Security History

Created on:
Updated on:


The Security History page is a helpful tool if you are investigating a possible security breach. However, the best action you can take to prevent a breach from happening in the first place is to ask users to enable Two-Step Verification.

A lot of data is stored within your account, which means security is essential and should be taken seriously. The Security History page in Account settings empowers organization administrators to stay informed of your account's activity and help find any potential breaches.



The security logs began collecting data on 12/14/2022. Earlier data does not exist.


Logs will be created by several events that take place inside your account. These records provide you with a tool to review and look for any suspicious activity when facing a potential security breach. If a problem happens, it isn't always clear whose account was compromised. For example, if you think someone got into your account through an organization administrator's profile, the Security History logs will help you identify whose profile was accessed.

Filter Logs

Use filters to narrow down the log list based on available options. You can filter by date range and then by User Name, User ID, IP Address, and Events.

User Name

Type in a person's name to search the logs for only their activity.


User ID

The User ID can be found inside a log next to the person's name or in their profile URL in People, beginning with AC.


IP Address

Search by IP Address to view all events tied to the same geolocation.



Events help you track activity inside your account by specific actions. There are several event types available.

Event Type


Logged In

A log is created each time a person logs in.

Password Set

A log is created whenever a person sets a password for the first time.

Password Reset

A log is created each time a person resets their password.

Two-step verification device created

A log is created each time someone enables two-step verification.

Two-step verification device deactivated

A log is created each time someone disables two-step verification for their profile.

Two-step verification deactivated for a person

A log is created each time an organization administrator disables two-step verification for a person.

Two-step verification device recovered

A log is created each time a person uses their recovery key.

Personal access token created

A log is created each time someone makes a personal access token to connect to your account through the API.

OAuth integration connected

A log is created each time a third-party application connects to your account.

Org admin permission changes

A log is created each time an organization administrator is added or removed.


Data collection for permission changes began on October 18, 2023. No earlier data exists.

Log Details

Each log will include the event type, user, IP address, and time. Inside each log is more information about the event that took place.

  1. Click the arrow to expand the log.

  2. Details about the event, including user and device information, are included in the expanded log.

  3. Click the user's name to view their profile in People.

  4. Click on available filterable items to view a list of logs about that specific information.

Clear Filters

After reviewing a filtered list of logs, click Clear Filters to return to the main log list.

Was this article helpful?
2 out of 2 found this helpful