Skip to content

Audit log

The audit log is a paginated record of every significant configuration and security event in your workspace. Admins use it to see who changed what and when. It lives at SettingsSecurity, below the security controls.

Only workspace admins can see the audit log. Coordinators and submitters do not have access.

Events are grouped into seven categories. Use the category chips at the top of the table to filter to one or more categories.

| Category | What it covers | |---|---| | Workspace | Organisation tab edits: workspace name, logo, timezone, locale. | | Workflow | Workflow tab edits: SLA days, score display format, minimum reviewers. | | AI | AI tab edits: organisation context, response style, vocabulary. | | Notifications | Notifications tab edits. | | Security | Security tab edits: passkey requirement, session length, 2FA requirement, trusted-device changes. | | MFA | 2FA enrolment, disablement, recovery code generation, step-up verification successes. | | Billing | Plan changes, checkout sessions, customer portal sessions. |

Each row in the table shows:

  • Event type, a short label describing what happened.
  • Actor, the display name and email of the person who triggered the event.
  • Timestamp, when the event occurred (your workspace's default timezone).
  • IP address, the originating IP of the request that triggered the event.
  • Summary, a one-line description of the change.

Click any row to expand it and see the full event metadata, including the before and after state where applicable.

Three filters sit above the table:

  • Category chips, toggle one or more categories to show only matching events.
  • Date range, pick a from and to date (inclusive) to narrow the window.
  • Actor, type a name or email address to filter by who triggered the event.

Filters combine — for example, select the MFA category, set a date range for last week, and type a colleague's name to see only their MFA events in that period.

The table shows 25 events per page by default. You can increase this up to 100 per page. Events are sorted newest first.

To export the current filtered view, click Export CSV. The download includes all rows matching the active filters, not just the current page. This is useful for compliance reviews, handovers, or archiving.

  • Ideas, scores, comments, and decisions. Those live in the idea's status timeline, accessible from the idea's detail page.
  • Events from other workspaces. Every workspace sees only its own events, and this is enforced at the database level.
  • Cross-tenant system events. Sparqbox staff use separate internal tools for cross-workspace operations.

Workspace settings

Workspace settings is where security controls that generate audit events live.