> ## Documentation Index > Fetch the complete documentation index at: https://docs.omni.co/llms.txt > Use this file to discover all available pages before exploring further. # Using Google Cloud Storage for Omni audit logs > Configure Google Cloud Storage as the destination for your Omni audit logs to track user activity with structured event data. Reach out to Omni support to have audit logs enabled for your instance. Audit logs are detailed records of the activity your users are taking in Omni, which can be useful for security and performance analysis. Events included in logs are structured as JSON payloads and sent in batches to your cloud storage bucket a few minutes after they're written. ## Supported authentication methods Audit logs can be delivered to a Google Cloud Storage (GCS) bucket using one of two authentication methods: * **Workload Identity Federation** - Workload Identity Federation allows Omni's audit log delivery service to authenticate to your GCS bucket using AWS IAM credentials through GCP Workload Identity Federation. This is the recommended authentication method for GCS as it eliminates the need to manage long-lived service account keys. * **Service account key** - This method uses a service account JSON key file for authentication. While straightforward, it requires managing long-lived credentials. ## Option 1: Workload Identity Federation This approach provides enhanced security by: * Eliminating the need to share or rotate service account keys * Using temporary, automatically rotating credentials * Leveraging your existing AWS and GCP IAM policies ### Requirements * An existing GCS bucket where audit logs will be delivered * Permissions to create and configure a Workload Identity Pool in your GCP project * Permissions to create and configure a service account with write access to your GCS bucket ### Setup Work with Omni support to configure Workload Identity Federation. The setup involves: Omni support will provide you with the AWS Account ID and AWS IAM role ARN that will authenticate to your GCS bucket. Create a [Workload Identity Pool and AWS provider](https://docs.cloud.google.com/iam/docs/workload-identity-federation-with-other-clouds#gcloud_1) in your GCP project. Create a [GCP service account](https://docs.cloud.google.com/iam/docs/service-accounts-create) with write permissions (`objectCreator` role) to your GCS bucket. Configure the Workload Identity Pool to allow the Omni AWS IAM role you received in step 1 to impersonate your GCP service account. Provide Omni support with the following: * Project number * Pool ID * Provider ID * Service account email Omni support completes the configuration on the Omni side. Once configured, audit logs will be automatically delivered to your GCS bucket without requiring any credential management. ## Option 2: Service account key This approach uses a service account JSON key file to authenticate to the GCS bucket. The [Workplace Identity Federation approach](#option-1-workload-identity-federation) is recommended over using a service account key. ### Requirements * An existing GCS bucket where audit logs will be delivered * Permissions in GCS that allow you to create a service account key ### Setup Create a [service account key](https://docs.cloud.google.com/iam/docs/keys-create-delete) in GCS. Provide Omni support with the name of your GCS bucket and the service account key you created in the previous step. Omni support completes the configuration on the Omni side. Once configured, audit logs will be automatically delivered to your GCS bucket. ## Next steps * Learn about the [event types](/administration/audit-logs/event-types) supported for audit logs * Check out your instance's [Analytics section](/administration/analytics)