Stay organized with collections
Save and categorize content based on your preferences.
This document lists the events and parameters for
Security Settings
Admin Audit activity events. You can retrieve these events by
calling Activities.list()
with applicationName=admin.
Security Settings
Events of this type are returned with type=SECURITY_SETTINGS.
(Context-aware access) Access level assignment changed for an app
Event details
Event name
CHANGE_CAA_APP_ASSIGNMENTS
Parameters
APPLICATION_NAME
string
The application's name.
CAA_ACCESS_ASSIGNMENTS_NEW
string
CAA access levels new.
CAA_ACCESS_ASSIGNMENTS_OLD
string
CAA access levels old.
CAA_ACCESS_LEVELS_NEW
string
CAA access levels new.
CAA_ACCESS_LEVELS_OLD
string
CAA access levels old.
CAA_ASSIGNMENTS_NEW
string
CAA assignments new.
CAA_ASSIGNMENTS_OLD
string
CAA assignments old.
CAA_ENFORCEMENT_ENDPOINTS_NEW
string
CAA enforcement endpoints new.
Possible values:
CAA_WEB_VERSION CAA enforcement endpoints value type - web version.
CAA_WEB_VERSION_AND_1P_OAUTH_CLIENTS CAA enforcement endpoints value type - web version and 1p oauth clients.
CAA_WEB_VERSION_AND_1P_OAUTH_CLIENTS_AND_APIS CAA enforcement endpoints value type - web version and 1p oauth clients and APIs (without exemptions).
CAA_WEB_VERSION_AND_1P_OAUTH_CLIENTS_AND_APIS_WITH_EXEMPTION CAA enforcement endpoints value type - web version and 1p oauth clients and APIs (with exemptions).
CAA_WEB_VERSION_AND_APIS CAA enforcement endpoints value type - web version and APIs (without exemptions).
CAA_WEB_VERSION_AND_APIS_WITH_EXEMPTION CAA enforcement endpoints value type - web version and APIs (with exemptions).
WEB_APP CAA enforcement endpoint type - web app.
WEB_APP_AND_1P_OAUTH_CLIENTS CAA enforcement endpoint type - web app and 1p oauth clients.
CAA_ENFORCEMENT_ENDPOINTS_OLD
string
CAA enforcement endpoints old.
Possible values:
CAA_WEB_VERSION CAA enforcement endpoints value type - web version.
CAA_WEB_VERSION_AND_1P_OAUTH_CLIENTS CAA enforcement endpoints value type - web version and 1p oauth clients.
CAA_WEB_VERSION_AND_1P_OAUTH_CLIENTS_AND_APIS CAA enforcement endpoints value type - web version and 1p oauth clients and APIs (without exemptions).
CAA_WEB_VERSION_AND_1P_OAUTH_CLIENTS_AND_APIS_WITH_EXEMPTION CAA enforcement endpoints value type - web version and 1p oauth clients and APIs (with exemptions).
CAA_WEB_VERSION_AND_APIS CAA enforcement endpoints value type - web version and APIs (without exemptions).
CAA_WEB_VERSION_AND_APIS_WITH_EXEMPTION CAA enforcement endpoints value type - web version and APIs (with exemptions).
WEB_APP CAA enforcement endpoint type - web app.
WEB_APP_AND_1P_OAUTH_CLIENTS CAA enforcement endpoint type - web app and 1p oauth clients.
GROUP_NAME
string
Group Name.
MODE
string
CAA Access Level Assignment mode.
Possible values:
ACTIVE CAA assignment mode - active.
MONITOR CAA assignment mode - monitor.
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
TARGET_ENTITY_NAME
string
CAA Target Entity name.
TARGET_ENTITY_TYPE
string
CAA Target Entity type.
Possible values:
GROUP A distribution entity label for a Google group.
ORG_UNIT A distribution entity label for an organizational unit.
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=CHANGE_CAA_APP_ASSIGNMENTS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
For {TARGET_ENTITY_TYPE} [{TARGET_ENTITY_NAME}]:
Before:
Access level [{CAA_ACCESS_ASSIGNMENTS_OLD}] applied to {CAA_ENFORCEMENT_ENDPOINTS_OLD} of [{APPLICATION_NAME}] in [{MODE}] mode.
After:
Access level [{CAA_ACCESS_ASSIGNMENTS_NEW}] applied to {CAA_ENFORCEMENT_ENDPOINTS_NEW} of [{APPLICATION_NAME}] in [{MODE}] mode.
