As your organization's administrator, you can use the OAuth Token audit log to track which users are using which third-party mobile or web applications in your domain. For example, when a user opens a Google Workspace Marketplace app, the log records the name of the app and the person using it.
The log also records each time a third-party application is authorized to access Google Account data, such as Google Contacts, Calendar, and Drive files (Google Workspace only).
Open the OAuth Token audit log
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
From the Admin console Home page, go to Reports.
- On the left, under Audit log, click Token.
-
(Optional) To customize what data you see, on the right, click Manage columns
. Select the columns that you want to see or hide
click Save.
-
(Optional) Review ways to filter and export log data and create alerts.
Data you can view
The Admin console bases its OAuth Token audit logs on the following user data:
Data Type | Description |
---|---|
Event description | Summary of the event, such as Super Admin David authorized access to Google Chrome for https://www.google.com/accounts/OAuthLogin scopes |
Event name | Activity, Authorize, and Revoke events are logged.
|
User | User for whom access was authorized or revoked |
Application name | Application for which access was authorized or revoked |
Client ID | OAuth client ID of the application for which access was authorized or revoked |
Scope | Scopes to which access was authorized or revoked |
Date | Date and time the event occurred (displayed in your browser's default time zone) |
IP address | Internet Protocol (IP) address of the user for whom access was authorized or revoked. This might reflect their physical location, but it can be something else like a proxy server or a Virtual Private Network (VPN) address. |
Event names
At Add a filter, select an Event name to filter data for that event. The audit log shows entries for each time the particular event occurred during the time range that you set. Event names for the OAuth Token audit log include:
- Activity
- Authorize
- Revoke