Audit logs provide a record of changes and usage on PagerDuty Workflow Automation, and give admins an audit trail of user and team activity.
Admins have the ability to filter by start and end date, user, IP Address, event type, and more. You can even use the Audit logs API for more fine grained control.
note
Note: Audit logs show data dating back to mid-September 2021, when this feature and API method became available to teams.
View the Audit Logs
Team admins can review audit logs from the Admin Team Center. > Admin > Audit Logs
Audit log action types
There are over 20 different events, or “actions” tracked in your team audit logs. See the list below for all the types of actions, and details on each type.
Action Manager
Action
Additional details
Action status changed
The Action & Integration Manager was used to change whether an action was enabled, disabled, given restrictions, or had users added to the allow list.
Files
Action
Additional details
File uploaded
A file was uploaded into a Workflow or Instance.
Groups
Action
Additional details
Group created
Group activated
Group deactivated
Group role changed
The group role, such as Team Member, Admin, Builder, or Non-Builder was changed.
User added to group
User removed from group
Integrations
Action
Additional details
Integration connection created
A new connection was added to an integration.
Integration connection removed
An existing connection was removed from an integration.
Integration permissions changed
The permissions on an integration changed, or specific users were added or removed from the allow list.
Tables
Action
Additional details
Table archived
Table column added
Table column removed
Table created
A table was created, or a table was imported.
Table edited
A table was edited, such as the name was changed, data was appended, or table protections were enabled.
Table permissions changed
Table permissions changed, such as being enabled, disabled, or had users added to the allow list.
Table unarchived
Tasks
Action
Additional details
Web form task completed
An assigned web form task was completed.
Task completed
Task reassigned
Team Settings
Action
Additional details
Team setting changed
A team setting was changed, such as web form settings or editing permissions.
Team SSO disabled
Team SSO enabled
Users
Action
Additional details
User accepted invite
User activated
User changed password
User deactivated
User entered incorrect password
User attempted login when locked out
User locked out
User logged in
User logged out
User profile changed
User role changed
The user’s role, such as Team Member, Admin, Builder, or Non-Builder was changed.
User sent invite
A user sent an invite from the team.
Workflows
Action
Additional details
Workflow archived
Workflow cancelled
Workflow commented on
Workflow created
Workflow draft created
Workflow draft publish request cancellation
Workflow draft publish request
Workflow edited
A workflow as edited in one of many ways, such as an action was edited, actions were reordered, actions were removed, or more.
Workflow exported
Workflow imported
Workflow instance edited
An instance of a Workflow was edited, such as a field.
Workflow instance permissions changed
A Workflow instance had permissions changed, such as being set to open, restricted, or had users added to the view and edit list.
Workflow permissions changed
A Workflow had permissions changed, such as being set to open, restricted, or had users added to the view and edit list.
Workflow started
Workflow trigger created
Workflow trigger edited
Workflow trigger removed
Workflow unarchived
Workspaces
Action
Additional details
Workspace created
Workspace removed
Workflow added to workspace
Workflow removed from workspace
Workspace added to another workspace
Workspace removed from another workspace
Use the Audit Logs API
General Audit logs are accessible to each admin from the Admin Team Center. However, you can also use the Audit logs API to access the logs programmatically—this is most useful to export the content into a format that is easily imported by external systems.
To use the API, you’ll need to use the audit log endpoint, and authenticate with an access token.
note
Note: Audit logs show data dating back to mid-September 2021, when this API method became available to teams.