The User Audit Trail tracks changes and helps administrators identify patterns with users, user groups, roles, and anonymous logins. Admins can apply filters, view additional data in a palette, as well as export the data into a CSV file. For details on the data captured in this audit trail, as well as a list of available filters, see the User Audit Trail Events & Filters article. See the View & Export the User Audit Trail article for instructions on using this feature.
- User Audit Trail data is available from version 3.1 onwards or your go-live date, whichever is later.
- Due to processing time, recent events will appear in the audit trail after a few minutes. There will also be a brief delay before a deleted subject is removed from the Subject filter.
- If the subject is a member of multiple orgs and an event affects all those orgs (e.g., a change to a username or email address), the event will be recorded in each of those orgs. If the event was triggered by an admin outside of the current org, External Org User is displayed in the Performed By column.
Anonymous logins aren't assigned an External Reference ID. As such, this information is not displayed in the palette for anonymous login events.
If multiple attributes are changed in a single event, the event description will appear on the table as Multiple Attributes Updated. The previous and updated values are displayed in full in the palette.
The User Audit Trail only captures events that pertain to user management. Changes to workflow permissions are logged when they relate to user groups and roles, but deleting, creating, or otherwise modifying a workflow is not.
If a subject or entity is deleted before the event can be processed by Core, it will appear in the User Audit Trail as Unknown [Subject Type/Entity Type] with id [id number]. For example, if a form on an anonymous login is updated and the form is deleted shortly afterward, it would appear on the table as Unknown Form with id 536.
Cascading events are not captured by the User Audit Trail. For example, if a role is deleted, it's implied that all users, user groups, and object types previously added to the role are removed once the role is deleted, so these events are not logged.
Options are displayed in the Subject, Event, and Performed By filter dropdown menus at random. This is expected to be improved in an upcoming release.
Events are recorded in Core using your system's current local time zone, but exported audit trails display the date and time in UTC.
Admins can export data from any time range; however, the API will only return the most recent 50,000 results. If this limit is reached for a particular time frame, the remaining data can be obtained by making another API request using the date from the last event row in the CSV file as the new dateEnd value. See the View & Export the User Audit Trail article for details.