Audit logs

Workspace owners, use Audit Logs to help troubleshoot situations like mistakes, bad actors, and malicious actions. You can export logs to use as a reference for compliance. 

 

Feature availability and limits vary by plan and user role. Learn more.

Events tracked by Audit Logs 

Events are user actions that are logged. There are two logs:

  • User: The user log tracks authentication and authorization events, like user logins and logouts, role changes, and user invites.
  • Task: The task log tracks selected task activity by user and task activity type. 

Event data

The user and task audit logs generate the following data for every event:

  • Date
  • User
  • Role
  • Event
  • Status

Screenshot highlighting the Audit Log table header.

An event log provides more detail. To view the event log:

  • To the left of the date in any row of the Audit Log, click the dropdown.

The event log is an internal reporting system that uses our naming schemas. Some info, like user roles, is represented by a number.

Screenshot highlighting the dropdown icon to the left of the date in a row of the Audit Log.

The following table shows example event log data generated when an admin successfully logs in via 2FA:

Information Description Event Log

Date

July 31, 2024

10:59:04 AM

The date and time the event happened. startTime: "2024-07-31T17:59:04.238Z
endTime: "2024-07-31T17:59:04.238Z

User

username@email.com

The user who performed the action. userId: 123
clientIp: 123.123.123.123
userName: User Name
userEmail: username@email.com

Role

Admin

The acting user's role.  userRole: 2

Event

User Login (2FA)

User actions that are logged. title: User Login (2FA)
eventType: USER_LOGIN

Status

Success

The state of the event. Success or failure, for example. eventStatus: success

Events tracked by the User Log

The following table details the events tracked by the User Log:

Event Description

2FA Policy Changed

An owner or admin has changed the Workspace's require 2FA policy
User Changed 2FA The user enabled or disabled 2FA for their account. 
SSO Configuration Updated An owner or admin has changed the Workspace's SSO requirement or provider

Update User Via SCIM

Take a look at the following articles to learn more about using SCIM with ClickUp:

Updates were made to the user's profile via SCIM.
Created Group The user created a new group via SCIM.
Deleted Group The user deleted a new group via SCIM.
Group Updated The user updated a new group via SCIM.
User Removed from Group The user was removed from a group via SCIM.
User Added to Group The user was added to a group via SCIM.
User Deprovisioned Via SCIM The user was deprovisioned via SCIM.
User Provisioned Via SCIM The user was provisioned via SCIM.
Role Permission Changed The user changed another user's permissions
User Invited to Workspace The user invited a new user to join the Workspace. 
User Joined Workspace The user accepted an invitation to join the Workspace. 
User Left Workspace The user left the Workspace. 
User Login The user logged in. 
User Logout The user logged out. 
User Removed from Workspace The user removed another user from the Workspace. 
User Requested Password Recovery The user requested password recovery.
User Role Changed The user changed another user's role
User Changed Email The user changed their email
User Changed Password The user changed their password
Token Login The user logged in via email invite or an account recovery link. 

Events tracked by the Task Log

The following table lists the events tracked by Task Log:

Event
Task Archived
Task Assignees Changed
Task Created

Task Custom Field Values Changed

Task Deleted
Task Priority Changed
Task Restored
Task Status Changed
Task Unarchived

Access your Audit Logs

Audit Logs are generated in your ClickUp Workspace settings and can also be used with the ClickUp API. 

To access Audit Logs from ClickUp:

  1. In the upper-left corner, click your Workspace avatar. 
  2. Select Audit Logs.
  3. Click the User or Task tab to select a log.

Search your Audit Logs

From the Audit Logs modal in your Workspace settings, you can search both logs using the following filters:

Date

The date the event happened. To search by date:

  1. Select the User or Task tab.
  2. Below the tabs, select the Date dropdown.
  3. From the date picker, choose one or both options:
    • From date: When the event started.
    • To date: When the event ended.

User

The user who performed the action. To search by user:

  1. Select the User or Task tab.
  2. Below the tabs, select the User dropdown.
  3. From the people selector, choose a user. 

Status

The status of the completed action. For example, success or error. To view 

  1. Select the User or Task tab.
  2. Below the tabs, select the Status dropdown.
  3. From the dropdown, select one or more of the following statuses:
    • Success
    • Failed 

Allow admins to view Audit Logs

Owners can permit admins to view Audit Logs. Members and guests cannot view Audit Logs.

To permit admins to view logs:

  1. In the upper-left corner, click your Workspace avatar.
  2. Select Settings.
  3. Select Security & Permissions
  4. Create a custom permission that inherits the admin role. 
  5. Scroll down to the Workspace Actions section.
  6. In the new role's column click the View Audit Logs toggle to on.

Was this article helpful?