Admin Audit Activity Events - Security Settings

This document lists the events and parameters for Security Settings Admin Audit activity events. You can retrieve these events by calling Activities.list() with applicationName=admin.

Security Settings

Events of this type are returned with type=SECURITY_SETTINGS.

(Context-aware access) Access level assignment changed for an app

Event details
Event name CHANGE_CAA_APP_ASSIGNMENTS
Parameters
APPLICATION_NAME

string

The application's name.

CAA_ACCESS_ASSIGNMENTS_NEW

string

CAA access levels new.

CAA_ACCESS_ASSIGNMENTS_OLD

string

CAA access levels old.

CAA_ACCESS_LEVELS_NEW

string

CAA access levels new.

CAA_ACCESS_LEVELS_OLD

string

CAA access levels old.

CAA_ASSIGNMENTS_NEW

string

CAA assignments new.

CAA_ASSIGNMENTS_OLD

string

CAA assignments old.

CAA_ENFORCEMENT_ENDPOINTS_NEW

string

CAA enforcement endpoints new. Possible values:

  • CAA_WEB_VERSION
    CAA enforcement endpoints value type - web version.
  • CAA_WEB_VERSION_AND_1P_OAUTH_CLIENTS
    CAA enforcement endpoints value type - web version and 1p oauth clients.
  • CAA_WEB_VERSION_AND_1P_OAUTH_CLIENTS_AND_APIS
    CAA enforcement endpoints value type - web version and 1p oauth clients and APIs (without exemptions).
  • CAA_WEB_VERSION_AND_1P_OAUTH_CLIENTS_AND_APIS_WITH_EXEMPTION
    CAA enforcement endpoints value type - web version and 1p oauth clients and APIs (with exemptions).
  • CAA_WEB_VERSION_AND_APIS
    CAA enforcement endpoints value type - web version and APIs (without exemptions).
  • CAA_WEB_VERSION_AND_APIS_WITH_EXEMPTION
    CAA enforcement endpoints value type - web version and APIs (with exemptions).
  • WEB_APP
    CAA enforcement endpoint type - web app.
  • WEB_APP_AND_1P_OAUTH_CLIENTS
    CAA enforcement endpoint type - web app and 1p oauth clients.
CAA_ENFORCEMENT_ENDPOINTS_OLD

string

CAA enforcement endpoints old. Possible values:

  • CAA_WEB_VERSION
    CAA enforcement endpoints value type - web version.
  • CAA_WEB_VERSION_AND_1P_OAUTH_CLIENTS
    CAA enforcement endpoints value type - web version and 1p oauth clients.
  • CAA_WEB_VERSION_AND_1P_OAUTH_CLIENTS_AND_APIS
    CAA enforcement endpoints value type - web version and 1p oauth clients and APIs (without exemptions).
  • CAA_WEB_VERSION_AND_1P_OAUTH_CLIENTS_AND_APIS_WITH_EXEMPTION
    CAA enforcement endpoints value type - web version and 1p oauth clients and APIs (with exemptions).
  • CAA_WEB_VERSION_AND_APIS
    CAA enforcement endpoints value type - web version and APIs (without exemptions).
  • CAA_WEB_VERSION_AND_APIS_WITH_EXEMPTION
    CAA enforcement endpoints value type - web version and APIs (with exemptions).
  • WEB_APP
    CAA enforcement endpoint type - web app.
  • WEB_APP_AND_1P_OAUTH_CLIENTS
    CAA enforcement endpoint type - web app and 1p oauth clients.
GROUP_NAME

string

Group Name.

MODE

string

CAA Access Level Assignment mode. Possible values:

  • ACTIVE
    CAA assignment mode - active.
  • MONITOR
    CAA assignment mode - monitor.
ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

TARGET_ENTITY_NAME

string

CAA Target Entity name.

