Login related audit events are now located in a single location in the Admin console

What’s changing 

We’ve consolidated all login related audit events to a single location within the Workspace Admin Console under Reports > Audit Log > Login. Here, you can find information on the following events: 
  • Two step verification enrollment or disablement, 
  • Advanced protection enrollment or disablement, 
  • Password changes, 
  • Recovery question changes, 
  • Recovery phone changes, 
  • Recovery email changes, 
  • Out of domain email forwarding enablement.

Who’s impacted 


Why it’s important 

We hope that by displaying this information in a single location, Admins will have greater visibility into critical actions carried out by their users on their own accounts, without having to switch between multiple places in the Admin console. 

Additional details 

You can also use the Reports API to view information on login events. Use the Google Workspace Developer Guide to learn more about getting started with the Reports API and using the Login Activity Report

Enterprise plus and Education Plus Super Admins can also use the security investigation tool (Admin console > Security > Investigation Tool > User Log Events) to view more detailed information and take action on suspicious login activity.

Getting started 

Rollout pace 


  • Available to all Google Workspace customers, as well as G Suite Basic and Business customers