Skip to main content

About Audit Logs

The audit log records operations performed in the service. This includes important actions and changes executed within the system. Note that detailed change histories for data are not included in this log. The log tracks actions performed by users and the system, and it is used for security audits and compliance purposes. It records not only user actions but also system operations (such as automatic sync) and API calls. For operations performed on connected SaaS services, refer to the Integration Log in the Integrations menu.

How to Retrieve Audit Logs

You can retrieve audit logs in the following ways:
  1. Settings menu > Audit Log tab
  2. Export as a CSV file with specified conditions
Audit Log tab in Settings, showing filters for date range, actor, and category before exporting as CSV

Log Retention Period

This audit log is recorded as an operation log for both customers and our company. Logs are retained for a period of three years.

Types of Audit Logs

The audit log primarily stores records of write operations. Read-only actions (such as viewing a page) are not included. Data exports are included. Audit logs are classified into the following categories:
CategoryExample Operations
Device-relatedCreate, update, or delete devices
Create, update, or delete device usage history
Create, update, or delete device custom fields, etc.
Service-relatedCreate or delete service accounts
Create, update, or delete workspaces
Sync workspaces, etc.
Directory-relatedCreate, update, or delete directories
Merge or separate accounts
Create, update, or delete custom fields, etc.
Contract-relatedCreate, update, or delete service contracts
Create, update, or delete reminders, etc.
OtherManage file permissions
Manage API keys
Manage SAML settings
Login history, etc.

Reading the Exported Data (CSV)

Standard Columns

Basic information included in all audit logs:
Field NameDescription
actorTypeThe type of actor that performed the action (user, system, api)
actorNameThe name of the user who performed the action
descriptionThe content of the action
actionTime (UTC)The time the action was performed (UTC)
resultThe result of the action (Success/Failure)
resultReasonThe reason for failure, if applicable
categoryThe category of the action
activityThe specific action performed
ipAddressThe IP address from which the action originated
userAgentThe user agent from which the action originated

Additional Columns

Depending on the type of action, the following additional columns may appear:
  • For device-related actions
    • device ID / device Name: information about the target device
    • deviceHistory ID / deviceHistory Name: information about device usage history
    • deviceCustomField ID / deviceCustomField Name: information about custom fields, etc.
  • For service-related actions
    • service ID / service Name: information about the target service
    • serviceAccount ID / serviceAccount Name: information about the service account
    • workspace ID / workspace Name: information about the workspace, etc.
  • For directory-related actions
    • identity ID / identity Name: information about the directory
    • people ID / people Name: information about the account
    • identityCustomField ID / identityCustomField Name: information about custom fields, etc.
And so on.
  • If a single action involves multiple targets, additional columns are added for each target.
When you export multiple categories or actions into a single file, additional columns are appended to the right.

Sample Data

The following is sample data: Screenshot of sample data
Last modified on July 13, 2026