Audit Logs

Last updated on Feb 25, 2026

Support Portal maintains a continuous, immutable record of administrative and operational activity within each workspace through its Audit Logs capability. Every tracked event captures four dimensions — the identity responsible, the action performed, the timestamp, and the originating network address — providing a structured audit trail that organizations can reference for compliance reporting, internal investigations, and change management oversight.

Operational objective

Audit Logs address three core governance requirements:

  • Traceability — Every configuration change, access event, and administrative action is attributed to a specific user identity, timestamp, and source address. When a regulatory body or internal auditor asks "who changed this setting and when?", the answer is recorded and retrievable.
  • Accountability — By surfacing individual actions against platform resources, Audit Logs discourage unauthorized changes and provide an evidentiary basis for corrective measures when operational policy is violated.
  • Compliance readiness — Organizations subject to ISO 27001, telecom-sector security mandates, or government information management standards require demonstrable logging of privileged activity. Audit Logs provide this without additional tooling or manual record-keeping.

When audit logging matters

Audit Logs become operationally critical in environments where multiple administrators manage a shared workspace, where regulatory frameworks mandate change tracking, or where incident response procedures require forensic reconstruction of events. Common scenarios include:

Scenario Governance value
Regulatory audit An external auditor requests evidence that administrative access is monitored and recorded. Audit Logs provide a timestamped, identity-attributed trail of every privileged action.
ISO 27001 certification Control objectives around access management and change logging are satisfied by the platform's native audit capability, reducing the need for compensating controls.
Incident investigation A misconfigured automation rule or inbox routing change causes operational disruption. Audit Logs allow administrators to identify the responsible change, the actor, and the exact time it was applied.
Change management review Before promoting configuration changes to production, a governance team reviews recent log entries to confirm that only authorized modifications have been applied.

Accessing Audit Logs

Navigate to Settings > Audit Logs to open the activity log interface.

The log interface presents entries in reverse chronological order. Each entry displays three data points:

Column Content
Activity A structured description of the action, including the actor's name or email and the affected resource.
Time The date and timestamp of the event, recorded in the workspace's configured timezone.
IP Address The network address from which the action originated, supporting source attribution during investigations.

Use the page navigation controls to move through historical entries. For targeted searches within the visible page, use the browser's built-in search function to locate entries by actor name, resource type, or action keyword.

Tracked activities

Audit Logs capture events across six operational domains. Each entry follows a consistent format that identifies the actor, the action, and the affected resource.

User and access events

Authentication and access status changes are logged to support session monitoring and access reviews:

  • Agent sign-in and sign-out events
  • Self-initiated availability status changes (online, offline, busy)
  • Administrator-initiated availability changes applied to another agent
  • User invitations issued, including the assigned role
  • Role changes applied to existing agents

These entries support periodic access reviews and provide evidence of authentication activity for security audits.

Workspace configuration changes

Modifications to workspace-level settings are recorded as account activity events. Any update to the workspace configuration — such as changes to general settings, business hours, or display preferences — generates a log entry attributing the modification to the responsible administrator.

Automation rule changes

Creation, modification, and deletion of automation rules are individually logged with the rule identifier. This is particularly relevant in environments where automation governs conversation routing, assignment, or escalation — changes to these rules can have broad operational impact, and the audit trail provides a mechanism to review what changed, when, and by whom.

Macro changes

Creation, modification, and deletion of macros are logged with the macro identifier. In organizations where macros standardize agent responses and operational procedures, tracking changes ensures that updates to shared workflows are attributable and reviewable.

Inbox configuration changes

Inbox-level events include:

  • Inbox creation, modification, and deletion
  • Agent additions to or removals from an inbox

Because inboxes define the entry points for customer interactions, changes to inbox configuration can affect routing, channel availability, and agent assignment. Logging these events provides visibility into modifications that may affect service continuity.

Webhook configuration changes

Creation, modification, and deletion of webhook endpoints are logged with the webhook identifier. Webhook configuration controls external system integrations, and unauthorized changes can expose operational data to unintended recipients or disrupt downstream processing.

Team membership changes

Team-level events include:

  • Team creation, modification, and deletion
  • Agent additions to or removals from a team

Because teams influence conversation routing and assignment logic, structural changes to team composition have operational implications that should be reviewed and traceable.

Governance and compliance considerations

Regulatory audit support

For organizations operating under formal audit regimes, Audit Logs serve as a primary evidence source for demonstrating operational accountability. During a regulatory examination or certification assessment, auditors typically request evidence that:

  1. Privileged administrative actions are logged with actor identity, timestamp, and source.
  2. Changes to access control configurations (roles, team assignments, inbox memberships) are recorded.
  3. Modifications to automated processes are attributable and timestamped.

Audit Logs satisfy these requirements natively within the platform, reducing reliance on external monitoring tools for application-level activity.

Periodic review practices

Regulatory frameworks and internal governance policies frequently require periodic reviews of administrative activity. Recommended practices include:

  • Weekly operational review — Scan recent entries for unexpected configuration changes, particularly to automation rules, inbox settings, and webhook endpoints.
  • Monthly access review — Correlate user access events (invitations, role changes) with current staffing records to identify stale accounts or inappropriate privilege assignments.
  • Pre-audit preparation — Before a scheduled compliance assessment, export or review relevant log periods to confirm that recorded activity aligns with documented change management procedures.

Separation of duties and change attribution

In environments that enforce separation of duties, Audit Logs provide independent verification that configuration changes were made by authorized personnel. Cross-referencing log entries against an approved change register allows governance teams to detect unauthorized or undocumented modifications without relying on self-reporting by administrators.

Data retention awareness

Audit Log retention is subject to the workspace's data retention configuration. Organizations with regulatory obligations around log preservation should verify that retention periods meet or exceed applicable requirements. For long-term archival needs, consider periodic export of log data to an external compliance repository. See Data Retention for retention policy configuration.

Related capabilities

  • Custom Roles — Define granular permission sets to control who can perform the administrative actions that Audit Logs track. Changes to role definitions and assignments are themselves logged.
  • Automation — Automation rule modifications are captured in the audit trail. Review log entries after rule changes to confirm expected behavior.
  • Teams — Team creation, membership changes, and deletions are tracked. Cross-reference team logs with assignment logic to investigate routing changes.