TARGET_ENTITY_TYPE

string

CAA Target Entity type. Possible values:

  • GROUP
    A distribution entity label for a Google group.
  • ORG_UNIT
    A distribution entity label for an organizational unit.
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=CHANGE_CAA_APP_ASSIGNMENTS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
For {TARGET_ENTITY_TYPE} [{TARGET_ENTITY_NAME}]:


Before:
Access level [{CAA_ACCESS_ASSIGNMENTS_OLD}] applied to {CAA_ENFORCEMENT_ENDPOINTS_OLD} of [{APPLICATION_NAME}] in [{MODE}] mode.


After:
Access level [{CAA_ACCESS_ASSIGNMENTS_NEW}] applied to {CAA_ENFORCEMENT_ENDPOINTS_NEW} of [{APPLICATION_NAME}] in [{MODE}] mode.

All access to unconfigured third-party apps blocked for users under 18

All third party API access blocked for users under 18.

Event details
Event name UNDERAGE_BLOCK_ALL_THIRD_PARTY_API_ACCESS
Parameters
ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=UNDERAGE_BLOCK_ALL_THIRD_PARTY_API_ACCESS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
All access to unconfigured third-party apps blocked for users under 18 for {ORG_UNIT_NAME}

All third party API access blocked

Event details
Event name BLOCK_ALL_THIRD_PARTY_API_ACCESS
Parameters
ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=BLOCK_ALL_THIRD_PARTY_API_ACCESS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
All third party API Access blocked

All third party API access unblocked

Event details
Event name UNBLOCK_ALL_THIRD_PARTY_API_ACCESS
Parameters
ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=UNBLOCK_ALL_THIRD_PARTY_API_ACCESS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
All third party API Access unblocked

Allow 2-Step Verification

Event details
Event name ALLOW_STRONG_AUTHENTICATION
Parameters
DOMAIN_NAME

string

The primary domain name.

NEW_VALUE

string

The new SETTING_NAME value that was set during this event.

OLD_VALUE

string

The previous SETTING_NAME value that was replaced during this event.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=ALLOW_STRONG_AUTHENTICATION&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Allow 2-Step Verification has been set from {OLD_VALUE} to {NEW_VALUE} for {DOMAIN_NAME}

Allow Google Sign-in only access to unconfigured third-party apps for users under 18

Allow Google Sign-in only third party API access for users under 18.

Event details
Event name UNDERAGE_SIGN_IN_ONLY_THIRD_PARTY_API_ACCESS
Parameters
ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=UNDERAGE_SIGN_IN_ONLY_THIRD_PARTY_API_ACCESS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Allow Google Sign-in only access to unconfigured third-party apps for users under 18 for {ORG_UNIT_NAME}

Allow Google Sign-in only third party API access

Event details
Event name SIGN_IN_ONLY_THIRD_PARTY_API_ACCESS
Parameters
ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=SIGN_IN_ONLY_THIRD_PARTY_API_ACCESS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Allow Google Sign-in only third party API access

API Access Allowed

Event details
Event name ALLOW_SERVICE_FOR_OAUTH2_ACCESS
Parameters
OAUTH2_SERVICE_NAME

string

OAuth2 service name. Possible values:

  • APPS_SCRIPT
    Apps Script Service name.
  • APPS_SCRIPT_RUNTIME
  • CALENDAR
  • CLASSROOM
    Classroom service.
  • CLOUD_BILLING
  • CLOUD_MACHINE_LEARNING
  • CLOUD_PLATFORM
  • CLOUD_SEARCH
    Cloud search service.
  • CONTACTS
  • DRIVE
  • DRIVE_HIGH_RISK
  • GMAIL
  • GMAIL_HIGH_RISK
  • GROUPS
    Groups service.
  • GSUITE_ADMIN
  • TASKS
    Tasks service.
  • VAULT
ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=ALLOW_SERVICE_FOR_OAUTH2_ACCESS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{OAUTH2_SERVICE_NAME} API Access is allowed for {ORG_UNIT_NAME}

