This is an overview of the Users Detail Page.
ACCOUNT INFO:
At the top of the User Detail Page you will find high level information about the user.
Outside Domain Account: If the account is outside of your environment it will be marked so here.
Sharing With Outside Domain: If the account has shared files to outside of your cloud environment.
Last Accessed On: The date the account was last used.
Last Accessed IP Address: The last IP address used to access the account.
Last Location Accessed: The last location, based on the IP address of the account.
ACCOUNT METRICS:
To the right of the account info are the account metrics tiles, here you will find more detailed information about the account.
IP Addresses Accessed: The total number of IP addresses used to access the account.
Locations Accessed: The number of locations used to access the account.
Unapproved Locations Accessed: The number of unapproved locations that the account has logged in from.
Folders: The number of folders the user has access to.
Files: The number of files the account has access to.
Risky Files: The number of files the user has access to that contain risk.
Malware Files: The number of files the account has access to that contain malware.
Quarantined Files: The number of files the user has in quarantine.
Groups: The number of groups the user is registered in.
Total No of Apps: The number of apps registered to the user account.
Total No Of Courses: The total number of google classroom courses the account is associated with.
The activities box will display information about an accounts login addresses, locations, and event types.
Search Bar: You are able to search by IP, or location. Simply click the down arrow to switch your search parameter.
Filters: The filters box can be found on the right side of the screen.
Login Date / Time: You can set date ranges here.
Suspicious Login: Here you can search by suspicious or unsuspicious logins.
Event Type: Filter by the type of event, Success, Failure, or Logout.
Activities Box:
Here you will find search results, or total number of logins. You will see that there are four columns.
IP Address: The IP address of the event.
Location: The location of the event.
Time: The time of the event.
Event Type: The type of event, a logon, logoff, or suspicious attempt will be marked here.
(O365 ONLY) Device: The device type that was used to sign on, as well as browser info.
At the top of the page you are able to take four actions against an account.
Have I Been Pwned?: Check if the account has been found in any data breaches.
Suspend: Suspend the users account to prevent logins or other behavior by the user.
Unsuspend: If an account has already been suspended, you're able to unsuspend the account with this button.
Reset Password: This button allows you to chose a new password for the account.
Download and Send Activity Audit: See below.
Analyze Meet Activity: Show all google meet activity for the selected user. See our guide here for more info.
Activity Audit:
These buttons allow you to download or send a CSV file of the user's login and/or drive activity that took place within the selected time frame.
Login: Will contain login information about the specified user, such as successful logins, failed attempts, and suspicious logins, with IP addresses and times.
Drive: Will contain information about the users activity within G-Drive.
Calendar: Will contain Google calendar information such as even creation, editing, etc.
OAuth Token: Will contain OAuth events for 3rd party apps. (When 3rd party apps use their granted permissions and which permissions were used)
Groups: Will contain events related to google groups such as creation, adding members, removing members, etc.
Enterprise Groups: Will contain events related to google enterprise groups if your organization has google enterprise.
Mobile: Will contain events of connected mobile devices such as OS updates, email syncs, etc.
User Accounts: Will contain events related to user accounts such as new account creation, account changes, etc.
Cloud Platform: Will contain events from Google Cloud Platform if in use by your organization.
Comments
0 comments
Please sign in to leave a comment.