Audit Log
The Audit Log is a chronological record of significant events that have occurred within your organisation on the platform. It provides ORG Admins with visibility into who did what and when, covering authentication events, administrative changes, and system actions.
What it is
The audit log is read-only. It cannot be edited or cleared.
Who can use it
ORG Admins only. ORG Members are redirected away from /settings/audit-log.
Navigate to Audit Log in the Organisation section of the sidebar, or go directly to /settings/audit-log.
How it works
Accessing the Audit Log
- Navigate to Audit Log via the sidebar or directly at
/settings/audit-log. - The log displays entries in reverse chronological order (most recent first).
- Each entry shows the event type, the user who triggered it, and a timestamp.
Event Types
The audit log records the following categories of events:
Authentication events
| Event | Description |
|---|---|
user.login |
A user successfully authenticated to the platform |
Organisation events
| Event | Description |
|---|---|
organisation.settings_updated |
An ORG Admin saved changes to the organisation settings (API keys) |
Member events
| Event | Description |
|---|---|
member.invited |
A new user was added to the organisation as an ORG Member |
Additional events may be recorded depending on platform activity. The event type names are self-describing and follow the format resource.action.
Reading Log Entries
Each audit log entry contains:
- Event type — what happened (e.g.
user.login,organisation.settings_updated) - Actor — the user who performed the action (name and/or email)
- Timestamp — when the event occurred (displayed in your local timezone)
- Details — additional context specific to the event type, where applicable
Filtering
The audit log supports filtering to narrow down entries. Use the available filters to find specific events or events from specific users.
How to use it to solve your problem
Verifying that an admin action was performed
If you want to confirm that an API key was updated or that a user was invited:
- Open the Audit Log.
- Look for the relevant event type (
organisation.settings_updatedormember.invited). - The entry will confirm who performed the action and when.
Investigating unexpected access
If you suspect an account has been compromised or accessed unexpectedly:
- Open the Audit Log.
- Filter by the user in question (if filtering is available) or scan the
user.loginevents. - Look for login events at unexpected times or from patterns that do not match the user's normal behaviour.
- If you identify suspicious activity, change the user's password immediately (the user can use the Forgot Password flow, or an ORG Admin can coordinate a reset).
General security review
For routine security hygiene, ORG Admins should review the audit log periodically to check for:
- Unexpected logins
- API key changes they did not authorise
- Member invites they did not initiate
How it fits the broader picture
The Audit Log is a governance and compliance tool. It does not affect how the platform operates, but it gives ORG Admins the transparency they need to maintain security and accountability within their organisation.
For managing who has access to the organisation, see Members. For details on what permissions each role has, see Admin Overview.