Access Evaluation Audit Activity Events
Stay organized with collections
Save and categorize content based on your preferences.
This document lists the events and parameters for
various types of
Access Evaluation Audit activity events. You can retrieve these events by
calling Activities.list
with applicationName=access_evaluation.
Access Token Evaluation
An access token evaluation was performed.
Events of this type are returned with type=access_token_evaluation.
Access Token Request
An access token request was evaluated successfully to allow access.
Event details
Event name
allow_token_request
Parameters
client_type
string
Client Type of the client ID.
Possible values:
CONNECTED_DEVICE A connected device client.
NATIVE_ANDROID An Android application.
NATIVE_APPLICATION A native application.
NATIVE_CHROME_EXTENSION A Chrome application.
NATIVE_DEVICE A native device application.
NATIVE_IOS An iOS application.
NATIVE_SONY A native Sony application.
TYPE_UNSPECIFIED An unspecified client type.
WEB A web application.
configuration_source
string
The Configuration Source.
Possible values:
APP_ACCESS_CONTROL Admin has set a policy in API Controls.
CONFIGURATION_SOURCE_UNSPECIFIED Admin has not set any policy that blocks access for this application.
DOMAIN_WIDE_DELEGATION Admin has domain wide delegated the application.
GOOGLE_WORKSPACE_MARKETPLACE Admin has installed the application in Google Workspace Marketplace.
MOBILE_DEVICE_MANAGEMENT Admin has set a policy in Google Endpoint Management.
device_id
string
The Device ID.
scope_data
message
The Scope Data.
scopes_requested
string
Scopes for which the access was requested.
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/access_evaluation?eventName=allow_token_request&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{actor} token request from {APPLICATION_NAME_IDENTIFIER} was allowed due to {configuration_source}
Allow Token Impersonation
A Token impersonation was evaluated successfully to allow access.
Event details
Event name
allow_token_impersonation
Parameters
client_type
string
Client Type of the client ID.
Possible values:
CONNECTED_DEVICE A connected device client.
NATIVE_ANDROID An Android application.
NATIVE_APPLICATION A native application.
NATIVE_CHROME_EXTENSION A Chrome application.
NATIVE_DEVICE A native device application.
NATIVE_IOS An iOS application.
NATIVE_SONY A native Sony application.
TYPE_UNSPECIFIED An unspecified client type.
WEB A web application.
configuration_source
string
The Configuration Source.
Possible values:
APP_ACCESS_CONTROL Admin has set a policy in API Controls.
CONFIGURATION_SOURCE_UNSPECIFIED Admin has not set any policy that blocks access for this application.
DOMAIN_WIDE_DELEGATION Admin has domain wide delegated the application.
GOOGLE_WORKSPACE_MARKETPLACE Admin has installed the application in Google Workspace Marketplace.
MOBILE_DEVICE_MANAGEMENT Admin has set a policy in Google Endpoint Management.
device_id
string
The Device ID.
scope_data
message
The Scope Data.
scopes_requested
string
Scopes for which the access was requested.
service_account
string
The Service Account.
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/access_evaluation?eventName=allow_token_impersonation&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{service_account} impersonation access for {actor} was allowed due to {configuration_source}
Credential Validation
An end user credential was validated against security policies.
Events of this type are returned with type=credential_validation.
Allow Credential Validation Request
An end user credential was validated successfully against security policies to allow access.
Event details
Event name
allow_credential_validation_request
Parameters
scopes_requested
string
Scopes for which the access was requested.
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/access_evaluation?eventName=allow_credential_validation_request&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{actor} credential validation request from {APPLICATION_NAME_IDENTIFIER} was allowed due to security policy configuration
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-11-20 UTC."],[],[]]
