Search
Clear search
Close search
Google apps
Main menu

Google Apps is now G Suite. Same service, new name. More about the name change.

OAuth Token audit log

Track 3rd-party application Google account data access authorization

As a G Suite administrator, you'll want to get a list of every time a third-party mobile or web application is authorized to access Google account data (such as Contacts, Calendar, and Drive files).

For example, when a user starts a Google Marketplace app you've installed in your domain, the Token log records the name of the app, the person using it, and the scope of data access requested by the app. This lets you track which users are using which apps, and when.

Step 1: Open your OAuth Token audit log

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console dashboard, go to Reports.

    To see Reports, you might have to click More controls at the bottom.

  3. Click Token.
  4. On the toolbar, click Select columns Select columns. Then select the data you want to show in your log.
  5. See below for how to interpret and customize log data.

Step 2: Understand Token audit log data

Data you can view

The Admin console bases its OAuth Token audit logs on the following user data:

Data Type Description
Event name Action the user performed, such as Authorize or Revoke.
Event description Summary of the event, such as "Super Admin David authorized access to Google Chrome for https://www.google.com/accounts/OAuthLogin scopes".
User Email address of the user for whom access was authorized or revoked.
Application name Application for which access was authorized or revoked.
Client ID OAuth client ID of the application for which access was authorized or revoked.
Scope Scopes to which access was authorized or revoked.
Date Date and time the event occurred (displayed in your browser's default time zone).
IP address Internet Protocol (IP) address of the user for whom access was authorized or revoked. This might reflect their physical location, but it can be something else like a proxy server or a Virtual Private Network (VPN) address.

Step 3: Customize and export your audit log data

Filter the audit log data by user or activity

You can narrow your audit log to show specific events or users. For example, find all log events for when users authorized or revoked access by a specified application, or find all OAuth token authorization activity for a particular user.

  1. Open your OAuth Token audit log as shown above.
  2. If you don't see the Filters section, click Filter Filter.
  3. Enter or select the criteria for your filter. You can filter on any combination of the data you can view in the log.
  4. Click Search.

Export your audit log data

You can export your OAuth Token audit log data to a Google Sheet, or download it to a CSV file.

  1. Open your OAuth Token audit log as shown above.
  2. (Optional) To change the data to include in your export, on the toolbar, click Select columns Select columns.
  3. On the toolbar, click Download Download.

You can export up to 210,000 cells. The maximum number of rows depends on the number of columns you select.

Change how much data you show

You won’t see complete data up to the present day. Instead, activity in recent days might only be partially reported while it’s still being collected. To choose an end date for collecting data and see the most recent date full data is available:

  1. At the top, next to the calendar, click the Down arrow Down Arrow.
  2. In the calendar, choose an end date for collecting data in your report.

    A green background marks the latest date when all data are collected. You can select a date after that, but later days might report only partial data.

For details on exactly when data becomes available and how long it's retained, see Data retention and lag times.

Step 4: Set up email alerts

You can easily track specific OAuth token activities by setting up alerts. For example, get an alert whenever someone authorizes or revokes access by a specified application.

  1. Open your OAuth Token audit log as shown above.
  2. If you don't see the Filters section, click Filter Filter.
  3. Enter or select the criteria for your filter. To set up an alert, you can filter on any combination of the data you can view in the log except date and time range.
  4. Click Set Alert.
  5. In the Set alert: Token box, enter a name for the alert.
  6. Check the box to deliver the alert to the account super administrators.
  7. Enter the email addresses of any other alert recipients.
  8. Click Save.

To edit your custom alerts, see Administrator email alerts.

Was this article helpful?
How can we improve it?
Sign in to your account

Get account-specific help by signing in with your G Suite account email address, or learn how to get started with G Suite.