Workspace owners, use our Workspace-level audit logs to help troubleshoot situations like mistakes, bad actors, and malicious actions.
Feature availability and limits vary by plan and user role. Learn more.
API integration
Integrate your audit log with your external systems or export logs to use as a reference for compliance via our API.
Events tracked by audit logs
Events are user actions that are logged. There are four logs:
- User: The user log tracks authentication and authorization events, like user logins and logouts, role changes, and user invites.
- Task: The task log tracks selected task activity by user and task activity type.
- Fields: The Fields log tracks Custom Field events, like Custom Fields being created or removed.
- Hierarchy: The Hierarchy log tracks Hierarchy events, like a Folder being created or a List being deleted.
Event data
The logs generate the following data for every event:
- Date
- User
- Role
- Event
- Status
An event log provides more detail. To view the event log:
- To the left of the date in any row of the audit log, click the dropdown.
The event log is an internal reporting system that uses our naming schemas. Some info, like user roles, is represented by a number.
The following table shows example event log data generated when an admin successfully logs in via 2FA:
| Information | Description | Event Log |
|
Date July 31, 2024 10:59:04 AM |
The date and time the event happened. |
startTime: "2024-07-31T17:59:04.238Z endTime: "2024-07-31T17:59:04.238Z
|
|
User username@email.com |
The user who performed the action. |
userId: 123 clientIp: 123.123.123.123 userName: User Name userEmail: username@email.com
|
|
Role Admin |
The acting user's role. | userRole: 2 |
|
Event User Login (2FA) |
User actions that are logged. |
title: User Login (2FA) eventType: USER_LOGIN
|
|
Status Success |
The state of the event. Success or failure, for example. | eventStatus: success |
Events tracked by the user log
The following table details the events tracked by the user log:
| Event | Description |
| 2FA Policy Changed | An owner or admin has changed the Workspace's require 2FA policy. |
| Access Request Created | Someone has requested access to a task. |
| Access Request Resolved | The request to access a task was approved or declined. |
| Advanced Settings Update | An owner or admin has updated an advanced Workspace permission. |
| Bypass SSO Enabled | An owner or admin has enabled the bypass SSO setting. |
| Chat Retention Setting Deleted | An owner or admin has changed the Chat data retention setting to the default of Never expires. |
| Chat Retention Setting Updated | An owner or admin has changed the Chat data retention setting to 30, 90, 180, or 360 days. |
| Custom Role Created | An owner or admin has created a new Custom Role. |
| Custom Role Deleted | An owner or admin has deleted a Custom Role. |
| Custom Role Updated | An owner or admin has updated a Custom Role. |
| User Changed 2FA | The user enabled or disabled 2FA for their account. |
| SSO Configuration Updated | An owner or admin has changed the Workspace's SSO requirement or provider. |
|
Update User Via SCIM Take a look at the following articles to learn more about using SCIM with ClickUp: |
Updates were made to the user's profile via SCIM. |
| Created Group | The user created a new group via SCIM. |
| Deleted Group | The user deleted a new group via SCIM. |
| Group Updated | The user updated a new group via SCIM. |
| User Deprovisioned Via SCIM | The user was deprovisioned via SCIM. |
| User Provisioned Via SCIM | The user was provisioned via SCIM. |
| Role Permission Changed | The user changed another user's permissions. |
| User Invited to Workspace | The user invited a new user to join the Workspace. |
| User Joined Workspace | The user accepted an invitation to join the Workspace. |
| User Left Workspace | The user left the Workspace. |
| User Login | The user logged in. |
| User Logout | The user logged out. |
| User Removed from Team | The user was removed from a Team. |
| User Removed from Workspace | The user removed another user from the Workspace. |
| User Requested Password Recovery | The user requested password recovery. |
| User Role Changed | The user changed another user's role. |
| User Changed Email | The user changed their email. |
| User Changed Password | The user changed their password. |
| Token Login | The user logged in via email invite or an account recovery link. |
Events tracked by the task log
The following table lists the events tracked by the task log:
| Event |
| Task Archived |
| Task Assignees Changed |
| Task Created |
| Task Custom Field Values Changed |
| Task Deleted |
| Task Priority Changed |
| Task Restored |
| Task Status Changed |
| Task Unarchived |
Actions taken by Super Agents are included.
