Audit Logs
Support Portal maintains a continuous, immutable record of administrative and operational activity within each workspace
through its Audit Logs capability. Every tracked event captures four dimensions — the identity responsible, the action
performed, the timestamp, and the originating network address — providing a structured audit trail that organizations
can reference for compliance reporting, internal investigations, and change management oversight.
Operational objective
Audit Logs address three core governance requirements:
- Traceability — Every configuration change, access event, and administrative action is attributed to a specific user
identity, timestamp, and source address. When a regulatory body or internal auditor asks "who changed this setting
and when?", the answer is recorded and retrievable.
- Accountability — By surfacing individual actions against platform resources, Audit Logs discourage unauthorized
changes and provide an evidentiary basis for corrective measures when operational policy is violated.
- Compliance readiness — Organizations subject to ISO 27001, telecom-sector security mandates, or government
information management standards require demonstrable logging of privileged activity. Audit Logs provide this
without additional tooling or manual record-keeping.
When audit logging matters
Audit Logs become operationally critical in environments where multiple administrators manage a shared workspace, where
regulatory frameworks mandate change tracking, or where incident response procedures require forensic reconstruction of
events. Common scenarios include:
| Scenario | Governance value | |---|---| | Regulatory audit | An external auditor requests evidence that administrative
access is monitored and recorded. Audit Logs provide a timestamped, identity-attributed trail of every privileged
action. | | ISO 27001 certification | Control objectives around access management and change logging are satisfied by
the platform's native audit capability, reducing the need for compensating controls. | | Incident investigation | A
misconfigured automation rule or inbox routing change causes operational disruption. Audit Logs allow administrators to
identify the responsible change, the actor, and the exact time it was applied. | | Change management review | Before
promoting configuration changes to production, a governance team reviews recent log entries to confirm that only
authorized modifications have been applied. |
Accessing Audit Logs
Navigate to Settings > Audit Logs to open the activity log interface.
The log interface presents entries in reverse chronological order. Each entry displays three data points:
| Column | Content | |---|---| | Activity | A structured description of the action, including the actor's name or email
and the affected resource. | | Time | The date and timestamp of the event, recorded in the workspace's configured
timezone. | | IP Address | The network address from which the action originated, supporting source attribution during
investigations. |
Use the page navigation controls to move through historical entries. For targeted searches within the visible page, use
the browser's built-in search function to locate entries by actor name, resource type, or action keyword.
Tracked activities
Audit Logs capture events across six operational domains. Each entry follows a consistent format that identifies the
actor, the action, and the affected resource.
User and access events
Authentication and access status changes are logged to support session monitoring and access reviews:
- Agent sign-in and sign-out events
- Self-initiated availability status changes (online, offline, busy)
- Administrator-initiated availability changes applied to another agent
- User invitations issued, including the assigned role
- Role changes applied to existing agents
These entries support periodic access reviews and provide evidence of authentication activity for security audits.
Workspace configuration changes
Modifications to workspace-level settings are recorded as account activity events. Any update to the workspace
configuration — such as changes to general settings, business hours, or display preferences — generates a log entry
attributing the modification to the responsible administrator.
Automation rule changes
Creation, modification, and deletion of automation rules are individually logged with the rule identifier. This is
particularly relevant in environments where automation governs conversation routing, assignment, or escalation — changes
to these rules can have broad operational impact, and the audit trail provides a mechanism to review what changed, when,
and by whom.
Macro changes
Creation, modification, and deletion of macros are logged with the macro identifier. In organizations where macros
standardize agent responses and operational procedures, tracking changes ensures that updates to shared workflows are
attributable and reviewable.
Inbox configuration changes
Inbox-level events include:
- Inbox creation, modification, and deletion
- Agent additions to or removals from an inbox
Because inboxes define the entry points for customer interactions, changes to inbox configuration can affect routing,
channel availability, and agent assignment. Logging these events provides visibility into modifications that may affect
service continuity.
Webhook configuration changes
Creation, modification, and deletion of webhook endpoints are logged with the webhook identifier. Webhook configuration
controls external system integrations, and unauthorized changes can expose operational data to unintended recipients or
disrupt downstream processing.
Team membership changes
Team-level events include:
- Team creation, modification, and deletion
- Agent additions to or removals from a team
Because teams influence conversation routing and assignment logic, structural changes to team composition have
operational implications that should be reviewed and traceable.
Governance and compliance considerations
Regulatory audit support
For organizations operating under formal audit regimes, Audit Logs serve as a primary evidence source for demonstrating
operational accountability. During a regulatory examination or certification assessment, auditors typically request
evidence that:
1. Privileged administrative actions are logged with actor identity, timestamp, and source.
2. Changes to access control configurations (roles, team assignments, inbox memberships) are recorded.
3. Modifications to automated processes are attributable and timestamped.
Audit Logs satisfy these requirements natively within the platform, reducing reliance on external monitoring tools for
application-level activity.
Periodic review practices
Regulatory frameworks and internal governance policies frequently require periodic reviews of administrative activity.
Recommended practices include:
- Weekly operational review — Scan recent entries for unexpected configuration changes, particularly to automation
rules, inbox settings, and webhook endpoints.
- Monthly access review — Correlate user access events (invitations, role changes) with current staffing records to
identify stale accounts or inappropriate privilege assignments.
- Pre-audit preparation — Before a scheduled compliance assessment, export or review relevant log periods to confirm
that recorded activity aligns with documented change management procedures.
Separation of duties and change attribution
In environments that enforce separation of duties, Audit Logs provide independent verification that configuration
changes were made by authorized personnel. Cross-referencing log entries against an approved change register allows
governance teams to detect unauthorized or undocumented modifications without relying on self-reporting by
administrators.
Data retention awareness
Audit Log retention is subject to the workspace's data retention configuration. Organizations with regulatory
obligations around log preservation should verify that retention periods meet or exceed applicable requirements. For
long-term archival needs, consider periodic export of log data to an external compliance repository. See Data Retention
for retention policy configuration.
Related capabilities
- Custom Roles — Define granular permission sets to control who can perform the administrative actions that Audit Logs
track. Changes to role definitions and assignments are themselves logged.
- Automation — Automation rule modifications are captured in the audit trail. Review log entries after rule changes to
confirm expected behavior.
- Teams — Team creation, membership changes, and deletions are tracked. Cross-reference team logs with assignment
logic to investigate routing changes.