Admin audit log

View administrator activity in the Admin console

You can use the Admin audit log to see a record of actions performed in your Google Admin console. For example, you can see when an administrator added a user or turned on a G Suite service.

For other services and activities, such as Google Drive and user activity, go to the list of available audit logs.

Open the Admin audit log

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Reports.
  3. On the left, under Audit, click Admin.
  4. (Optional) To customize what you review, on the right, click Manage columns Manage columns, select the columns that you want to see or hide, and click Save.

Data you can view

Data type Description
Event name The action that was logged, such as revoking a security key or deleting a user.
Date Date and time of the event (displayed in your browser's default time zone).
Event description Details about the action, such as the name of the deleted user.
Admin Name of the admin who performed the action. If an admin action triggers a change to a user’s license, you’ll see License Manager instead.
IP address IP address of the admin. Usually reflects the admin's physical location, but could be a proxy server or VPN address.

Details on event names and descriptions

At Add a filter, select an Event name to filter data for that event. The audit report shows log entries for each time that event occurred during the time range that you set. Most event names are self-explanatory. For example, Add application shows when an application was added to your organization or a domain. However, you might see more detailed log data, such as:

  • Admin role assignment—If you assign a Super Admin role to a user,  the log shows the Event Description as Role_SEED_ADMIN_ROLE.
  • Groups—Logs actions performed in the Admin console, in Google Groups, and more. To track changes by users in Groups, see the Groups audit log.
  • Marketplace services—Logs when an admin adds or removes an app, turns an app on or off, and authorizes or removes API client access. Some apps might not have IP address details.
  • Access groups—Logs when a service is turned on or unset for an access group.

When and how long is the data available?

See Data retention and lag times.

Related topics

Was this helpful?
How can we improve it?