API Access Blocked

Event details
Event name DISALLOW_SERVICE_FOR_OAUTH2_ACCESS
Parameters
OAUTH2_SERVICE_NAME

string

OAuth2 service name. Possible values:

  • APPS_SCRIPT
    Apps Script Service name.
  • APPS_SCRIPT_RUNTIME
  • CALENDAR
  • CLASSROOM
    Classroom service.
  • CLOUD_BILLING
  • CLOUD_MACHINE_LEARNING
  • CLOUD_PLATFORM
  • CLOUD_SEARCH
    Cloud search service.
  • CONTACTS
  • DRIVE
  • DRIVE_HIGH_RISK
  • GMAIL
  • GMAIL_HIGH_RISK
  • GROUPS
    Groups service.
  • GSUITE_ADMIN
  • TASKS
    Tasks service.
  • VAULT
ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=DISALLOW_SERVICE_FOR_OAUTH2_ACCESS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{OAUTH2_SERVICE_NAME} API Access is blocked for {ORG_UNIT_NAME}

app access settings collection id change.

Event details
Event name CHANGE_APP_ACCESS_SETTINGS_COLLECTION_ID
Parameters
DOMAIN_NAME

string

The primary domain name.

NEW_VALUE

string

The new SETTING_NAME value that was set during this event.

OLD_VALUE

string

The previous SETTING_NAME value that was replaced during this event.

ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

SETTING_NAME

string

The unique name (ID) of the setting that was changed.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=CHANGE_APP_ACCESS_SETTINGS_COLLECTION_ID&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
App Access Settings Collection for the org unit {ORG_UNIT_NAME} has changed from {OLD_VALUE} to {NEW_VALUE}

App added to Blocked list

Event details
Event name ADD_TO_BLOCKED_OAUTH2_APPS
Parameters
OAUTH2_APP_ID

string

OAuth2 application ID.

OAUTH2_APP_NAME

string

Name of service.

OAUTH2_APP_TYPE

string

OAuth2 application type. Possible values:

  • ANDROID
  • CHROME_EXTENSION
  • IOS
  • OAUTH2_CLIENT
ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=ADD_TO_BLOCKED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{OAUTH2_APP_NAME} added to Blocked list for {ORG_UNIT_NAME}

App added to Limited list

Event details
Event name ADD_TO_LIMITED_OAUTH2_APPS
Parameters
OAUTH2_APP_ID

string

OAuth2 application ID.

OAUTH2_APP_NAME

string

Name of service.

OAUTH2_APP_TYPE

string

OAuth2 application type. Possible values:

  • ANDROID
  • CHROME_EXTENSION
  • IOS
  • OAUTH2_CLIENT
ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=ADD_TO_LIMITED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{OAUTH2_APP_NAME} added to Limited list for {ORG_UNIT_NAME}

App added to Trusted by OAuth Scope list

Event details
Event name ADD_TO_TRUSTED_BY_OAUTH_SCOPE_OAUTH2_APPS
Parameters
OAUTH2_APP_ID

string

OAuth2 application ID.

OAUTH2_APP_NAME

string

Name of service.

OAUTH2_APP_TYPE

string

OAuth2 application type. Possible values:

  • ANDROID
  • CHROME_EXTENSION
  • IOS
  • OAUTH2_CLIENT
ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=ADD_TO_TRUSTED_BY_OAUTH_SCOPE_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{OAUTH2_APP_NAME} added to trusted by OAuth scope list for {ORG_UNIT_NAME}

App allowlisted for exemption from API access blocks

Event details
Event name ADD_TO_CAA_EXEMPT_OAUTH2_APPS
Parameters
OAUTH2_APP_ID

string

OAuth2 application ID.

OAUTH2_APP_NAME

string

Name of service.

OAUTH2_APP_TYPE

string

OAuth2 application type. Possible values:

  • ANDROID
  • CHROME_EXTENSION
  • IOS
  • OAUTH2_CLIENT
ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=ADD_TO_CAA_EXEMPT_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{OAUTH2_APP_NAME} allowlisted for exemption from API access blocks for {ORG_UNIT_NAME}

App no longer allowlisted for exemption from API access blocks

Event details
Event name REMOVE_FROM_CAA_EXEMPT_OAUTH2_APPS
Parameters
OAUTH2_APP_ID

string

OAuth2 application ID.

