Track user assignments and events with the audit log

Last updated on Apr 13, 2026

Applies to enterprise & teams.

To track changes made in the Admin Console across settings, admins, users, and products, sign in and navigate to Insights > Logs > Audit Logs.

Overview of audit log

The audit log supports compliance, prevents unauthorized access, and enables investigation of suspicious activity. As a system administrator, you can view all changes in the Admin Console, search by action type, time, or user, and download reports for analysis. It helps you identify events such as why a user lost product access, when a new user was added and by whom, and when a former user was removed.

Note

The audit log captures only organization‑level changes. It does not record product‑specific events, such as creating a Report Suite in Analytics or deleting an HTML template in Adobe Sign.

View and download the audit log

To view or download your organization's audit log, do the following:

As a system administrator, sign in to the Admin Console and navigate to Insights > Logs.

Click Audit Log.

By default, the log displays the following information about the events occurred in the last seven days:

Field

Description

Date

The date and time of the event in the local time zone.

Event Name

Description of the event performed.

Event Details

Additional details on an event, if available.

Object Name

The name of the product, product profile, or user group that is involved in the event, as applicable.

Affected User

The email of the user affected by the event, if applicable.

Admin

Email address of the admin who performed the event. "System" is displayed if the event was performed by an Adobe back-end system.

IP Address

IP address of the machine where the action was taken. Usually reflects the physical location, but could be a proxy server or VPN address.

Define a date range or use the search field to search the events by event name, affected user, or the admin who performed the event.

Note
  • Audit Log retains the last 90 day's events. However, events performed before the launch of this feature are unavailable.
  • Most of the events appear instantly, with a small chance that some are delayed or omitted.
  • Cascading events are not included in the log. For example, if you delete a user group with three users in it, the log only includes the user group deletion, the three additional events about the users' removals from the group are not included.
Audit Log

The results are displayed. To download the results, click Export CSV.

The results are downloaded in a csv file. For a description of the fields in the downloaded file, see Log Schema.

Note

If your organization is a child organization within the Global Admin Console hierarchy, actions taken by a Global Admin that affect your organization are included in the audit log. Learn more about how Global Administrators can track changes made in the Global Admin Console.

Know your audit log report

The report you download contains the following information for each event:

Field

Description

Id

Event ID

eventTime

The date and time of the event in the local time zone.

eventType

Name of the event.

eventSubType

If available, additional details on an event.

actorEmail

Email address of the admin who performed the event. "System" is displayed if the event was performed by an Adobe back-end system.

targetUserEmail

Email address  of the affected user, if applicable.

targetGroupName

Affected user group name, if applicable.

targetProductName

Affected product name, if applicable.

targetProfileName

Affected product profile name, if applicable.

IpAddress

IP address of the machine where the action was taken. Usually reflects the physical location, but could be a proxy server or VPN address.

Access audit logs through API

To programmatically collect audit logs and integrate them with your own storage or security information and event management (SIEM) monitoring tools, use Adobe I/O Events. Logs are delivered in Open Cybersecurity Schema Framework (OCSF) format, with event details documented in the setup guide.

Access to the Admin Console Audit Logs event provider is limited to system admins and users assigned the Admin developer role. Refer to Manage user roles for instructions on granting or revoking user roles.