Some alerts are limited or unavailable if you’re using an external SSO ldP.
As your organization's administrator, you can receive email alerts when something important happens in your organization, such as a suspicious sign-in attempt, a compromised mobile device, or when another administrator changes settings. When you turn on an alert for an activity, you'll receive an email each time that activity happens, up to 25 emails in 2 hours.
Tip: If you’re using a personal account, you can see devices that have used your account.
The email alerts listed on this page are managed through the System-defined rule type on the Security rules page (for more details, see View and manage security rules).
Email alerts based on system-defined rulesUser activity alerts
- Apps outage alert—new, updated, or resolved outage on the G Suite Status Dashboard (G Suite only)
- New user added
- Government-based attack
- Suspended user made active
- Suspicious login activity
- User deleted
- User granted Admin privilege
- User suspended
- User’s Admin privilege revoked
- User’s password changed
- Calendar settings changed (G Suite only)
- Drive settings changed (G Suite only)
- Gmail settings changed (G Suite only)
- Mobile settings changed (any mobile management settings are changed)
From the Reports section of the Google Admin console, you can create and manage the following custom alerts based on your organization’s audit logs.
- Admin audit
- Calendar audit (G Suite only)
- Drive audit (G Suite only) This feature is available with G Suite Business, Education, Enterprise, and Drive Enterprise editions. Compare editions
- Google+ audit (G Suite only)
- Login audit
- Mobile audit (G Suite only) This feature is available with G Suite Business and Enterprise editions, or Drive Enterprise edition. Compare editions
- Tokens audit