OAUTH2_APP_NAME

string

Name of service.

OAUTH2_APP_TYPE

string

OAuth2 application type. Possible values:

  • ANDROID
  • CHROME_EXTENSION
  • IOS
  • OAUTH2_CLIENT
ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=REMOVE_FROM_CAA_EXEMPT_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{OAUTH2_APP_NAME} removed from allowlist for exemption from API access blocks for {ORG_UNIT_NAME}

App no longer trusted

Event details
Event name REMOVE_FROM_TRUSTED_OAUTH2_APPS
Parameters
OAUTH2_APP_ID

string

OAuth2 application ID.

OAUTH2_APP_NAME

string

Name of service.

OAUTH2_APP_TYPE

string

OAuth2 application type. Possible values:

  • ANDROID
  • CHROME_EXTENSION
  • IOS
  • OAUTH2_CLIENT
ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=REMOVE_FROM_TRUSTED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{OAUTH2_APP_NAME} no longer trusted for {ORG_UNIT_NAME}

App removed from Blocked list

Event details
Event name REMOVE_FROM_BLOCKED_OAUTH2_APPS
Parameters
OAUTH2_APP_ID

string

OAuth2 application ID.

OAUTH2_APP_NAME

string

Name of service.

OAUTH2_APP_TYPE

string

OAuth2 application type. Possible values:

  • ANDROID
  • CHROME_EXTENSION
  • IOS
  • OAUTH2_CLIENT
ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=REMOVE_FROM_BLOCKED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{OAUTH2_APP_NAME} removed from Blocked list for {ORG_UNIT_NAME}

App removed from Limited list

Event details
Event name REMOVE_FROM_LIMITED_OAUTH2_APPS
Parameters
OAUTH2_APP_ID

string

OAuth2 application ID.

OAUTH2_APP_NAME

string

Name of service.

OAUTH2_APP_TYPE

string

OAuth2 application type. Possible values:

  • ANDROID
  • CHROME_EXTENSION
  • IOS
  • OAUTH2_CLIENT
ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=REMOVE_FROM_LIMITED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{OAUTH2_APP_NAME} removed from Limited list for {ORG_UNIT_NAME}

App removed from Trusted by OAuth Scope list

Event details
Event name REMOVE_FROM_TRUSTED_BY_OAUTH_SCOPE_OAUTH2_APPS
Parameters
OAUTH2_APP_ID

string

OAuth2 application ID.

OAUTH2_APP_NAME

string

Name of service.

OAUTH2_APP_TYPE

string

OAuth2 application type. Possible values:

  • ANDROID
  • CHROME_EXTENSION
  • IOS
  • OAUTH2_CLIENT
ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=REMOVE_FROM_TRUSTED_BY_OAUTH_SCOPE_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{OAUTH2_APP_NAME} removed from trusted by OAuth scope list for {ORG_UNIT_NAME}

App trusted

Event details
Event name ADD_TO_TRUSTED_OAUTH2_APPS
Parameters
OAUTH2_APP_ID

string

OAuth2 application ID.

OAUTH2_APP_NAME

string

Name of service.

OAUTH2_APP_TYPE

string

OAuth2 application type. Possible values:

  • ANDROID
  • CHROME_EXTENSION
  • IOS
  • OAUTH2_CLIENT
ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=ADD_TO_TRUSTED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{OAUTH2_APP_NAME} trusted for {ORG_UNIT_NAME}

Apps added to Blocked list

Event details
Event name MULTIPLE_ADD_TO_BLOCKED_OAUTH2_APPS
Parameters
OAUTH2_NUM_APPS

integer

Number of OAuth2 apps.

ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=MULTIPLE_ADD_TO_BLOCKED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{OAUTH2_NUM_APPS} apps added to Blocked list for {ORG_UNIT_NAME}

Apps added to Limited list

Event details
Event name MULTIPLE_ADD_TO_LIMITED_OAUTH2_APPS
Parameters
OAUTH2_NUM_APPS

integer

Number of OAuth2 apps.

ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=MULTIPLE_ADD_TO_LIMITED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{OAUTH2_NUM_APPS} apps added to Limited list for {ORG_UNIT_NAME}

Apps added to Trusted by OAuth Scope list

Event details
Event name MULTIPLE_ADD_TO_TRUSTED_BY_OAUTH_SCOPE_OAUTH2_APPS
Parameters
OAUTH2_NUM_APPS

integer

Number of OAuth2 apps.

ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=MULTIPLE_ADD_TO_TRUSTED_BY_OAUTH_SCOPE_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{OAUTH2_NUM_APPS} apps added to Trusted by OAuth Scope list for {ORG_UNIT_NAME}

Apps added to Trusted list

Event details
Event name MULTIPLE_ADD_TO_TRUSTED_OAUTH2_APPS
Parameters
OAUTH2_NUM_APPS

integer

Number of OAuth2 apps.

ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=MULTIPLE_ADD_TO_TRUSTED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{OAUTH2_NUM_APPS} apps added to Trusted list for {ORG_UNIT_NAME}

Apps lists bulk upload

Event details
Event name OAUTH_APPS_BULK_UPLOAD
Parameters
BULK_UPLOAD_SUCCESS_OAUTH_APPS_NUMBER

string

Bulk upload successful oauth app number.

BULK_UPLOAD_TOTAL_OAUTH_APPS_NUMBER

string

Bulk upload total oauth app number.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=OAUTH_APPS_BULK_UPLOAD&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{BULK_UPLOAD_SUCCESS_OAUTH_APPS_NUMBER} of {BULK_UPLOAD_TOTAL_OAUTH_APPS_NUMBER} rows successfully uploaded

Apps lists bulk upload notification

Event details
Event name OAUTH_APPS_BULK_UPLOAD_NOTIFICATION_SENT
Parameters
USER_EMAIL

string

The user's primary email address.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=OAUTH_APPS_BULK_UPLOAD_NOTIFICATION_SENT&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Notification of bulk upload for apps list sent to {USER_EMAIL}

Block On Device Access

Summary message to display in the audit log when device access for OAuth2 apps is blocked.

Event details
Event name BLOCK_ON_DEVICE_ACCESS
Parameters
OAUTH2_SERVICE_NAME

string

OAuth2 service name. Possible values:

  • APPS_SCRIPT
    Apps Script Service name.
  • APPS_SCRIPT_RUNTIME
  • CALENDAR
  • CLASSROOM
    Classroom service.
  • CLOUD_BILLING
  • CLOUD_MACHINE_LEARNING
  • CLOUD_PLATFORM
  • CLOUD_SEARCH
    Cloud search service.
  • CONTACTS
  • DRIVE
  • DRIVE_HIGH_RISK
  • GMAIL
  • GMAIL_HIGH_RISK
  • GROUPS
    Groups service.
  • GSUITE_ADMIN
  • TASKS
    Tasks service.
  • VAULT
ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=BLOCK_ON_DEVICE_ACCESS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Block on device {OAUTH2_SERVICE_NAME} access for {ORG_UNIT_NAME}

Change 2-Step Verification Enrollment Period Duration

Event details
Event name CHANGE_TWO_STEP_VERIFICATION_ENROLLMENT_PERIOD_DURATION
Parameters
GROUP_EMAIL

string

The group's primary email address.

NEW_VALUE

string

The new SETTING_NAME value that was set during this event.

OLD_VALUE

string

The previous SETTING_NAME value that was replaced during this event.

ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=CHANGE_TWO_STEP_VERIFICATION_ENROLLMENT_PERIOD_DURATION&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
2-step verification enrollment period duration for {ORG_UNIT_NAME} changed from {OLD_VALUE} to {NEW_VALUE}

Change 2-Step Verification Frequency

Event details
Event name CHANGE_TWO_STEP_VERIFICATION_FREQUENCY
Parameters
GROUP_EMAIL

string

The group's primary email address.

NEW_VALUE

string

The new SETTING_NAME value that was set during this event.

OLD_VALUE

string

The previous SETTING_NAME value that was replaced during this event.

ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=CHANGE_TWO_STEP_VERIFICATION_FREQUENCY&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
2-step verification frequency for {ORG_UNIT_NAME} changed from {OLD_VALUE} to {NEW_VALUE}

Change 2-Step Verification Grace Period Duration

Event details
Event name CHANGE_TWO_STEP_VERIFICATION_GRACE_PERIOD_DURATION
Parameters
GROUP_EMAIL

string

The group's primary email address.

NEW_VALUE

string

The new SETTING_NAME value that was set during this event.

OLD_VALUE

string

The previous SETTING_NAME value that was replaced during this event.

ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=CHANGE_TWO_STEP_VERIFICATION_GRACE_PERIOD_DURATION&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
2-step verification grace period duration for {ORG_UNIT_NAME} changed from {OLD_VALUE} to {NEW_VALUE}

Change 2-Step Verification Start Date

Event details
Event name CHANGE_TWO_STEP_VERIFICATION_START_DATE
Parameters
GROUP_EMAIL

string

The group's primary email address.

NEW_VALUE

string

The new SETTING_NAME value that was set during this event.

OLD_VALUE

string

The previous SETTING_NAME value that was replaced during this event.

ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=CHANGE_TWO_STEP_VERIFICATION_START_DATE&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
2-step verification start date has been changed from {OLD_VALUE} to {NEW_VALUE}

Change Allowed 2-step Verification Methods

Event details
Event name CHANGE_ALLOWED_TWO_STEP_VERIFICATION_METHODS
Parameters
ALLOWED_TWO_STEP_VERIFICATION_METHOD

string

Allowed two-step verification method. Possible values:

  • ANY
    A label that targets any distribution.
  • ONLY_SECURITY_KEY
GROUP_EMAIL

string

The group's primary email address.

ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=CHANGE_ALLOWED_TWO_STEP_VERIFICATION_METHODS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
2-step verification allowed 2-step verification methods for {ORG_UNIT_NAME} changed to {ALLOWED_TWO_STEP_VERIFICATION_METHOD}

Context Aware Access Enablement

Event details
Event name TOGGLE_CAA_ENABLEMENT
Parameters
NEW_VALUE

string

The new SETTING_NAME value that was set during this event.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=TOGGLE_CAA_ENABLEMENT&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Context Aware Access has been {NEW_VALUE}.

Context Aware Access Error Message Change

Event details
Event name CHANGE_CAA_ERROR_MESSAGE
Parameters
NEW_VALUE

string

The new SETTING_NAME value that was set during this event.

ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=CHANGE_CAA_ERROR_MESSAGE&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Error message has been changed to [{NEW_VALUE}]. (OrgUnit Name: {ORG_UNIT_NAME})

Context Aware Access Remediation Enablement

Event details
Event name TOGGLE_CAA_REMEDIATION_ENABLEMENT
Parameters
NEW_VALUE

string

The new SETTING_NAME value that was set during this event.

ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=TOGGLE_CAA_REMEDIATION_ENABLEMENT&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Context Aware Access Remediation has been {NEW_VALUE}. (OrgUnit Name: {ORG_UNIT_NAME})

Disabled Edu over 18 users apps requests

Event details
Event name EDU_OVER_18_APPROVAL_WORKFLOW_DISABLED
Parameters
ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=EDU_OVER_18_APPROVAL_WORKFLOW_DISABLED&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Disabled Edu over 18 users apps requests for {ORG_UNIT_NAME}

Disabled over 18 users making delegated apps requests

Event details
Event name EDU_DELEGATED_USER_APPROVAL_WORKFLOW_DISABLED
Parameters
ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=EDU_DELEGATED_USER_APPROVAL_WORKFLOW_DISABLED&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Disabled over 18 users making delegated apps requests for {ORG_UNIT_NAME}

Disabled under 18 users apps requests

Event details
Event name UNDERAGE_USER_APPROVAL_WORKFLOW_DISABLED
Parameters
ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=UNDERAGE_USER_APPROVAL_WORKFLOW_DISABLED&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Disabled under 18 users apps requests for {ORG_UNIT_NAME}

Disabled users over 18 to make apps requests

Event details
Event name USER_APPROVAL_WORKFLOW_DISABLED
Parameters
ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=USER_APPROVAL_WORKFLOW_DISABLED&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Disabled users over 18 to make apps requests for {ORG_UNIT_NAME}

Domain Owned Apps not trusted

Event details
Event name UNTRUST_DOMAIN_OWNED_OAUTH2_APPS
Parameters
ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=UNTRUST_DOMAIN_OWNED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Domain Owned Apps removed from trusted list

Domain Owned Apps trusted

Event details
Event name TRUST_DOMAIN_OWNED_OAUTH2_APPS
Parameters
ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=TRUST_DOMAIN_OWNED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Domain Owned Apps added to trusted list

Enable Non-Admin User Password Recovery

Event details
Event name ENABLE_NON_ADMIN_USER_PASSWORD_RECOVERY
Parameters
GROUP_EMAIL

string

The group's primary email address.

NEW_VALUE

string

The new SETTING_NAME value that was set during this event.

OLD_VALUE

string

The previous SETTING_NAME value that was replaced during this event.

ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=ENABLE_NON_ADMIN_USER_PASSWORD_RECOVERY&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Enable non-admin user password recovery setting in {ORG_UNIT_NAME} organization changed from {OLD_VALUE} to {NEW_VALUE}

Enabled Edu over 18 users apps requests

Event details
Event name EDU_OVER_18_APPROVAL_WORKFLOW_ENABLED
Parameters
ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=EDU_OVER_18_APPROVAL_WORKFLOW_ENABLED&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Enabled Edu over 18 users apps requests for {ORG_UNIT_NAME}

Enabled over 18 users making delegated apps requests

Event details
Event name EDU_DELEGATED_USER_APPROVAL_WORKFLOW_ENABLED
Parameters
ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=EDU_DELEGATED_USER_APPROVAL_WORKFLOW_ENABLED&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Enabled over 18 users making delegated apps requests for {ORG_UNIT_NAME}

Enabled under 18 users apps requests

Event details
Event name UNDERAGE_USER_APPROVAL_WORKFLOW_ENABLED
Parameters
ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=UNDERAGE_USER_APPROVAL_WORKFLOW_ENABLED&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Enabled under 18 users apps requests for {ORG_UNIT_NAME}

Enabled users over 18 to make apps requests

Event details
Event name USER_APPROVAL_WORKFLOW_ENABLED
Parameters
ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=USER_APPROVAL_WORKFLOW_ENABLED&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Enabled users over 18 to make apps requests for {ORG_UNIT_NAME}

Enforce 2-Step Verification

Event details
Event name ENFORCE_STRONG_AUTHENTICATION
Parameters
DOMAIN_NAME

string

The primary domain name.

GROUP_EMAIL

string

The group's primary email address.

NEW_VALUE

string

The new SETTING_NAME value that was set during this event.

OLD_VALUE

string

The previous SETTING_NAME value that was replaced during this event.

ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

SETTING_NAME

string

The unique name (ID) of the setting that was changed.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=ENFORCE_STRONG_AUTHENTICATION&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{SETTING_NAME} in security settings for your organization changed from {OLD_VALUE} to {NEW_VALUE}

Error message for restricted OAuth2 apps updated

Summary message to display in the audit log for Oauth2 scope management settings.

