What causes "last login time" to be updated?

[Ian Crew]

Hi all:

With the command:

gam report users user who...@example.org fields accounts:last_login_time

Does anyone know exactly which end-user action(s) cause that field to be updated? In other words, what does a user have to do to have google update their "last login time"? 

• Is it any login whatsoever to their Google account (e.g., authenticating to their Google account to access a third-party service, like Slack, say)? 
• Or is it logging in to access any Google service (like an Apps Script webapp that requires that they be logged in to use it)?
• Or is it logging in to access a Google Workspace service (like logging in to IMAP, or to view a Site)?
• Or is it logging in to access the web UI for a Google Workspace service (like logging in and accessing the Gmail or Drive UIs)?
• Or?
  

Thanks!

Ian

--

Ian Crew

Architect, Communication and Collaboration Services
Productivity & Collaboration Services
Berkeley IT

University of California, Berkeley

[Robert Fine]

Hi Ian, 

I found the following in a reddit post (https://www.reddit.com/r/gsuite/comments/10fescz/google_workspace_shows_active_users_last_sign_in/)

Credits to Brian for the answer, but i noticed the same behavior.

"

can't find official google documentation from my personal experience having worked for a partner for over 5 years, it only tracks browser sign-ins. (no mobile)

better metric might be when they last sent an email, when they last created/edited/viewed an item in drive, etc.

https://developers.google.com/admin-sdk/reports/v1/appendix/usage/user/accounts

https://support.google.com/a/answer/33323?hl=en
https://support.google.com/a/answer/7061566?hl=en

[Ian Crew]

Thanks Robert--that helps a lot!

I also asked Google Support in case they were able to point me to something more official, and here's what they said FWIW. (Anyone know how to get the DirectoryAPI last login via GAM?)

Thank you for contacting Google Workspace Support. My name is Daniel and I have taken your case. I understand that you would like to know more information about how the data is populated for a user's last login. More generally, I understand you would like to ensure that accounts are only kept as active if the user is logging in every 6 months. 

A user's timestamp_last_login from the Reports API is triggered by:

• Interactive web logins via Google login pages
• Suspicious programmatic logins

As you mention, since your organization uses third party SSO for logins, the timestamp_last_sso parameter may be more relevant, as timestamp_last_login does not update for SSO logins.

Alternatively, you can use the Directory API which combines SSO and non-SSO login timestamps with a user's lastLoginTime [1].

Please note that the timestamps above do not update in the following situations:

• Using native apps on mobile devices (such as the Gmail app)
• Non-suspicious programmatic logins

Since your organization uses a third party SSO that is enabled for all users, and since as a large university you may want to keep things simple and easy to communicate to users, I might suggest that the requirement be that each user must make a new login via your SSO provider every 6 months, since SSO logins will update both the timestamp_last_sso parameter in Reports API, and a user's lastLoginTime in Directory API. 

Thanks again,

Ian

--

Ian Crew

Architect, Communication and Collaboration Services
Productivity & Collaboration Services
Berkeley IT

University of California, Berkeley

--
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/google-apps-manager/c658b3d2-4292-42fd-aa4c-501cac57d47dn%40googlegroups.com.