Audit logs every actions

Feature: Audit logs every actions

Description: I would like to list every actions done on web app Auth0 (like modification on setup application, databases, tenant, etc.)

Use-case: Security review, verify if a CRUD (on the web app) on application, databases, tenant, organizations has been created.

Hi @daniel.castronovo,

Welcome to the Auth0 Community!

You should be able to see this type of information in the Monitoring → Logs tab of the dashboard. If you filter by type:"sapi" you should see all the successful management API requests in your tenant (these would be admin-type actions).

Can you tell us more about how your feature would be different? E.G. seperate tabs for authentication events and management events, etc.

Audit logs take note of just about every change within a system , providing a complete track record of your system’s operations. Therefore, audit logs are a valuable resource for admins and auditors who want to examine suspicious activity on a network or diagnose and troubleshoot issues.

Hello @dan.woda,

Thanks for your reply.

I want to be able to view all actions made by a admin, on web interface.
Possibility to filter by type of actions (like : delete an application, modify the tenant name, etc.)
Because, audit logs is demanded by lot of certifications like pci-dss, iso 27001, etc.

Thanks for providing the extra context.

Our use case: figuring out who edited our application’s list of allowed web origins. As far as I can tell this is not surfaced in the logs, have tried numerous filters including type:"sapi" and I’m just not seeing it.

@lee.nave,

When I update an application’s list of allowed web origins I see the following log:

...
"type": "sapi",
"description": "Update a client",
...
"body": {
        "name": "App Name",
        "web_origins": [
          "https://example.com"
        ],
...
"user_id": "{ADMIN_USER_ID}"

This info should help you determine when this action was taken, what happened, and by whom the action was taken.

1 Like

Thanks! It was buried in with all the “Update a user” logs. This query is finding them: type:"sapi" AND description:"Update a client"

2 Likes

I would like to have this also. I need this for auditing purposes ISO 27001. I need to be able to download a (cvv) log of what admins have done (eg resetting a user his passwd or MFA device)