Reading activity logs
Activity logs are the operational story of your tenant: invitations accepted, roles changed, sensitive records viewed or edited, and bulk operations that deserve a second look. This guide explains how to read log entries, filter for investigations, and pair product logs with your IdP’s sign-in history when incidents span systems.
Managers troubleshooting “something looks wrong” and admins conducting routine oversight both start here.
Overview
Section titled “Overview”Each event captures actor, action, target, and timestamp at a granularity appropriate to the domain—enough to reconstruct narrative without dumping full record payloads into logs by default. Use filters to narrow to a user, object type, or date range before exporting for leadership.
Remember that logs explain platform behavior, not intent: pair entries with change tickets or policies when presenting to auditors. Retention windows and export formats will be documented alongside compliance guides as they finalize.