Skip to content
Onplana Docs

Read audit logs

Enterprise plan Owner or Admin

The audit log is your organization’s compliance trail: a durable record of who did what, to which record, when, and from where. Use it for security investigations, change forensics, and auditor evidence.

The Audit Logs page with summary panels for top actions and most active users, a filter toolbar, and the event table listing actions such as proposal stage changes and member role updates with actor and timestamp.

What is recorded

Section titled “What is recorded”

Each entry captures the actor (or “system” for automated jobs), the action, the affected record, a timestamp, the IP address, and the browser. Recorded events include, among others:

  • Sign-ins, including failed login and failed 2FA attempts
  • Member invitations, role changes, and removals
  • Security setting changes (2FA enforcement, session policies, IP allowlist, permission matrix saves)
  • API token creation and revocation
  • SCIM provisioning events from your identity provider
  • Data exports, imports, and plan changes

Browse and filter

Section titled “Browse and filter”

  1. Open Logs from the sidebar.

  2. Filter by member, action, resource type, IP address, or date range, or use the free-text search to find a specific record.

  3. Open any entry to see its full details, including the before and after values where they were captured.

Export for auditors

Section titled “Export for auditors”

Open Organization Settings → Security & Compliance and go to the Audit Export sub-tab. Pick a date range (the export defaults to the last 30 days) and a format, CSV for spreadsheets and GRC tools or JSON for programmatic processing. The file downloads immediately.

Retention

Section titled “Retention”

Audit entries are kept for one year by default. The retention policy in Security & Compliance controls this: choose a compliance preset or a custom window, including keeping logs indefinitely. Entries older than the configured window are purged automatically.

FAQs

Section titled “FAQs”

Can Portfolio Managers see the audit log? No. Audit data is restricted to Owners and Admins, both on the Logs page and in the export.

Are automated actions logged too? Yes. Background jobs, workflow automations, and provisioning events are recorded and marked as system actions, so you can distinguish them from human activity.

How do I prove a leaver lost access on a specific date? Filter the log by that member. Their deactivation event from SCIM or the manual removal is recorded with a timestamp, see Provision users with SCIM.

Is the export safe to open in Excel? Yes. Exported cells are sanitized so that values cannot execute as formulas when opened in a spreadsheet.