Continuing the discussion from Why are user_name fields N/A in Api_operation logs?:
With proposed solution using Delegate Admin Extension, it does not solve my problem due it’s limitations:
-
Scoped to organizations, not the entire tenant. Our use case is broader: we need tenant-wide auditability.
-
Captures actions performed in the extension only. Actions made via API or dashboard outside the extension are not covered.
-
Introduces additional complexity in setup, management, and user flow.
-
Does not log organization-level configuration changes (e.g., modifying organization settings).
Example gaps we’re seeing today in Auth0 logs:
-
When a user is removed from the tenant, the logs only show who performed the removal, not which user was removed.
-
When a role is removed from a user, the logs do not indicate which role was removed, only who initiated the action.
-
When an invitation is revoked, the logs capture who revoked it but not which invitation (or invitee) was affected.
These details are critical for auditability, as they tell us not just who did something, but also what (or who) was impacted.
Is there a recommended approach (or planned feature) to achieve comprehensive tenant-wide audit logging that includes API operations, dashboard changes, and organization-level configuration updates?