# Security Audit Logs

Security audit logs show sign-in and account security events for your institution so administrators can investigate access issues and support compliance reviews.

## Overview

Open **Settings → Logs** (`/settings?tab=logs`). The panel is titled **Security activity** and is available to **institution administrators**.

These logs cover authentication and account-security events—not a full history of every clinical or academic edit in the product.

## What you’ll see

Each row typically includes:

- **When** the event occurred
- **Who** acted (name and email when available)
- **Event type** (for example Signed in, MFA failed, Role changed)
- **Details** (for example email/password vs SSO, invite target, API key label)
- **IP address** when it is available

Filter by recent window (**Last 7**, **30**, or **90 days**) and by event group:

- All events
- Signed in / out
- MFA
- Invites & passwords
- Account changes
- API keys

## Event types

Common events include:

- **Signed in** / **Signed out** — including whether login used email/password or SSO
- **MFA** verified, enrolled, or failed
- **Invite sent**, password reset requested, password set
- **Email changed**, **role changed**, user archived or restored
- **API key** created, updated, or revoked

Use these signals together with **Settings → Security** (MFA and SSO) and **Settings → REST API** key management.

## Typical compliance use

Institutions often use Logs to:

- Show access-control evidence during security or accreditation-related reviews
- Investigate suspicious sign-ins or repeated MFA failures
- Confirm who changed roles or archived accounts
- Track API key lifecycle for integration audits

Export or screenshot practices should follow your institution’s evidence policies; retain copies outside the 90-day UI window when longer retention is required.

## Tips

1. Check Logs after SSO cutovers or MFA rollouts to confirm expected sign-in methods.
2. Filter to **API keys** when rotating integration credentials.
3. Pair role-change events with the Users page when auditing privileged access.
4. Limit Logs access to institution admins who need security oversight.

## Troubleshooting

**Logs tab missing**  
Confirm you are signed in as an institution administrator. Not every admin-role user has this tab.

**No rows for a date range**  
Widen the window or clear the event filter. Quiet periods are normal for small teams.

**IP shows blank**  
Some clients do not report a usable IP; the event can still be valid without it.

**Need older than 90 days**  
The UI focuses on recent windows. Contact support if you need help with longer-term compliance evidence processes.

## Related features

- **Settings**: Security (MFA/SSO), REST API keys, and Logs
- **Enterprise-SSO**: SSO sign-in and directory provisioning
- **Users**: Role and account changes reflected in Logs
- **REST-API**: API key creation and revocation events

## Support

For security log or compliance questions: support@healthtasks.ai