All access to unconfigured third-party apps blocked for users under 18
All third party API access blocked for users under 18.
Event details
Event name
UNDERAGE_BLOCK_ALL_THIRD_PARTY_API_ACCESS
Parameters
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=UNDERAGE_BLOCK_ALL_THIRD_PARTY_API_ACCESS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
All access to unconfigured third-party apps blocked for users under 18 for {ORG_UNIT_NAME}
All third party API access blocked
Event details
Event name
BLOCK_ALL_THIRD_PARTY_API_ACCESS
Parameters
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=BLOCK_ALL_THIRD_PARTY_API_ACCESS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
All third party API Access blocked
All third party API access unblocked
Event details
Event name
UNBLOCK_ALL_THIRD_PARTY_API_ACCESS
Parameters
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=UNBLOCK_ALL_THIRD_PARTY_API_ACCESS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
All third party API Access unblocked
Allow 2-Step Verification
Event details
Event name
ALLOW_STRONG_AUTHENTICATION
Parameters
DOMAIN_NAME
string
The primary domain name.
NEW_VALUE
string
The new SETTING_NAME value that was set during this event.
OLD_VALUE
string
The previous SETTING_NAME value that was replaced during this event.
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=ALLOW_STRONG_AUTHENTICATION&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Allow 2-Step Verification has been set from {OLD_VALUE} to {NEW_VALUE} for {DOMAIN_NAME}
Allow Google Sign-in only access to unconfigured third-party apps for users under 18
Allow Google Sign-in only third party API access for users under 18.
Event details
Event name
UNDERAGE_SIGN_IN_ONLY_THIRD_PARTY_API_ACCESS
Parameters
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=UNDERAGE_SIGN_IN_ONLY_THIRD_PARTY_API_ACCESS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Allow Google Sign-in only access to unconfigured third-party apps for users under 18 for {ORG_UNIT_NAME}
Allow Google Sign-in only third party API access
Event details
Event name
SIGN_IN_ONLY_THIRD_PARTY_API_ACCESS
Parameters
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=SIGN_IN_ONLY_THIRD_PARTY_API_ACCESS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Allow Google Sign-in only third party API access
API Access Allowed
Event details
Event name
ALLOW_SERVICE_FOR_OAUTH2_ACCESS
Parameters
OAUTH2_SERVICE_NAME
string
OAuth2 service name.
Possible values:
APPS_SCRIPT Apps Script Service name.
APPS_SCRIPT_RUNTIME
CALENDAR
CLASSROOM Classroom service.
CLOUD_BILLING
CLOUD_MACHINE_LEARNING
CLOUD_PLATFORM
CLOUD_SEARCH Cloud search service.
CONTACTS
DRIVE
DRIVE_HIGH_RISK
GMAIL
GMAIL_HIGH_RISK
GROUPS Groups service.
GSUITE_ADMIN
TASKS Tasks service.
VAULT
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=ALLOW_SERVICE_FOR_OAUTH2_ACCESS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{OAUTH2_SERVICE_NAME} API Access is allowed for {ORG_UNIT_NAME}
API Access Blocked
Event details
Event name
DISALLOW_SERVICE_FOR_OAUTH2_ACCESS
Parameters
OAUTH2_SERVICE_NAME
string
OAuth2 service name.
Possible values:
APPS_SCRIPT Apps Script Service name.
APPS_SCRIPT_RUNTIME
CALENDAR
CLASSROOM Classroom service.
CLOUD_BILLING
CLOUD_MACHINE_LEARNING
CLOUD_PLATFORM
CLOUD_SEARCH Cloud search service.
CONTACTS
DRIVE
DRIVE_HIGH_RISK
GMAIL
GMAIL_HIGH_RISK
GROUPS Groups service.
GSUITE_ADMIN
TASKS Tasks service.
VAULT
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=DISALLOW_SERVICE_FOR_OAUTH2_ACCESS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{OAUTH2_SERVICE_NAME} API Access is blocked for {ORG_UNIT_NAME}
app access settings collection id change.
Event details
Event name
CHANGE_APP_ACCESS_SETTINGS_COLLECTION_ID
Parameters
DOMAIN_NAME
string
The primary domain name.
NEW_VALUE
string
The new SETTING_NAME value that was set during this event.
OLD_VALUE
string
The previous SETTING_NAME value that was replaced during this event.
