As a system administrator, sign in to the Admin Console and navigate to Insights > Logs.
Applies to enterprise & teams.
To track changes made in the Admin Console across settings, admins, users, and products, sign in and navigate to Insights > Logs > Audit Logs.
Overview of audit log
The audit log supports compliance, prevents unauthorized access, and enables investigation of suspicious activity. As a system administrator, you can view all changes in the Admin Console, search by action type, time, or user, and download reports for analysis. It helps you identify events such as why a user lost product access, when a new user was added and by whom, and when a former user was removed.
The audit log captures only organization‑level changes. It does not record product‑specific events, such as creating a Report Suite in Analytics or deleting an HTML template in Adobe Sign.
View and download the audit log
To view or download your organization's audit log, do the following:
Click Audit Log.
By default, the log displays the following information about the events occurred in the last seven days:
|
Field |
Description |
|---|---|
|
Date |
The date and time of the event in the local time zone. |
|
Event Name |
Description of the event performed. |
|
Event Details |
Additional details on an event, if available. |
|
Object Name |
The name of the product, product profile, or user group that is involved in the event, as applicable. |
|
Affected User |
The email of the user affected by the event, if applicable. |
|
Admin |
Email address of the admin who performed the event. "System" is displayed if the event was performed by an Adobe back-end system. |
|
IP Address |
IP address of the machine where the action was taken. Usually reflects the physical location, but could be a proxy server or VPN address. |
Define a date range or use the search field to search the events by event name, affected user, or the admin who performed the event.
- Audit Log retains the last 90 day's events. However, events performed before the launch of this feature are unavailable.
- Most of the events appear instantly, with a small chance that some are delayed or omitted.
- Cascading events are not included in the log. For example, if you delete a user group with three users in it, the log only includes the user group deletion, the three additional events about the users' removals from the group are not included.
The results are displayed. To download the results, click Export CSV.
The results are downloaded in a csv file. For a description of the fields in the downloaded file, see Log Schema.
If your organization is a child organization within the Global Admin Console hierarchy, actions taken by a Global Admin that affect your organization are included in the audit log. Learn more about how Global Administrators can track changes made in the Global Admin Console.
|
Field |
Description |
|---|---|
|
Id |
Event ID |
|
eventTime |
The date and time of the event in the local time zone. |
|
eventType |
Name of the event. |
|
eventSubType |
If available, additional details on an event. |
|
actorEmail |
Email address of the admin who performed the event. "System" is displayed if the event was performed by an Adobe back-end system. |
|
targetUserEmail |
Email address of the affected user, if applicable. |
|
targetGroupName |
Affected user group name, if applicable. |
|
targetProductName |
Affected product name, if applicable. |
|
targetProfileName |
Affected product profile name, if applicable. |
|
IpAddress |
IP address of the machine where the action was taken. Usually reflects the physical location, but could be a proxy server or VPN address. |
Access audit logs through API
To programmatically collect audit logs and integrate them with your own storage or security information and event management (SIEM) monitoring tools, use Adobe I/O Events. Logs are delivered in Open Cybersecurity Schema Framework (OCSF) format, with event details documented in the setup guide.
Access to the Admin Console Audit Logs event provider is limited to system admins and users assigned the Admin developer role. Refer to Manage user roles for instructions on granting or revoking user roles.