We’ve consolidated all login related audit events to a single location within the Workspace Admin Console under Reports > Audit Log > Login. Here, you can find information on the following events:
- Two step verification enrollment or disablement,
- Advanced protection enrollment or disablement,
- Password changes,
- Recovery question changes,
- Recovery phone changes,
- Recovery email changes,
- Out of domain email forwarding enablement.
Why it’s important
We hope that by displaying this information in a single location, Admins will have greater visibility into critical actions carried out by their users on their own accounts, without having to switch between multiple places in the Admin console.
You can also use the Reports API to view information on login events. Use the Google Workspace Developer Guide to learn more about getting started with the Reports API and using the Login Activity Report.
Enterprise plus and Education Plus Super Admins can also use the security investigation tool (Admin console > Security > Investigation Tool > User Log Events) to view more detailed information and take action on suspicious login activity.
- Admins: Visit the Help Center to learn more about using the Login audit log in the Admin console.
- End users: No action required.
- Rapid Release and Scheduled Release domains: This feature is available now for all users.
- Available to all Google Workspace customers, as well as G Suite Basic and Business customers