Available for: Enterprise Plan
Set up by: Company Admins
Audit logs allow organization admins with relevant privileges to track user activity in their Miro organization. Logs are extremely useful when investigating a problem or getting a detailed report of important events (for example, changes to the global security settings, invitations of new users, or new boards created).
✏️ Currently, the events are logged from the moment of the Enterprise subscription creation and are stored for 180 days by default:
a) If you upgrade to Enterprise from a different plan, the events will be logged from the moment of the upgrade.
b) If you migrate some teams to the Enterprise subscription, their data will be logged only when they become a part of the subscription.
Accessing audit logs
To access audit logs, do the following:
- Go to Company Settings.
- On the left panel, click Security > Audit logs.
-
You can filter the audit logs by choosing a Date range, an Actor, an Event category, and a specific Event.
✏️ The option to filter by Actor, Event category, and specific Event is being rolled out gradually.
Filtering audit logs by Date range
Click the View events button to preview the events matching your filtering criteria. Time is displayed in ISO 8601 format, in the local time zone. You can see details of a particular event by clicking on three dots in the Details column.
Audit Log Details window
✏️ Only events that occurred during the last 90 days are available for preview.
Export audit logs
You can export logs in a CSV file format.
In the CSV Export file, the event date and time are provided in ISO 8601 format, UTC time zone. There is no limit on the number of records to be exported at a time; however, the more mode data you export, the longer it takes to prepare the file to download. Also, be mindful that popular applications for working with tables have their limits to the volume of data they can open.
To export logs, click the Export to CSV button.
The bar with your export file details will appear below. When the file is ready to download, you can click the Download CSV button. The file will be available for download for 24 hours.
✏️ Currently, only one export file is available for download per organization at a time. Clicking the Export to CSV button will replace the current export file.
Access audit logs via API
Admins can use the Audit Log API or supported SIEM Integrations to programmatically access and collect audit log data.
Deleting audit logs
Admins can set a retention policy for audit logs. You can choose between 30, 90, 180, or 365 days.
⚠️ Once audit logs are deleted, they cannot be recovered.
✏️ Indefinite retention for audit logs has been deprecated.
To set a deletion period, do the following:
- Go to Company Settings.
- On the left panel, click Security > Audit logs.
- Under Audit logs, click the Settings tab.
- Choose an option from the drop-down list. You will be asked to confirm your choice.
Setting audit logs deletion periods
Events in Audit logs
The audit logs include records about the following categories of events:
- Change Company name
- Change, remove Company logo
- Created access request
- Declined access request
- Enable, disable or change SSO/SAML settings
- Enable, disable SCIM
- Generate token for SCIM API
- