View the audit log
The audit log is your organization’s administrative history, including changes to user accounts, user roles, and more. Audit logs are available in intervals of 30, 60, and 90 days.
To view an audit log:
-
Switch to the organization where you want to view audit logs.
-
Click Settings, and then click Security.
-
In the Audit Logs section, click Download as CSV, and then select the audit log interval to download (30, 60, or 90 days).
The audit log includes the following fields:
-
typename
: The log record type, such asAuditEvent
. -
actionResult
: The outcome of the event, such asSUCCESS
. -
userID
: The UUID of the user who triggered the event. -
event
: Detailed event data, such as the response from the underlying API call associated with the event. -
eventTime
: The date and time that the event occurred in the formatYYYY-MM-DDTHH:MM:SS.SSSZ
. -
eventType
: The event category. PossibleeventTypes
include the following:-
ACCEPT_USER_TO_ORGANIZATION
: A user accepted an invitation to an organization. -
ADD_SAML_IDP
: Added an SSO identity provider configuration in active (enabled) status. -
COPY_ROLE
: Copied an existing role. -
CREATE_ORG
: Created an organization. -
CREATE_ROLE
: Created a role. -
CREATE_USER
: Created a user account. -
DELETE_IDP
: Deleted an SSO identity provider configuration. -
DELETE_ORG
: Deleted an organization. -
DELETE_ROLE
: Deleted a role. -
DELETE_TOKEN_FOR_CLIENT
: Deleted an application token. -
DELETE_USER
: Deleted a user account. -
DISABLE_IDP
: Deactivated an SSO identity provider configuration. -
DISABLE_ORG_SSO
: Deactivated SSO functionality for an organization. This happens if there are no active SSO IdP configurations. -
ENABLE_IDP
: Activated an SSO identity provider configuration. -
ENABLE_ORG_SSO
: Activated SSO functionality for an organization. This happens if there is at least one active SSO IdP configuration. -
GENERATE_TOKEN_FOR_CLIENT
: Created an application token. -
INVITE_USER_TO_ORGANIZATION
: Invited a user to an organization. -
PREP_NEW_IDP
: Added an SSO IdP configuration in draft (inactive) status. -
PROVISION_SSO_USER_INTO_ORGANIZATION
: SSO IdP provisioning added a user to an organization. -
REMOVE_USER_FROM_ORG
: Removed a user from an organization. -
REVOKE_INVITATION
: Cancelled a pending user invitation. -
UPDATE_IDP
: Edited an SSO IdP configuration. -
UPDATE_ROLE
: Edited a role.
-