Security Audit Logs
Security audit logs show sign-in and account security events for your institution so administrators can investigate access issues and support compliance reviews.
Overview
Open Settings → Logs (/settings?tab=logs). The panel is titled Security activity and is available to institution administrators.
These logs cover authentication and account-security events—not a full history of every clinical or academic edit in the product.
What you’ll see
Each row typically includes:
- When the event occurred
- Who acted (name and email when available)
- Event type (for example Signed in, MFA failed, Role changed)
- Details (for example email/password vs SSO, invite target, API key label)
- IP address when it is available
Filter by recent window (Last 7, 30, or 90 days) and by event group:
- All events
- Signed in / out
- MFA
- Invites & passwords
- Account changes
- API keys
Event types
Common events include:
- Signed in / Signed out — including whether login used email/password or SSO
- MFA verified, enrolled, or failed
- Invite sent, password reset requested, password set
- Email changed, role changed, user archived or restored
- API key created, updated, or revoked
Use these signals together with Settings → Security (MFA and SSO) and Settings → REST API key management.
Typical compliance use
Institutions often use Logs to:
- Show access-control evidence during security or accreditation-related reviews
- Investigate suspicious sign-ins or repeated MFA failures
- Confirm who changed roles or archived accounts
- Track API key lifecycle for integration audits
Export or screenshot practices should follow your institution’s evidence policies; retain copies outside the 90-day UI window when longer retention is required.
Tips
- Check Logs after SSO cutovers or MFA rollouts to confirm expected sign-in methods.
- Filter to API keys when rotating integration credentials.
- Pair role-change events with the Users page when auditing privileged access.
- Limit Logs access to institution admins who need security oversight.
Troubleshooting
Logs tab missing
Confirm you are signed in as an institution administrator. Not every admin-role user has this tab.
No rows for a date range
Widen the window or clear the event filter. Quiet periods are normal for small teams.
IP shows blank
Some clients do not report a usable IP; the event can still be valid without it.
Need older than 90 days
The UI focuses on recent windows. Contact support if you need help with longer-term compliance evidence processes.
Related features
- Settings: Security (MFA/SSO), REST API keys, and Logs
- Enterprise-SSO: SSO sign-in and directory provisioning
- Users: Role and account changes reflected in Logs
- REST-API: API key creation and revocation events
Support
For security log or compliance questions: [email protected]