Event details
Event name UPDATE_ERROR_MSG_FOR_RESTRICTED_OAUTH2_APPS
Parameters
NEW_VALUE

string

The new SETTING_NAME value that was set during this event.

OLD_VALUE

string

The previous SETTING_NAME value that was replaced during this event.

ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=UPDATE_ERROR_MSG_FOR_RESTRICTED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Error message for restricted OAuth2 apps for your organization updated from {OLD_VALUE} to {NEW_VALUE}

Less Secure Apps Access setting changed

Event details
Event name WEAK_PROGRAMMATIC_LOGIN_SETTINGS_CHANGED
Parameters
GROUP_EMAIL

string

The group's primary email address.

NEW_VALUE

string

The new SETTING_NAME value that was set during this event.

OLD_VALUE

string

The previous SETTING_NAME value that was replaced during this event.

ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=WEAK_PROGRAMMATIC_LOGIN_SETTINGS_CHANGED&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Setting changed for {ORG_UNIT_NAME} organization unit from {OLD_VALUE} to {NEW_VALUE}

Session Control Settings Change

Event name for change in session control settings.

Event details
Event name SESSION_CONTROL_SETTINGS_CHANGE
Parameters
ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

REAUTH_APPLICATION

string

Application for with reauthentication settings apply. Possible values:

  • ADMIN_CONSOLE
    Google admin console.
  • CLOUD_ADMIN_TOOLS
    Google cloud admin tools.
REAUTH_SETTING_NEW

string

Old Session control settings. Possible values:

  • INHERIT
    Message to represent setting that inherits from its parent org unit.
  • NEVER
    Message to represent setting that never does reauthentication.
REAUTH_SETTING_OLD

string

Old Session control settings. Possible values:

  • INHERIT
    Message to represent setting that inherits from its parent org unit.
  • NEVER
    Message to represent setting that never does reauthentication.
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=SESSION_CONTROL_SETTINGS_CHANGE&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Session Control Settings updated for {REAUTH_APPLICATION} from {REAUTH_SETTING_OLD} to {REAUTH_SETTING_NEW}. (OrgUnit Name: {ORG_UNIT_NAME})

Session length changed

Event details
Event name CHANGE_SESSION_LENGTH
Parameters
NEW_VALUE

string

The new SETTING_NAME value that was set during this event.

OLD_VALUE

string

The previous SETTING_NAME value that was replaced during this event.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=CHANGE_SESSION_LENGTH&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Session length has been changed from {OLD_VALUE} to {NEW_VALUE}

Unblock on Device Access

Summary message to display in the audit log when device access for OAuth2 apps is unblocked.

Event details
Event name UNBLOCK_ON_DEVICE_ACCESS
Parameters
OAUTH2_SERVICE_NAME

string

OAuth2 service name. Possible values:

  • APPS_SCRIPT
    Apps Script Service name.
  • APPS_SCRIPT_RUNTIME
  • CALENDAR
  • CLASSROOM
    Classroom service.
  • CLOUD_BILLING
  • CLOUD_MACHINE_LEARNING
  • CLOUD_PLATFORM
  • CLOUD_SEARCH
    Cloud search service.
  • CONTACTS
  • DRIVE
  • DRIVE_HIGH_RISK
  • GMAIL
  • GMAIL_HIGH_RISK
  • GROUPS
    Groups service.
  • GSUITE_ADMIN
  • TASKS
    Tasks service.
  • VAULT
ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=UNBLOCK_ON_DEVICE_ACCESS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Unblock on device {OAUTH2_SERVICE_NAME} access for {ORG_UNIT_NAME}

Users requesting access list download

Event details
Event name DOWNLOAD_PENDING_APP_USER_REQUESTS
Parameters
OAUTH2_APP_ID

string

OAuth2 application ID.

OAUTH2_APP_NAME

string

Name of service.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=DOWNLOAD_PENDING_APP_USER_REQUESTS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Downloaded list of users requesting access to {OAUTH2_APP_NAME}

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025年10月13日 UTC.