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
SETTING_NAME
string
The unique name (ID) of the setting that was changed.
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=CHANGE_APP_ACCESS_SETTINGS_COLLECTION_ID&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
App Access Settings Collection for the org unit {ORG_UNIT_NAME} has changed from {OLD_VALUE} to {NEW_VALUE}
App added to Blocked list
Event details
Event name
ADD_TO_BLOCKED_OAUTH2_APPS
Parameters
OAUTH2_APP_ID
string
OAuth2 application ID.
OAUTH2_APP_NAME
string
Name of service.
OAUTH2_APP_TYPE
string
OAuth2 application type.
Possible values:
ANDROID
CHROME_EXTENSION
IOS
OAUTH2_CLIENT
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=ADD_TO_BLOCKED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{OAUTH2_APP_NAME} added to Blocked list for {ORG_UNIT_NAME}
App added to Limited list
Event details
Event name
ADD_TO_LIMITED_OAUTH2_APPS
Parameters
OAUTH2_APP_ID
string
OAuth2 application ID.
OAUTH2_APP_NAME
string
Name of service.
OAUTH2_APP_TYPE
string
OAuth2 application type.
Possible values:
ANDROID
CHROME_EXTENSION
IOS
OAUTH2_CLIENT
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=ADD_TO_LIMITED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{OAUTH2_APP_NAME} added to Limited list for {ORG_UNIT_NAME}
App added to Trusted by OAuth Scope list
Event details
Event name
ADD_TO_TRUSTED_BY_OAUTH_SCOPE_OAUTH2_APPS
Parameters
OAUTH2_APP_ID
string
OAuth2 application ID.
OAUTH2_APP_NAME
string
Name of service.
OAUTH2_APP_TYPE
string
OAuth2 application type.
Possible values:
ANDROID
CHROME_EXTENSION
IOS
OAUTH2_CLIENT
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=ADD_TO_TRUSTED_BY_OAUTH_SCOPE_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{OAUTH2_APP_NAME} added to trusted by OAuth scope list for {ORG_UNIT_NAME}
App allowlisted for exemption from API access blocks
Event details
Event name
ADD_TO_CAA_EXEMPT_OAUTH2_APPS
Parameters
OAUTH2_APP_ID
string
OAuth2 application ID.
OAUTH2_APP_NAME
string
Name of service.
OAUTH2_APP_TYPE
string
OAuth2 application type.
Possible values:
ANDROID
CHROME_EXTENSION
IOS
OAUTH2_CLIENT
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=ADD_TO_CAA_EXEMPT_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{OAUTH2_APP_NAME} allowlisted for exemption from API access blocks for {ORG_UNIT_NAME}
App no longer allowlisted for exemption from API access blocks
Event details
Event name
REMOVE_FROM_CAA_EXEMPT_OAUTH2_APPS
Parameters
OAUTH2_APP_ID
string
OAuth2 application ID.
OAUTH2_APP_NAME
string
Name of service.
OAUTH2_APP_TYPE
string
OAuth2 application type.
Possible values:
ANDROID
CHROME_EXTENSION
IOS
OAUTH2_CLIENT
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=REMOVE_FROM_CAA_EXEMPT_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{OAUTH2_APP_NAME} removed from allowlist for exemption from API access blocks for {ORG_UNIT_NAME}
App no longer trusted
Event details
Event name
REMOVE_FROM_TRUSTED_OAUTH2_APPS
Parameters
OAUTH2_APP_ID
string
OAuth2 application ID.
OAUTH2_APP_NAME
string
Name of service.
OAUTH2_APP_TYPE
string
OAuth2 application type.
Possible values:
ANDROID
CHROME_EXTENSION
IOS
OAUTH2_CLIENT
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=REMOVE_FROM_TRUSTED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{OAUTH2_APP_NAME} no longer trusted for {ORG_UNIT_NAME}
App removed from Blocked list
Event details
Event name
REMOVE_FROM_BLOCKED_OAUTH2_APPS
Parameters
OAUTH2_APP_ID
string
OAuth2 application ID.
OAUTH2_APP_NAME
string
Name of service.
OAUTH2_APP_TYPE
string
OAuth2 application type.
Possible values:
ANDROID
CHROME_EXTENSION
IOS
OAUTH2_CLIENT
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=REMOVE_FROM_BLOCKED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{OAUTH2_APP_NAME} removed from Blocked list for {ORG_UNIT_NAME}
App removed from Limited list
Event details
Event name
REMOVE_FROM_LIMITED_OAUTH2_APPS
Parameters
OAUTH2_APP_ID
string
OAuth2 application ID.
OAUTH2_APP_NAME
string
Name of service.
OAUTH2_APP_TYPE
string
OAuth2 application type.
Possible values:
ANDROID
CHROME_EXTENSION
IOS
OAUTH2_CLIENT
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=REMOVE_FROM_LIMITED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{OAUTH2_APP_NAME} removed from Limited list for {ORG_UNIT_NAME}
App removed from Trusted by OAuth Scope list
Event details
Event name
REMOVE_FROM_TRUSTED_BY_OAUTH_SCOPE_OAUTH2_APPS
Parameters
OAUTH2_APP_ID
string
OAuth2 application ID.
OAUTH2_APP_NAME
string
Name of service.
OAUTH2_APP_TYPE
string
OAuth2 application type.
Possible values:
ANDROID
CHROME_EXTENSION
IOS
OAUTH2_CLIENT
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=REMOVE_FROM_TRUSTED_BY_OAUTH_SCOPE_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{OAUTH2_APP_NAME} removed from trusted by OAuth scope list for {ORG_UNIT_NAME}
App trusted
Event details
Event name
ADD_TO_TRUSTED_OAUTH2_APPS
Parameters
OAUTH2_APP_ID
string
OAuth2 application ID.
OAUTH2_APP_NAME
string
Name of service.
OAUTH2_APP_TYPE
string
OAuth2 application type.
Possible values:
ANDROID
CHROME_EXTENSION
IOS
OAUTH2_CLIENT
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=ADD_TO_TRUSTED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{OAUTH2_APP_NAME} trusted for {ORG_UNIT_NAME}
Apps added to Blocked list
Event details
Event name
MULTIPLE_ADD_TO_BLOCKED_OAUTH2_APPS
Parameters
OAUTH2_NUM_APPS
integer
Number of OAuth2 apps.
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=MULTIPLE_ADD_TO_BLOCKED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{OAUTH2_NUM_APPS} apps added to Blocked list for {ORG_UNIT_NAME}
Apps added to Limited list
Event details
Event name
MULTIPLE_ADD_TO_LIMITED_OAUTH2_APPS
Parameters
OAUTH2_NUM_APPS
integer
Number of OAuth2 apps.
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=MULTIPLE_ADD_TO_LIMITED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{OAUTH2_NUM_APPS} apps added to Limited list for {ORG_UNIT_NAME}
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=MULTIPLE_ADD_TO_TRUSTED_BY_OAUTH_SCOPE_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{OAUTH2_NUM_APPS} apps added to Trusted by OAuth Scope list for {ORG_UNIT_NAME}
Apps added to Trusted list
Event details
Event name
MULTIPLE_ADD_TO_TRUSTED_OAUTH2_APPS
Parameters
OAUTH2_NUM_APPS
integer
Number of OAuth2 apps.
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=MULTIPLE_ADD_TO_TRUSTED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{OAUTH2_NUM_APPS} apps added to Trusted list for {ORG_UNIT_NAME}
Apps lists bulk upload
Event details
Event name
OAUTH_APPS_BULK_UPLOAD
Parameters
BULK_UPLOAD_SUCCESS_OAUTH_APPS_NUMBER
string
Bulk upload successful oauth app number.
BULK_UPLOAD_TOTAL_OAUTH_APPS_NUMBER
string
Bulk upload total oauth app number.
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=OAUTH_APPS_BULK_UPLOAD&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{BULK_UPLOAD_SUCCESS_OAUTH_APPS_NUMBER} of {BULK_UPLOAD_TOTAL_OAUTH_APPS_NUMBER} rows successfully uploaded
Apps lists bulk upload notification
Event details
Event name
OAUTH_APPS_BULK_UPLOAD_NOTIFICATION_SENT
Parameters
USER_EMAIL
string
The user's primary email address.
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=OAUTH_APPS_BULK_UPLOAD_NOTIFICATION_SENT&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Notification of bulk upload for apps list sent to {USER_EMAIL}
Block On Device Access
Summary message to display in the audit log when device access for OAuth2 apps is blocked.
Event details
Event name
BLOCK_ON_DEVICE_ACCESS
Parameters
OAUTH2_SERVICE_NAME
string
OAuth2 service name.
