Audit Logs
Track and monitor all user activities and system changes with comprehensive audit logging
Audit logs provide a comprehensive record of all activities and changes within your organization. They help maintain security, compliance, and accountability by tracking who did what and when.
Access Requirements: Only administrators can view audit logs. Regular users can only see their own audit history in their user profile.
What Gets Audited
The system automatically tracks all significant actions and changes, including:
User Management
- User creation - When new users are added to the organization
- User updates - Changes to user profiles, roles, or settings
- User deletion - When users are removed (soft delete)
- User restoration - When deleted users are restored
- Permanent deletion - When users are permanently removed from the system
- Passkey management - Adding or removing passkeys for users
- API key management - Generation and revocation of API keys
Company Management
- Company creation - New companies added to the organization
- Company updates - Changes to company information
- Company deletion - When companies are removed
Authentication Events
- Transaction initialization - When authentication requests are created
- Transaction verification - Successful authentication attempts
- Transaction denial - Failed or rejected authentication attempts
- Transaction cancellation - When authentication requests are cancelled
Settings Changes
- Organization settings - Updates to organization-wide configurations
Audit Log Structure
Each audit log entry contains the following information:
- Subject - The resource that was affected (user, company, transaction, etc.)
- Type - The category of the affected resource
- Actor - The person who performed the action (identified by email)
- Action - The specific operation that was performed
- Date - When the action occurred
- Details - Additional context or metadata about the change
Viewing Audit Logs
Organization-Wide Audit Logs
- Navigate to Audit Logs in the main navigation
- Browse all audit events across your organization
- Use the search functionality to filter by:
- Subject names
- Actor (who performed the action)
- Action types
- Resource types
User-Specific Audit Logs
Individual user audit logs can be viewed by:
- Going to Users in the navigation
- Clicking on a specific user
- Switching to the Change History tab
This shows all actions that have affected that particular user account.
Compliance and Retention
Data Retention: Audit logs are permanently stored and cannot be deleted by users. This ensures complete traceability and compliance with security requirements.
Audit logs help organizations meet various compliance requirements by providing:
- Complete traceability of all system changes
- Tamper-proof records that cannot be modified after creation
- Detailed context about who made changes and when
- Comprehensive coverage of all significant system activities
Understanding Actions
Common audit actions include:
| Action | Description |
|---|---|
created | A new resource was added to the system |
updated | An existing resource was modified |
deleted | A resource was soft-deleted (can be restored) |
permanently deleted | A resource was permanently removed |
restored | A previously deleted resource was restored |
added passkey | A passkey was registered for a user |
removed passkey | A passkey was deleted from a user account |
api key generated | An API key was created for a user |
api key revoked | An API key was revoked |
init transaction | An authentication request was created |
verified transaction | An authentication request was approved |
denied transaction | An authentication request was rejected |
cancelled transaction | An authentication request was cancelled |
updated settings | Organization settings were modified |
Security Considerations
- Audit logs cannot be modified or deleted by any user
- All administrative actions are automatically logged
- Viewing audit logs requires appropriate permissions
- Logs include the IP address and timestamp for authentication events
- Failed authentication attempts are tracked for security monitoring