Search
Clear search
Close search
Google apps
Main menu

OAuth Token audit log

The OAuth Token audit log records every time a third-party mobile or web application is authorized to access Google account data (such as Contacts, Calendar, and Drive files) for users in your organization.

For example, when a user starts a Google Marketplace app you've installed in your domain, the Token log records the name of the app, the person using it, and the scope of data access requested by the app. This lets you track which users are using which apps, and when.

To access the OAuth Token audit log, sign in to your Admin console and click Reports > Audit > Token. The page displays the following information:

  • Event Description—A summary of the event, such as "Super Admin David authorized access to Google Chrome for https://www.google.com/accounts/OAuthLogin scopes"
  • Event Name—The action performed: Authorize or Revoke.
  • Application Name—The application for which access was authorized or revoked.
  • Scope—Scopes to which access was authorized or revoked.
  • Date—The date the event occurred (displayed in your domain's default timezone).

Use the Filters section at the side to configure the page to only display data that meets certain criteria. For example, the page can show events of a particular type, or events that occurred during a specific date range. Once you've entered your criteria, click Search to filter. To clear your filters, click Reset.

You can also use the Filters section to create and configure a custom alert. Custom alerts do not use the Date Range. Choose an event name from the drop-down list and your other filters, then click the SET ALERT button. In the Set alert: window you can add a custom alert name, check the Super Administrator(s) box, or add additional recipient user emails. After you configure your custom alert click the SAVE button. To edit your custom alerts, refer to Account activity alerts.

Filter log entries

You can filter log entries by various criteria, say, to find all revoked tokens, authorized tokens for a particular application, or tokens authorized by specific users. At the top of the OAuth token audit log, click the Filters icon (next to the Select columns icon). Then filter by any of the following criteria:

  • Event name—The action the user performed, such as Authorize or Revoke.
  • User name—The ldap of the user for whom access was authorized or revoked.
  • Application name—The application for which access was authorized or revoked.
  • Client id—The OAuth client id of the application for which access was authorized or revoked.
  • Scope—Scopes to which access was authorized or revoked.
  • IP address—The IP address of the user for whom access was authorized or revoked.
  • Date and time range—A start and end date and time for listing events.

Note the following:

  • If you don't see the Filters section, click filter.
  • Each entry in the log is associated with a single event.
  • To change the columns the log displays, click Select columns. The page remembers the columns you choose and shows the same ones the next time you sign in.
  • The log shows data delayed by a few hours and keeps data from up to six months ago.

The Admin console reports show historical data generated for the last seven days, the last month, the last three months, or the last six months. The date in the upper right indicates the most recent day for which report data is available. The pulldown arrow next to the date opens a calendar page you can use to select another day to use. The latest date for which all data points are present has a green background. You can select another date beyond the full data date but any later date you choose may have partial data and may only show a subset of the expected reports. There are specific data retention times for collected data depending on the particular report.

Keep in mind reports do not reflect real-time data, and some reports may take longer to display updated information. There are specific lag times before collected data is available.
Was this article helpful?
Sign in to your account

Get account-specific help by signing in with your Apps for Work account email address, or learn how to get started with Apps for Work.