Possible values:
APPS_SCRIPT Apps Script Service name.
APPS_SCRIPT_RUNTIME
CALENDAR
CLASSROOM Classroom service.
CLOUD_BILLING
CLOUD_MACHINE_LEARNING
CLOUD_PLATFORM
CLOUD_SEARCH Cloud search service.
CONTACTS
DRIVE
DRIVE_HIGH_RISK
GMAIL
GMAIL_HIGH_RISK
GROUPS Groups service.
GSUITE_ADMIN
TASKS Tasks service.
VAULT
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=BLOCK_ON_DEVICE_ACCESS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Block on device {OAUTH2_SERVICE_NAME} access for {ORG_UNIT_NAME}
Change 2-Step Verification Enrollment Period Duration
The new SETTING_NAME value that was set during this event.
OLD_VALUE
string
The previous SETTING_NAME value that was replaced during this event.
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=CHANGE_TWO_STEP_VERIFICATION_ENROLLMENT_PERIOD_DURATION&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
2-step verification enrollment period duration for {ORG_UNIT_NAME} changed from {OLD_VALUE} to {NEW_VALUE}
Change 2-Step Verification Frequency
Event details
Event name
CHANGE_TWO_STEP_VERIFICATION_FREQUENCY
Parameters
GROUP_EMAIL
string
The group's primary email address.
NEW_VALUE
string
The new SETTING_NAME value that was set during this event.
OLD_VALUE
string
The previous SETTING_NAME value that was replaced during this event.
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=CHANGE_TWO_STEP_VERIFICATION_FREQUENCY&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
2-step verification frequency for {ORG_UNIT_NAME} changed from {OLD_VALUE} to {NEW_VALUE}
The new SETTING_NAME value that was set during this event.
OLD_VALUE
string
The previous SETTING_NAME value that was replaced during this event.
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=CHANGE_TWO_STEP_VERIFICATION_GRACE_PERIOD_DURATION&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
2-step verification grace period duration for {ORG_UNIT_NAME} changed from {OLD_VALUE} to {NEW_VALUE}
Change 2-Step Verification Start Date
Event details
Event name
CHANGE_TWO_STEP_VERIFICATION_START_DATE
Parameters
GROUP_EMAIL
string
The group's primary email address.
NEW_VALUE
string
The new SETTING_NAME value that was set during this event.
OLD_VALUE
string
The previous SETTING_NAME value that was replaced during this event.
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=CHANGE_TWO_STEP_VERIFICATION_START_DATE&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
2-step verification start date has been changed from {OLD_VALUE} to {NEW_VALUE}
Change Allowed 2-step Verification Methods
Event details
Event name
CHANGE_ALLOWED_TWO_STEP_VERIFICATION_METHODS
Parameters
ALLOWED_TWO_STEP_VERIFICATION_METHOD
string
Allowed two-step verification method.
Possible values:
ANY A label that targets any distribution.
ONLY_SECURITY_KEY
GROUP_EMAIL
string
The group's primary email address.
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=CHANGE_ALLOWED_TWO_STEP_VERIFICATION_METHODS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
2-step verification allowed 2-step verification methods for {ORG_UNIT_NAME} changed to {ALLOWED_TWO_STEP_VERIFICATION_METHOD}
Context Aware Access Enablement
Event details
Event name
TOGGLE_CAA_ENABLEMENT
Parameters
NEW_VALUE
string
The new SETTING_NAME value that was set during this event.
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=TOGGLE_CAA_ENABLEMENT&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Context Aware Access has been {NEW_VALUE}.
Context Aware Access Error Message Change
Event details
Event name
CHANGE_CAA_ERROR_MESSAGE
Parameters
NEW_VALUE
string
The new SETTING_NAME value that was set during this event.
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=CHANGE_CAA_ERROR_MESSAGE&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Error message has been changed to [{NEW_VALUE}]. (OrgUnit Name: {ORG_UNIT_NAME})
Context Aware Access Remediation Enablement
Event details
Event name
TOGGLE_CAA_REMEDIATION_ENABLEMENT
Parameters
NEW_VALUE
string
The new SETTING_NAME value that was set during this event.
