Audit Logs
Paid Plan Required
Audit logs are only available to organization administrators on the Paid plan.
The audit log records all significant actions in your organization — user logins, session activity, resource changes, and admin operations.
Viewing Audit Logs
Navigate to Audit Logs under the Admin section in the sidebar.
Audit Log Table
| Column | Description |
|---|---|
| Event | The type of event that occurred |
| User | The user who performed the action |
| IP | The IP address the action was performed from |
| Details | Additional context about the event |
| Time | When the event occurred |
Filtering
Use the filter controls at the top of the page to narrow down results:
- Event Type dropdown — Filter by event type (e.g., USER_LOGIN, SESSION_STARTED, RESOURCE_CREATED). Select "All events" to show everything.
- User Email — Search by user email address using the search field (placeholder: "Search email...")
- From / To date pickers — Filter by date range
- Click Clear filters to reset all filters
Pagination
The table is paginated. Use the Previous and Next buttons at the bottom to navigate. The current position is shown as "Page X of Y (Z total)".
Event Types
| Event | Description |
|---|---|
USER_REGISTERED | New organization registered |
USER_LOGIN | User signed in |
USER_CREATED | Admin created a new user |
USER_UPDATED | User profile or status changed |
USER_DELETED | User removed from organization |
SESSION_STARTED | Session created |
SESSION_STOPPED | Session manually stopped |
SESSION_EXTENDED | Session duration extended |
SESSION_EXPIRED | Session expired automatically |
RESOURCE_CREATED | Cloud resource added |
RESOURCE_UPDATED | Cloud resource modified |
RESOURCE_DELETED | Cloud resource removed |
CREDENTIAL_CREATED | Cloud credential added |
CREDENTIAL_DELETED | Cloud credential removed |
ROLE_CREATED | Role created |
ROLE_UPDATED | Role modified |
ROLE_DELETED | Role removed |
Use Cases
- Security reviews — Filter by
USER_LOGINto review sign-in activity - Session auditing — Filter by
SESSION_STARTEDto see who accessed what and when - Change tracking — Filter by resource or credential events to track infrastructure changes
- Incident investigation — Combine user and date filters to trace a specific user's actions
Next Steps
API Reference: For programmatic access, see List Audit Logs.