLICATION |
string
Application for with reauthentication settings apply.
Possible values:
ADMIN_CONSOLE Google admin console.
CLOUD_ADMIN_TOOLS Google cloud admin tools.
|
REAUTH_SETTING_NEW |
string
Old Session control settings.
Possible values:
INHERIT Message to represent setting that inherits from its parent org unit.
NEVER Message to represent setting that never does reauthentication.
|
REAUTH_SETTING_OLD |
string
Old Session control settings.
Possible values:
INHERIT Message to represent setting that inherits from its parent org unit.
NEVER Message to represent setting that never does reauthentication.
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=SESSION_CONTROL_SETTINGS_CHANGE&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
Session Control Settings updated for {REAUTH_APPLICATION} from {REAUTH_SETTING_OLD} to {REAUTH_SETTING_NEW}. (OrgUnit Name: {ORG_UNIT_NAME})
|
Session length changed
Event details |
Event name |
CHANGE_SESSION_LENGTH |
Parameters |
NEW_VALUE |
string
The new SETTING_NAME value that was set during this event.
|
OLD_VALUE |
string
The previous SETTING_NAME value that was replaced during this event.
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=CHANGE_SESSION_LENGTH&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
Session length has been changed from {OLD_VALUE} to {NEW_VALUE}
|
Unblock on Device Access
Summary message to display in the audit log when device access for OAuth2 apps is unblocked.
Event details |
Event name |
UNBLOCK_ON_DEVICE_ACCESS |
Parameters |
OAUTH2_SERVICE_NAME |
string
OAuth2 service name.
Possible values:
APPS_SCRIPT Apps Script Service name.
APPS_SCRIPT_RUNTIME
CALENDAR
CLASSROOM Classroom service.
CLOUD_BILLING
CLOUD_MACHINE_LEARNING
CLOUD_PLATFORM
CLOUD_SEARCH Cloud search service.
CONTACTS
DRIVE
DRIVE_HIGH_RISK
GMAIL
GMAIL_HIGH_RISK
GROUPS Groups service.
GSUITE_ADMIN
TASKS Tasks service.
VAULT
|
ORG_UNIT_NAME |
string
The organizational unit (OU) name (path).
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=UNBLOCK_ON_DEVICE_ACCESS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
Unblock on device {OAUTH2_SERVICE_NAME} access for {ORG_UNIT_NAME}
|
Users requesting access list download
Event details |
Event name |
DOWNLOAD_PENDING_APP_USER_REQUESTS |
Parameters |
OAUTH2_APP_ID |
string
OAuth2 application ID.
|
OAUTH2_APP_NAME |
string
Name of service.
|
|
Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=DOWNLOAD_PENDING_APP_USER_REQUESTS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
Admin Console message format |
Downloaded list of users requesting access to {OAUTH2_APP_NAME}
|