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=TOGGLE_CAA_REMEDIATION_ENABLEMENT&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Context Aware Access Remediation has been {NEW_VALUE}. (OrgUnit Name: {ORG_UNIT_NAME})
Disabled Edu over 18 users apps requests
Event details
Event name
EDU_OVER_18_APPROVAL_WORKFLOW_DISABLED
Parameters
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=EDU_OVER_18_APPROVAL_WORKFLOW_DISABLED&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Disabled Edu over 18 users apps requests for {ORG_UNIT_NAME}
Disabled over 18 users making delegated apps requests
Event details
Event name
EDU_DELEGATED_USER_APPROVAL_WORKFLOW_DISABLED
Parameters
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=EDU_DELEGATED_USER_APPROVAL_WORKFLOW_DISABLED&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Disabled over 18 users making delegated apps requests for {ORG_UNIT_NAME}
Disabled under 18 users apps requests
Event details
Event name
UNDERAGE_USER_APPROVAL_WORKFLOW_DISABLED
Parameters
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=UNDERAGE_USER_APPROVAL_WORKFLOW_DISABLED&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Disabled under 18 users apps requests for {ORG_UNIT_NAME}
Disabled users over 18 to make apps requests
Event details
Event name
USER_APPROVAL_WORKFLOW_DISABLED
Parameters
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=USER_APPROVAL_WORKFLOW_DISABLED&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Disabled users over 18 to make apps requests for {ORG_UNIT_NAME}
Domain Owned Apps not trusted
Event details
Event name
UNTRUST_DOMAIN_OWNED_OAUTH2_APPS
Parameters
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=UNTRUST_DOMAIN_OWNED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Domain Owned Apps removed from trusted list
Domain Owned Apps trusted
Event details
Event name
TRUST_DOMAIN_OWNED_OAUTH2_APPS
Parameters
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=TRUST_DOMAIN_OWNED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Domain Owned Apps added to trusted list
Enable Non-Admin User Password Recovery
Event details
Event name
ENABLE_NON_ADMIN_USER_PASSWORD_RECOVERY
Parameters
GROUP_EMAIL
string
The group's primary email address.
NEW_VALUE
string
The new SETTING_NAME value that was set during this event.
OLD_VALUE
string
The previous SETTING_NAME value that was replaced during this event.
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=ENABLE_NON_ADMIN_USER_PASSWORD_RECOVERY&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Enable non-admin user password recovery setting in {ORG_UNIT_NAME} organization changed from {OLD_VALUE} to {NEW_VALUE}
Enabled Edu over 18 users apps requests
Event details
Event name
EDU_OVER_18_APPROVAL_WORKFLOW_ENABLED
Parameters
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=EDU_OVER_18_APPROVAL_WORKFLOW_ENABLED&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Enabled Edu over 18 users apps requests for {ORG_UNIT_NAME}
Enabled over 18 users making delegated apps requests
Event details
Event name
EDU_DELEGATED_USER_APPROVAL_WORKFLOW_ENABLED
Parameters
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=EDU_DELEGATED_USER_APPROVAL_WORKFLOW_ENABLED&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Enabled over 18 users making delegated apps requests for {ORG_UNIT_NAME}
Enabled under 18 users apps requests
Event details
Event name
UNDERAGE_USER_APPROVAL_WORKFLOW_ENABLED
Parameters
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=UNDERAGE_USER_APPROVAL_WORKFLOW_ENABLED&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Enabled under 18 users apps requests for {ORG_UNIT_NAME}
Enabled users over 18 to make apps requests
Event details
Event name
USER_APPROVAL_WORKFLOW_ENABLED
Parameters
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=USER_APPROVAL_WORKFLOW_ENABLED&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Enabled users over 18 to make apps requests for {ORG_UNIT_NAME}
Enforce 2-Step Verification
Event details
Event name
ENFORCE_STRONG_AUTHENTICATION
Parameters
DOMAIN_NAME
string
The primary domain name.
GROUP_EMAIL
string
The group's primary email address.
NEW_VALUE
string
The new SETTING_NAME value that was set during this event.
OLD_VALUE
string
The previous SETTING_NAME value that was replaced during this event.
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
SETTING_NAME
string
The unique name (ID) of the setting that was changed.
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=ENFORCE_STRONG_AUTHENTICATION&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{SETTING_NAME} in security settings for your organization changed from {OLD_VALUE} to {NEW_VALUE}
Error message for restricted OAuth2 apps updated
Summary message to display in the audit log for Oauth2 scope management settings.