Events tracked by the Fields log
The following table lists the events tracked by the Fields log:
| Event | Description |
| Custom Field Converted | The user converted an existing Custom Field to another Field type. |
| Custom Field Created | The user created a Custom Field. |
| Custom Field Updated |
The user edited a Custom Field. Audit logs do not track edits to the options for dropdown or label Custom Fields. For example, changing a dropdown Field's name. |
| Custom Field Removed | The user removed a Custom Field from a location without deleting it from the Workspace. |
| Custom Field Permanently Removed |
The user deleted a Custom Field from the Workspace. Or a Custom Field was in the Trash for more than 30 days. After 30 days, Custom Fields are permanently deleted. |
| Custom Field Restored | The user restored a Custom Field from the Trash. |
| Custom Field Duplicated | The user duplicated a Custom Field. |
| Custom Field Merged | The user merged a Custom Field. |
| Custom Field Location Added | The user added a Custom Field to a new location. |
| Custom Field Location Updated | The user moved a Custom Field from one location to another. |
| Custom Field Location Removed | The user removed a Custom Field from a location. |
| Custom Field Member Permission Set | The user permissions for this Custom Field were set or edited. |
| Custom Field Member Permission Removed | A user permission for this Custom Field was removed. |
| Custom Field Group Member Permission Updated | A Team's user permission for this Custom Field was updated. |
| Custom Field Group Member Permission Removed | A Team's user permission for this Custom Field was removed. |
Actions taken by Super Agents are included.
Events tracked by the Hierarchy log
The following table lists the events tracked by the Hierarchy log:
| Event | Description |
| Folder Access Updated | A user's sharing or permissions settings to a Folder were updated. |
| Folder Archived | A Folder was archived. |
| Folder Created | A Folder was created. |
| Folder Deleted | A Folder was deleted. |
| Folder Duplicated | A Folder was duplicated. |
| Folder Public/Private Setting Updated | A Folder's public or private setting was updated. |
| Folder Renamed | A Folder was renamed. |
| Folder Updated | A Folder setting was updated. For example, the Folder color was changed. |
| List Access Updated | A user's sharing or permissions settings to a List were updated. |
| List Archived | A List was archived. |
| List Created | A List was created. |
| List Deleted | A List was deleted. |
| List Duplicated | A List was duplicated. |
| List Public/Private Setting Updated | A List's public or private setting was updated. |
| List Renamed | A List was renamed. |
| List Un-archived | A List was un-archived. |
| List Updated | A List setting was updated. For example, the List status was changed. |
| Space Access Updated | A user's sharing or permissions settings to a Space were updated |
| Space Archived | A Space was archived. |
| Space Created | A Space was created. |
| Space Deleted | A Space was deleted. |
| Space Duplicated | A Space was duplicated. |
| Space Public/Private Setting Updated | A Space's public or private setting was updated. |
| Space Renamed | A Space was renamed. |
| Space Updated | A Space setting was updated. For example, the color and icon were changed. |
Actions taken by Super Agents are included.
Events tracked by the Agents log
This log only applies to Super Agents. Autopilot Agent activity is tracked in the Automations log.
The following table lists the events tracked by the Agents log:
| Event | Description |
| Agent Active Setting Updated |
The Super Agent was made active. This means that the Super Agent was just created, or an existing Super Agent was reactivated. |
| Agent Assignee Setting Updated | The Super Agent's Assign task trigger was deactivated. |
| Agent Created | The Super Agent was created. |
| Agent DM setting Updated | The Super Agent's Direct Message trigger was deactivated. |
| Agent Deleted | The Super Agent was deleted. |
| Agent Knowledge Setting Updated | The Super Agent's knowledge was edited. |
| Agent Mentions Setting Updated | The Super Agent's Mention trigger was deactivated. |
| Agent Prompt Setting Updated | The Super Agent's instructions were edited. |
| Agent Tools Setting Updated | The Super Agent's tools were edited. |
| Agent Triggers Setting Updated | The Super Agent's triggers were updated. |
| Agent Schedules Setting Updated | The Super Agent's schedule was updated. |
Access your audit logs
Audit Logs are generated in your ClickUp Workspace settings and can also be used with the ClickUp API.
To access audit logs from ClickUp:
- In the upper-left corner, click your Workspace avatar and select Settings.
- In the All settings sidebar, click Audit Logs.
- Click the User, Task, Fields, or Hierarchy tab to select a log.
Search your audit logs
From the Audit Logs modal in your Workspace settings, you can search both logs using the following filters:
Date
The date the event happened. To search by date:
- Select the User or Task tab.
- Below the tabs, select the Date dropdown.
- From the date picker, choose one or both options:
- From date: When the event started.
- To date: When the event ended.
User
The user who performed the action. To search by user:
- Select the User or Task tab.
- Below the tabs, select the User dropdown.
- From the people selector, choose a user.
Status
The status of the completed action. For example, success or error. To view
- Select the User or Task tab.
- Below the tabs, select the Status dropdown.
- From the dropdown, select one or more of the following statuses:
- Success
- Failed
Allow admins to view audit logs
Owners can permit admins to view audit logs. Members and guests cannot view audit logs.
To permit admins to view logs:
- In the upper-left corner, click your Workspace avatar and select Settings.
- In the All settings sidebar, click Security & Permissions.
- Create a custom permission that inherits the admin role.
- Scroll down to the Workspace Actions section.
- In the new role's column, click the View Audit Logs toggle to on.