GET https://www.googleapis.com/admin/reports/v1/activity/users/userKey
GET https://www.googleapis.com/admin/reports/v1/activity/users/all/applications/drive
num_docs_internally_visible, num_docs_externally_visible, num_docs_shared_outside_domain.
Posted by Sumit Chatterjee, Product Manager, Google Mobile Management and Wesley Chun, Developer Advocate, Google Apps
As security on mobile devices becomes increasingly important, we want to give Google Apps administrators the visibility to monitor key activities occurring on managed devices in their domain. With that in mind, today we are launching Mobile Audit for Google Apps Unlimited users, which audits activities on iOS and Android devices (using the native iOS Sync and Android Sync protocols) managed by Google Mobile Management. Examples of activities that are recorded include: operating system updates, device settings changes, and mobile application installs, updates and removals.
Google Apps Administrators can also go to the Reports page in the Admin console to see all the Mobile Audit events. Below is an example of what this page looks like querying one user’s activity, including newly registered devices:
As part of this launch, we are excited to make all Mobile Audit events available programmatically through the Admin SDK Reports API via Mobile Audit Activity Events. The Admin SDK is accessible through its REST API or Google Apps Script. With this new feature, administrators will be able to query all of the Mobile Audit information by user, by device, or by event, as well as verify that all of your deployed devices are running the latest security updates. You can even send this information to an asset management system to track all of your mobile inventory.
For example, if we wanted to download all of the newly registered devices, you could make a call like this to the API (via Google Apps Script):
AdminReports.Activities.list('all', 'mobile', { eventName: "DEVICE_REGISTER_UNREGISTER_EVENT", filters: "ACCOUNT_STATE==REGISTERED", maxResults: 1000 });
Once you have the response from the API, you could easily parse through that data, including device models, serial numbers, user email addresses, and any other relevant information to help you track your inventory.
A more critical use case that mobile administrators have been asking for is a way to take proactive actions on devices without requiring manual intervention. For example, a mobile administrator may want to automatically block a device when something suspicious is detected. This new feature enables admins to write simple apps that do just that.
Using the Mobile Audit Activity Events in the Reports API and the Mobile Devices component of the Directory API, administrators can create scheduled scripts to check for devices that are reporting suspicious activity, and then take actions on those devices.
The Apps Script snippet below returns results if there are any mobile audit events for suspicious activity:
var response = AdminReports.Activities.list('all', 'mobile', { eventName: "SUSPICIOUS_ACTIVITY_EVENT", maxResults: 1000 });
If there are results, the code below shows you how to retrieve the unique Google identifier for those devices, via the “RESOURCE_ID” parameter. Note that this snippet only assumes a single device reporting suspicious activity—you’ll need to tweak the code to support more than one.
var parameters = response.items[0].events[0].parameters; var resourceId; for (i = 0; i < parameters.length; i++) { if (parameters[i].name == ‘RESOURCE_ID’) { resourceId = parameters[i].value; break; } }
Now the Directory API can be invoked to block the device that corresponds with the above unique identifier using this Apps Script snippet:
AdminDirectory.Mobiledevices.action('my_customer', resourceId, { action: "block" });
We are really excited to see what uses you have for Mobile Audit in the Reports API. For more information and to get started, please see the Developer Guide, reference documentation, and the Help Center. (NOTE: Again, this feature is available only to our customers with users on the Google Apps Unlimited license.)
Posted by Muzammil Esmail, Product Manager, Google for Work and Wesley Chun, Developer Advocate, Google Apps
Over the years, we’ve been updating our APIs with new versions across Drive and Calendar, as well as those used for managing Google Apps for Work domains. These new services offer developers improvements over previous functionality and introduces new features that help Apps administrators better manage their domains.
To deliver even more granular control, today we are announcing the new Calendar Resource API as part of the Admin SDK’s Directory API that enables Google for Work customers to manage their physical resources, like conference rooms, printers, nap pods, tennis courts, walkstations, etc. These physical resources can be added to meetings by end users as needed. The API released today replaces the GDATA Calendar Resource API, so we encourage developers to begin moving their applications and tools to the new API. Please note that we will begin deprecation in January 2016 and sunset the existing API in January 2017. Stay tuned for a formal deprecation announcement with details.
Posted by Rishi Dhand, Product Manager, Google Apps Admin SDK and Wesley Chun, Developer Advocate, Google Apps
In a Google Apps domain, Admin role management (i.e. create, assign, and update admin roles) is a critical function for super admins that helps them distribute admin responsibilities in a more secure manner. Until now, this functionality was only available via the Admin console UI.
Today’s launch of the Roles API (one of the Admin SDK Directory APIs) enables developers to build admin tools that can perform role management programmatically.
This new API will be useful to admins who have either built internal admin tools using the Admin SDK, or developers of third-party admin tools. Both can now use the Roles API to provide selective access to Delegated Admins (DAs) to specific admin capabilities within third-party applications.
Here are some examples of use cases where the Roles API can be leveraged: