9 categoriesBuilt-in dashboardCSV / JSON exportUp to 365-day retention
Every sensitive operation in AuthFI is logged with who did it, what they did, when, and from where.
Query audit logs
GET /manage/v1/acme/logs?action=user.created&limit=50Filters
| Parameter | Description |
|---|---|
action | Event type (user.created, role.assigned, etc.) |
actor_id | Who performed the action |
target_id | What was affected |
created_after | ISO date filter |
created_before | ISO date filter |
Log entry
{
"id": "log-uuid",
"tenant_id": "tenant-uuid",
"actor_type": "user",
"actor_id": "admin-uuid",
"action": "user.blocked",
"target_type": "user",
"target_id": "user-uuid",
"ip_address": "10.0.1.50",
"user_agent": "Mozilla/5.0...",
"metadata": { "reason": "brute_force", "attempts": 5 },
"created_at": "2026-03-22T10:30:00Z"
}Logged actions
| Category | Actions |
|---|---|
| Auth | login.success, login.failed, token.issued, token.revoked, password.reset, password.changed, mfa.enrolled, mfa.verified |
| Users | user.created, user.updated, user.deleted, user.blocked, user.unblocked |
| Roles | role.created, role.updated, role.deleted, role.assigned, role.removed, permission.created |
| Groups | group.created, group.updated, member.added, member.removed, group.role.assigned |
| SSO | connection.created, connection.updated, connection.deleted, saml.login, oidc.login |
| Cloud | cloud.credentials, cloud.console_signin, cloud.account.created, cloud.mapping.created |
| Access | agent.registered, policy.created, policy.updated, access.allow, access.deny |
| SCIM | scim.user.created, scim.user.updated, scim.sync.success, scim.sync.failed |
| Admin | tenant.updated, api_key.created, api_key.revoked, plan.upgraded |
Export
On Scale and Enterprise plans, export audit logs as CSV or JSON:
GET /manage/v1/acme/logs/export?format=csv&created_after=2026-03-01Observability dashboard
The console includes a built-in observability page with:
- Login success/failure chart (Chart.js)
- Active users over time
- Top failed login IPs
- MFA adoption rate
- SSO connection health
GET /manage/v1/acme/observabilityReturns pre-aggregated metrics for dashboard rendering.
Retention
| Plan | Retention |
|---|---|
| Build | 7 days |
| Ship | 30 days |
| Scale | 90 days + export |
| Enterprise | 365 days + export |