Context-Aware Access audit log

As your organization's administrator, you can use the Context-Aware Access audit log to troubleshoot when a user is denied access to an app. Entries usually appear within an hour of when the user’s access is denied.

For more information, see Context-aware access.

Note: For details on when log data becomes available and how long it's retained, see Data retention and lag times.

Step 1: Open your Context-Aware Access audit log

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Reports.
  3. On the left, click Audit and then Context-Aware Access.
  4. (Optional) On the toolbar, click Manage columns Manage columns and select the columns you want to see or hide.

Step 2: Understand Context-Aware Access audit log data

Data type Description
Event description The action that was logged, such as a user being denied access to an app.
Device ID Device ID as shown in Device Management > Endpoint verification
Application App the user was denied access to.
Access Level Applied Access levels that are assigned to the app the user tried to access.
IP address IP address of the user.
Date Date and time of the event (displayed in your browser's default time zone).

Step 3: Customize and export your audit log data

Filter the audit log data by user or activity

You can narrow your audit log to show specific events or users. For example, find all log events for when a particular user was denied access.

  1. Open your audit log as shown above.
  2. Click Add Filter.
  3. Enter or select the criteria for your filter.
  4. (Optional) Click Date range, select a period from the list, or enter a start and end date, and time.
  5. Click Apply.

Filter by organizational unit

You can filter by organizational unit to compare statistics between child organizations in a domain.

  1. Open your audit log as shown above.
  2. At the top, click Organization filter, search for a name or select an organizational unit from the list.
  3. (Optional) Click Date range, select a period from the list, or enter a start and end date, and time.

    Note: You can filter by any event at + Add a filter, and then filter the results by Organization filter or Date range.

  4. Click Apply.

Export your audit log data

You can export your audit log data to Google Sheets or download it to a CSV file.

  1. Open your audit log as shown above.
  2. (Optional) To change the data to include in your export, click Manage columns Manage columns, select or remove the columns that you want to export, and click Save.
  3. Click Download Download.
  4. Under Select columns, click Currently selected columns or All columns.
  5. Under Select format, click Google Sheets or comma-separated values (CSV).
  6. Click Download.

You can export a maximum of 100,000 rows to Sheets or CSV.

How old is the data I'm seeing?

For details on exactly when data becomes available and how long it's retained, see Data retention and lag times.

Step 4: Set up email alerts

You can receive email alerts for sign-in activity based on your filters.

  1. Open your audit log as shown above.
  2. Click Add Filter.
  3. Enter or select the criteria for your filter.
    You can't create an alert without applying a filter.
  4. Click Create Alert and enter a name for the alert.
  5. At Recipients, click Turn on Turn on to send the alert to a super administrator account.
  6. Enter the email addresses of any other alert recipients.
  7. Click Create.

To edit your custom alerts, see Administrator email alerts.

Was this helpful?
How can we improve it?