Workspace owners, use Audit Logs to help troubleshoot situations like mistakes, bad actors, and malicious actions. You can export logs to use as a reference for compliance.
Feature availability and limits vary by plan and user role. Learn more.
Events tracked by Audit Logs
Events are user actions that are logged. There are two logs:
- User: The user log tracks authentication and authorization events, like user logins and logouts, role changes, and user invites.
- Task: The task log tracks selected task activity by user and task activity type.
Event data
The user and task audit logs generate the following data for every event:
- Date
- User
- Role
- Event
- Status
An event log provides more detail. To view the event log:
- To the left of the date in any row of the Audit Log, click the dropdown.
The event log is an internal reporting system that uses our naming schemas. Some info, like user roles, is represented by a number.
The following table shows example event log data generated when an admin successfully logs in via 2FA:
Information | Description | Event Log |
Date July 31, 2024 10:59:04 AM |
The date and time the event happened. |
startTime: "2024-07-31T17:59:04.238Z
endTime: "2024-07-31T17:59:04.238Z
|
User username@email.com |
The user who performed the action. |
userId: 123
clientIp: 123.123.123.123
userName: User Name
userEmail: username@email.com
|
Role Admin |
The acting user's role. |
userRole: 2
|
Event User Login (2FA) |
User actions that are logged. |
title: User Login (2FA)
eventType: USER_LOGIN
|
Status Success |
The state of the event. Success or failure, for example. |
eventStatus: success
|
Events tracked by the User Log
The following table details the events tracked by the User Log:
Event | Description |
2FA Policy Changed |
An owner or admin has changed the Workspace's require 2FA policy. |
User Changed 2FA | The user enabled or disabled 2FA for their account. |
SSO Configuration Updated | An owner or admin has changed the Workspace's SSO requirement or provider. |
Update User Via SCIM Take a look at the following articles to learn more about using SCIM with ClickUp: |
Updates were made to the user's profile via SCIM. |
Created Group | The user created a new group via SCIM. |
Deleted Group | The user deleted a new group via SCIM. |
Group Updated | The user updated a new group via SCIM. |
User Removed from Group | The user was removed from a group via SCIM. |
User Added to Group | The user was added to a group via SCIM. |
User Deprovisioned Via SCIM | The user was deprovisioned via SCIM. |
User Provisioned Via SCIM | The user was provisioned via SCIM. |
Role Permission Changed | The user changed another user's permissions. |
User Invited to Workspace | The user invited a new user to join the Workspace. |
User Joined Workspace | The user accepted an invitation to join the Workspace. |
User Left Workspace | The user left the Workspace. |
User Login | The user logged in. |
User Logout | The user logged out. |
User Removed from Workspace | The user removed another user from the Workspace. |
User Requested Password Recovery | The user requested password recovery. |
User Role Changed | The user changed another user's role. |
User Changed Email | The user changed their email. |
User Changed Password | The user changed their password. |
Token Login | The user logged in via email invite or an account recovery link. |
Events tracked by the Task Log
The following table lists the events tracked by Task Log:
Event |
Task Archived |
Task Assignees Changed |
Task Created |
Task Custom Field Values Changed |
Task Deleted |
Task Priority Changed |
Task Restored |
Task Status Changed |
Task Unarchived |
Access your Audit Logs
Audit Logs are generated in your ClickUp Workspace settings and can also be used with the ClickUp API.
To access Audit Logs from ClickUp:
- In the upper-left corner, click your Workspace avatar.
- Select Audit Logs.
- Click the User or Task tab to select a log.
Search your Audit Logs
From the Audit Logs modal in your Workspace settings, you can search both logs using the following filters:
Date
The date the event happened. To search by date:
- Select the User or Task tab.
- Below the tabs, select the Date dropdown.
- From the date picker, choose one or both options:
- From date: When the event started.
- To date: When the event ended.
User
The user who performed the action. To search by user:
- Select the User or Task tab.
- Below the tabs, select the User dropdown.
- From the people selector, choose a user.
Status
The status of the completed action. For example, success or error. To view
- Select the User or Task tab.
- Below the tabs, select the Status dropdown.
- From the dropdown, select one or more of the following statuses:
- Success
- Failed
Allow admins to view Audit Logs
Owners can permit admins to view Audit Logs. Members and guests cannot view Audit Logs.
To permit admins to view logs:
- In the upper-left corner, click your Workspace avatar.
- Select Settings.
- Select Security & Permissions.
- Create a custom permission that inherits the admin role.
- Scroll down to the Workspace Actions section.
- In the new role's column click the View Audit Logs toggle to on.