Event details
Event name
UPDATE_ERROR_MSG_FOR_RESTRICTED_OAUTH2_APPS
Parameters
NEW_VALUE
string
The new SETTING_NAME value that was set during this event.
OLD_VALUE
string
The previous SETTING_NAME value that was replaced during this event.
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=UPDATE_ERROR_MSG_FOR_RESTRICTED_OAUTH2_APPS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Error message for restricted OAuth2 apps for your organization updated from {OLD_VALUE} to {NEW_VALUE}
Less Secure Apps Access setting changed
Event details
Event name
WEAK_PROGRAMMATIC_LOGIN_SETTINGS_CHANGED
Parameters
GROUP_EMAIL
string
The group's primary email address.
NEW_VALUE
string
The new SETTING_NAME value that was set during this event.
OLD_VALUE
string
The previous SETTING_NAME value that was replaced during this event.
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=WEAK_PROGRAMMATIC_LOGIN_SETTINGS_CHANGED&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Setting changed for {ORG_UNIT_NAME} organization unit from {OLD_VALUE} to {NEW_VALUE}
Session Control Settings Change
Event name for change in session control settings.
Event details
Event name
SESSION_CONTROL_SETTINGS_CHANGE
Parameters
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
REAUTH_APPLICATION
string
Application for with reauthentication settings apply.
Possible values:
ADMIN_CONSOLE Google admin console.
CLOUD_ADMIN_TOOLS Google cloud admin tools.
REAUTH_SETTING_NEW
string
Old Session control settings.
Possible values:
INHERIT Message to represent setting that inherits from its parent org unit.
NEVER Message to represent setting that never does reauthentication.
REAUTH_SETTING_OLD
string
Old Session control settings.
Possible values:
INHERIT Message to represent setting that inherits from its parent org unit.
NEVER Message to represent setting that never does reauthentication.
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=SESSION_CONTROL_SETTINGS_CHANGE&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Session Control Settings updated for {REAUTH_APPLICATION} from {REAUTH_SETTING_OLD} to {REAUTH_SETTING_NEW}. (OrgUnit Name: {ORG_UNIT_NAME})
Session length changed
Event details
Event name
CHANGE_SESSION_LENGTH
Parameters
NEW_VALUE
string
The new SETTING_NAME value that was set during this event.
OLD_VALUE
string
The previous SETTING_NAME value that was replaced during this event.
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=CHANGE_SESSION_LENGTH&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Session length has been changed from {OLD_VALUE} to {NEW_VALUE}
Unblock on Device Access
Summary message to display in the audit log when device access for OAuth2 apps is unblocked.
Event details
Event name
UNBLOCK_ON_DEVICE_ACCESS
Parameters
OAUTH2_SERVICE_NAME
string
OAuth2 service name.
Possible values:
APPS_SCRIPT Apps Script Service name.
APPS_SCRIPT_RUNTIME
CALENDAR
CLASSROOM Classroom service.
CLOUD_BILLING
CLOUD_MACHINE_LEARNING
CLOUD_PLATFORM
CLOUD_SEARCH Cloud search service.
CONTACTS
DRIVE
DRIVE_HIGH_RISK
GMAIL
GMAIL_HIGH_RISK
GROUPS Groups service.
GSUITE_ADMIN
TASKS Tasks service.
VAULT
ORG_UNIT_NAME
string
The organizational unit (OU) name (path).
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=UNBLOCK_ON_DEVICE_ACCESS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Unblock on device {OAUTH2_SERVICE_NAME} access for {ORG_UNIT_NAME}
Users requesting access list download
Event details
Event name
DOWNLOAD_PENDING_APP_USER_REQUESTS
Parameters
OAUTH2_APP_ID
string
OAuth2 application ID.
OAUTH2_APP_NAME
string
Name of service.
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=DOWNLOAD_PENDING_APP_USER_REQUESTS&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Downloaded list of users requesting access to {OAUTH2_APP_NAME}
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-12-19 UTC."],[[["This document outlines Security Settings Admin Audit activity events and their associated parameters."],["These events track changes to security settings within Google Admin, such as OAuth app access, 2-Step Verification, and Context-Aware Access."],["You can retrieve these events using the Activities.list() method with applicationName=admin and type=SECURITY_SETTINGS."],["The table provides event names, descriptions, relevant parameters, sample API requests, and Admin Console message formats for each event."],["This information is crucial for monitoring and auditing security-related administrative actions within your Google Workspace environment."]]],[]]