Audit Logging Overview

Audit logs provide visibility for security investigations, compliance evidence, and internal governance.

Event Coverage (current)

• Authentication: logins, SSO assertions, failed attempts.

• Identity & Roles: user creation/deletion, role/permission changes, SCIM (when applicable).

• Configuration: retention settings, SSO/SAML settings, workspace/org settings.

• Content Admin: space/room creation and deletion, export/deletion operations. Roadmap additions will expand object-level access events and administrator actions.

Access & Retention

• Visible to organization administrators.

• Retained per org policy; defaults align to our Data Deletion & Retention Policy.

• Exports available to support compliance and incident response.

Integrity & Protection

• Stored in tamper-resistant systems; administrative access is itself audited. Retrieval is rate-limited and requires MFA for privileged roles.