Description
Google Workspace and Cloud Identity can share administrative audit log data with Google Cloud. Enable this setting so user, password, and security configuration changes from the identity provider are available in Cloud Logging.
Rationaleโ
Centralized identity audit logs help security teams correlate Workspace or Cloud Identity administrative events with Google Cloud resource activity. Without this setting, important identity events remain only in the Admin Console, which limits monitoring, alerting, retention, and incident investigation.
Impactโ
Enabling the setting sends additional audit log data to Google Cloud. Organizations should confirm that log retention, access controls, and monitoring rules are configured for the resulting Cloud Logging data.
Auditโ
From Google Admin Consoleโ
- Sign in to the Google Admin Console as a Super Admin.
- Go to
Account>Account settings. - Open
Legal and compliance. - Locate
Sharing options>Google Cloud Platform Sharing Options. - Verify that the setting is
Enabled.
Default Valueโ
By default, Google Workspace and Cloud Identity Admin audit logs are available in the Google Admin Console and are not necessarily shared with Google Cloud.