← All articles

Security Audit Logs

Security audit logs show sign-in and account security events for your institution so administrators can investigate access issues and support compliance reviews.

Overview

Open Settings → Logs (/settings?tab=logs). The panel is titled Security activity and is available to institution administrators.

These logs cover authentication and account-security events—not a full history of every clinical or academic edit in the product.

What you’ll see

Each row typically includes:

  • When the event occurred
  • Who acted (name and email when available)
  • Event type (for example Signed in, MFA failed, Role changed)
  • Details (for example email/password vs SSO, invite target, API key label)
  • IP address when it is available

Filter by recent window (Last 7, 30, or 90 days) and by event group:

  • All events
  • Signed in / out
  • MFA
  • Invites & passwords
  • Account changes
  • API keys

Event types

Common events include:

  • Signed in / Signed out — including whether login used email/password or SSO
  • MFA verified, enrolled, or failed
  • Invite sent, password reset requested, password set
  • Email changed, role changed, user archived or restored
  • API key created, updated, or revoked

Use these signals together with Settings → Security (MFA and SSO) and Settings → REST API key management.

Typical compliance use

Institutions often use Logs to:

  • Show access-control evidence during security or accreditation-related reviews
  • Investigate suspicious sign-ins or repeated MFA failures
  • Confirm who changed roles or archived accounts
  • Track API key lifecycle for integration audits

Export or screenshot practices should follow your institution’s evidence policies; retain copies outside the 90-day UI window when longer retention is required.

Tips

  1. Check Logs after SSO cutovers or MFA rollouts to confirm expected sign-in methods.
  2. Filter to API keys when rotating integration credentials.
  3. Pair role-change events with the Users page when auditing privileged access.
  4. Limit Logs access to institution admins who need security oversight.

Troubleshooting

Logs tab missing
Confirm you are signed in as an institution administrator. Not every admin-role user has this tab.

No rows for a date range
Widen the window or clear the event filter. Quiet periods are normal for small teams.

IP shows blank
Some clients do not report a usable IP; the event can still be valid without it.

Need older than 90 days
The UI focuses on recent windows. Contact support if you need help with longer-term compliance evidence processes.

  • Settings: Security (MFA/SSO), REST API keys, and Logs
  • Enterprise-SSO: SSO sign-in and directory provisioning
  • Users: Role and account changes reflected in Logs
  • REST-API: API key creation and revocation events

Support

For security log or compliance questions: [email protected]