Audit logs

Workspace owners, use audit logs to help troubleshoot situations like mistakes, bad actors, and malicious actions. 

 

Feature availability and limits vary by plan and user role. Learn more.

 

API integration

Integrate your audit log with your external systems or export logs to use as a reference for compliance via our API

Events tracked by audit logs 

Events are user actions that are logged. There are four logs:

  • User: The user log tracks authentication and authorization events, like user logins and logouts, role changes, and user invites.
  • Task: The task log tracks selected task activity by user and task activity type. 
  • Fields: The Fields log tracks Custom Field events, like Custom Fields being created or removed. 
  • Hierarchy: The Hierarchy log tracks Hierarchy events, like a Folder being created or a List being deleted. 

Event data

The logs generate the following data for every event:

  • Date
  • User
  • Role
  • Event
  • Status

Screenshot highlighting the Audit Log table header.

An event log provides more detail. To view the event log:

  • To the left of the date in any row of the audit log, click the dropdown.

The event log is an internal reporting system that uses our naming schemas. Some info, like user roles, is represented by a number.

Screenshot highlighting the dropdown icon to the left of the date in a row of the Audit Log.

The following table shows example event log data generated when an admin successfully logs in via 2FA:

Information Description Event Log

Date

July 31, 2024

10:59:04 AM

The date and time the event happened. startTime: "2024-07-31T17:59:04.238Z
endTime: "2024-07-31T17:59:04.238Z

User

username@email.com

The user who performed the action. userId: 123
clientIp: 123.123.123.123
userName: User Name
userEmail: username@email.com

Role

Admin

The acting user's role.  userRole: 2

Event

User Login (2FA)

User actions that are logged. title: User Login (2FA)
eventType: USER_LOGIN

Status

Success

The state of the event. Success or failure, for example. eventStatus: success

Events tracked by the user log

The following table details the events tracked by the user log:

Event Description

2FA Policy Changed

An owner or admin has changed the Workspace's require 2FA policy
User Changed 2FA The user enabled or disabled 2FA for their account. 
SSO Configuration Updated An owner or admin has changed the Workspace's SSO requirement or provider

Update User Via SCIM

Take a look at the following articles to learn more about using SCIM with ClickUp:

Updates were made to the user's profile via SCIM.
Created Group The user created a new group via SCIM.
Deleted Group The user deleted a new group via SCIM.
Group Updated The user updated a new group via SCIM.
User Removed from Group The user was removed from a group via SCIM.
User Added to Group The user was added to a group via SCIM.
User Deprovisioned Via SCIM The user was deprovisioned via SCIM.
User Provisioned Via SCIM The user was provisioned via SCIM.
Role Permission Changed The user changed another user's permissions
User Invited to Workspace The user invited a new user to join the Workspace. 
User Joined Workspace The user accepted an invitation to join the Workspace. 
User Left Workspace The user left the Workspace. 
User Login The user logged in. 
User Logout The user logged out. 
User Removed from Workspace The user removed another user from the Workspace. 
User Requested Password Recovery The user requested password recovery.
User Role Changed The user changed another user's role
User Changed Email The user changed their email
User Changed Password The user changed their password
Token Login The user logged in via email invite or an account recovery link. 

Events tracked by the task log

The following table lists the events tracked by the task log:

Event
Task Archived
Task Assignees Changed
Task Created

Task Custom Field Values Changed

Task Deleted
Task Priority Changed
Task Restored
Task Status Changed
Task Unarchived

Events tracked by the Fields log

The following table lists the events tracked by the Fields log:

Event Description
Custom Field Converted
The user converted an existing Custom Field to another Field type. 
Custom Field Created The user created a Custom Field. 
Custom Field Updated

The user edited a Custom Field. 

Audit logs do not track edits to the options for dropdown or label Custom Fields. For example, changing a dropdown Field's name. 

Screenshot showing a dropdown option being edited.

Custom Field Removed
The user removed a Custom Field from a location without deleting it from the Workspace. 
Custom Field Permanently Removed

The user deleted a Custom Field from the Workspace. Or a Custom Field was in the Trash for more than 30 days. 

After 30 days, Custom Fields are permanently deleted. 

Custom Field Restored
The user restored a Custom Field from the Trash.
Custom Field Duplicated
The user duplicated a Custom Field.
Custom Field Merged The user merged a Custom Field.
Custom Field Location Added
The user added a Custom Field to a new location. 
Custom Field Location Updated
The user moved a Custom Field from one location to another.  
Custom Field Location Removed
The user removed a Custom Field from a location. 
Custom Field Member Permission Set
The user permissions for this Custom Field were set or edited
Custom Field Member Permission Removed
A user permission for this Custom Field was removed
Custom Field Group Member Permission Updated

A Team's user permission for this Custom Field was updated. 

Custom Field Group Member Permission Removed A Team's user permission for this Custom Field was removed

Events tracked by the Hierarchy log

The following table lists the events tracked by the Hierarchy log:

Event Description
Folder Access Updated A user's sharing or permissions settings to a Folder were updated. 
Folder Archived A Folder was archived

Folder Created

A Folder was created
Folder Deleted A Folder was deleted
Folder Duplicated A Folder was duplicated
Folder Public/Private Setting Updated A Folder's public or private setting was updated. 
Folder Renamed A Folder was renamed
Folder Updated A Folder setting was updated. For example, the Folder color was changed. 
List Access Updated A user's sharing or permissions settings to a List were updated.
List Archived A List was archived
List Created A List was created
List Deleted A List was deleted
List Duplicated A List was duplicated
List Public/Private Setting Updated A List's public or private setting was updated. 
List Renamed A List was renamed
List Un-archived A List was un-archived
List Updated A List setting was updated. For example, the List status was changed. 
Space Access Updated A user's sharing or permissions settings to a Space were updated
Space Archived A Space was archived
Space Created A Space was created
Space Deleted A Space was deleted

Space Duplicated

A Space was duplicated
Space Public/Private Setting Updated A Space's public or private setting was updated. 
Space Renamed A Space was renamed
Space Updated A Space setting was updated. For example, the color and icon were changed.

Access your audit logs

Audit Logs are generated in your ClickUp Workspace settings and can also be used with the ClickUp API. 

To access audit logs from ClickUp:

  1. In the upper-left corner, click your Workspace avatar. 
  2. Select Audit Logs.
  3. Click the User or Task tab to select a log.

Search your audit logs

From the Audit Logs modal in your Workspace settings, you can search both logs using the following filters:

Date

The date the event happened. To search by date:

  1. Select the User or Task tab.
  2. Below the tabs, select the Date dropdown.
  3. From the date picker, choose one or both options:
    • From date: When the event started.
    • To date: When the event ended.

User

The user who performed the action. To search by user:

  1. Select the User or Task tab.
  2. Below the tabs, select the User dropdown.
  3. From the people selector, choose a user. 

Status

The status of the completed action. For example, success or error. To view 

  1. Select the User or Task tab.
  2. Below the tabs, select the Status dropdown.
  3. From the dropdown, select one or more of the following statuses:
    • Success
    • Failed 

Allow admins to view audit logs

Owners can permit admins to view audit logs. Members and guests cannot view audit logs.

To permit admins to view logs:

  1. In the upper-left corner, click your Workspace avatar.
  2. Select Settings.
  3. Select Security & Permissions
  4. Create a custom permission that inherits the admin role. 
  5. Scroll down to the Workspace Actions section.
  6. In the new role's column click the View Audit Logs toggle to on.

Was this article helpful?