Project Description

📖 < 1 min read
Google have consolidated all login related audit events to a single location within the Workspace Admin Console under Reports > Audit Log > Login. Here, you can find information on the following events:
  • Two step verification enrollment or disablement,
  • Advanced protection enrollment or disablement,
  • Password changes,
  • Recovery question changes,
  • Recovery phone changes,
  • Recovery email changes,
  • Out of domain email forwarding enablement.

Who’s impacted


Why it’s important

By displaying this information in a single location, Admins will have greater visibility into critical actions carried out by their users on their own accounts, without having to switch between multiple places in the Admin console.

Additional details

You can also use the Reports API to view information on login events. Use the Google Workspace Developer Guide to learn more about getting started with the Reports API and using the Login Activity Report.
Enterprise plus and Education Plus Super Admins can also use the security investigation tool (Admin console > Security > Investigation Tool > User Log Events) to view more detailed information and take action on suspicious login activity.

Getting started

Rollout pace


  • Available to all Google Workspace customers, as well as Google Workspace Basic and Business customers
Thanks for sharing and spreading the word!