This is an overview of the Users Detail Page.
ACCOUNT INFO:
At the top of the User Detail Page you will find high level information about the user.
Outside Domain Account: If the account is outside of your environment it will be marked so here.
Sharing With Outside Domain: If the account has shared files to outside of your cloud environment.
Last Accessed On: The date the account was last used.
Last Accessed IP Address: The last IP address used to access the account.
Last Location Accessed: The last location, based on the IP address of the account.
ACCOUNT METRICS:
To the right of the account info are the account metrics tiles, here you will find more detailed information about the account.
IP Addresses Accessed: The total number of IP addresses used to access the account.
Locations Accessed: The number of locations used to access the account.
Unapproved Locations Accessed: The number of unapproved locations that the account has logged in from.
Folders: The number of folders the user has access to.
Files: The number of files the account has access to.
Risky Files: The number of files the user has access to that contain risk.
Malware Files: The number of files the account has access to that contain malware.
Quarantined Files: The number of files the user has in quarantine.
Groups: The number of groups the user is registered in.
Total No of Apps: The number of apps registered to the user account.
Total No Of Courses: The total number of google classroom courses the account is associated with.
ACTIVITIES:
The activities box will display information about an accounts login addresses, locations, and event types.
Search Bar: You are able to search by IP, or location. Simply click the down arrow to switch your search parameter.
Filters: The filters box can be found on the right side of the screen.
Login Date / Time: You can set date ranges here.
Suspicious Login: Here you can search by suspicious or unsuspicious logins.
Event Type: Filter by the type of event, Success, Failure, or Logout.
Activities Box:
Here you will find search results, or total number of logins. You will see that there are four columns.
IP Address: The IP address of the event.
Location: The location of the event.
Time: The time of the event.
Event Type: The type of event, a logon, logoff, or suspicious attempt will be marked here.
(O365 ONLY) Device: The device type that was used to sign on, as well as browser info.
ACTIONS:
At the top of the page you are able to take four actions against an account.
Have I Been Pwned?: Check if the account has been found in any data breaches.
Suspend: Suspend the users account to prevent logins or other behavior by the user.
Unsuspend: If an account has already been suspended, you're able to unsuspend the account with this button.
Reset Password: This button allows you to chose a new password for the account.
Download and Send Activity Audit: See below.
Analyze Meet Activity: Show all google meet activity for the selected user. See our guide here for more info.
Activity Audit:
These buttons allow you to download or send a CSV file of the user's login and/or drive activity that took place within the selected time frame.
Login: Will contain login information about the specified user, such as successful logins, failed attempts, and suspicious logins, with IP addresses and times.
Drive: Will contain information about the users activity within G-Drive.
Calendar: Will contain Google calendar information such as even creation, editing, etc.
OAuth Token: Will contain OAuth events for 3rd party apps. (When 3rd party apps use their granted permissions and which permissions were used)
Groups: Will contain events related to google groups such as creation, adding members, removing members, etc.
Enterprise Groups: Will contain events related to google enterprise groups if your organization has google enterprise.
Mobile: Will contain events of connected mobile devices such as OS updates, email syncs, etc.
User Accounts: Will contain events related to user accounts such as new account creation, account changes, etc.
Cloud Platform: Will contain events from Google Cloud Platform if in use by your organization.