View the audit log

The audit log provides a history of changes to user accounts, user roles, and more for your organization. Audit logs are available for each of your organizations in intervals of 30, 60, or 90 days.

To view an audit log:

Switch to the organization for which you want to see the audit log.
Click Settings, and then select the Security tab.
From the Audit Logs section, select the length of the audit log you want to Download as CSV. You can download the last 30, 60, or 90 days.

The audit log includes details for these fields:

typename: log type
actionResult: whether the action was successful
user ID: unique user ID for the user causing the event
event: detailed data from the event
eventTime: date and time the event occurred, in the YYYY-MM-DD format
eventType: event category of the logged action

The available eventTypes include:

eventType	Description
ACCEPT_USER_TO_ORGANIZATION	A user has been accepted to an organization.
ADD_SAML_IDP	A new SSO identity provider has been added.
COPY_ROLE	An existing role was copied.
CREATE_ORG	A new organization was created.
CREATE_ROLE	A new role was created.
CREATE_USER	A new user account was created.
DELETE_IDP	A new SSO identity provider has been deleted.
DELETE_ORG	An existing organization was deleted.
DELETE_ROLE	An existing role was deleted.
DELETE_TOKEN_FOR_CLIENT	An existing API token was deleted.
DELETE_USER	An existing user account was deleted.
DISABLE_IDP	A new SSO identity provider has been disabled, but not deleted.
DISABLE_ORG_SSO	An SSO was disabled for the organization.
ENABLE_IDP	A new SSO identity provider has been enabled.
ENABLE_ORG_SSO	An SSO was enabled for the organization.
GENERATE_TOKEN_FOR_CLIENT	A new API token was created.
INVITE_USER_TO_ORGANIZATION	A user has been invited to an organization.
PREP_NEW_IDP	A new SSO identity provider configuration has been prepared.
PROVISION_SSO_USER_INTO_ORGANIZATION	An SSO user account was added to the organization.
REMOVE_USER_FROM_ORG	An existing user account was removed from an organization.
REVOKE_INVITATION	A previous user invitation to an organization has been revoked.
UPDATE_IDP	An existing SSO identity provider has been updated.
UPDATE_ROLE	An existing role was updated.

eventType

Description

ACCEPT_USER_TO_ORGANIZATION

A user has been accepted to an organization.

ADD_SAML_IDP

A new SSO identity provider has been added.

COPY_ROLE

An existing role was copied.

CREATE_ORG

A new organization was created.

CREATE_ROLE

A new role was created.

CREATE_USER

A new user account was created.

DELETE_IDP

A new SSO identity provider has been deleted.

DELETE_ORG

An existing organization was deleted.

DELETE_ROLE

An existing role was deleted.

DELETE_TOKEN_FOR_CLIENT

An existing API token was deleted.

DELETE_USER

An existing user account was deleted.

DISABLE_IDP

A new SSO identity provider has been disabled, but not deleted.

DISABLE_ORG_SSO

An SSO was disabled for the organization.

ENABLE_IDP

A new SSO identity provider has been enabled.

ENABLE_ORG_SSO

An SSO was enabled for the organization.

GENERATE_TOKEN_FOR_CLIENT

A new API token was created.

INVITE_USER_TO_ORGANIZATION

A user has been invited to an organization.

PREP_NEW_IDP

A new SSO identity provider configuration has been prepared.

PROVISION_SSO_USER_INTO_ORGANIZATION

An SSO user account was added to the organization.

REMOVE_USER_FROM_ORG

An existing user account was removed from an organization.

REVOKE_INVITATION

A previous user invitation to an organization has been revoked.

UPDATE_IDP

An existing SSO identity provider has been updated.

UPDATE_ROLE

An existing role was updated.

View the audit log

Was this helpful?

Give Feedback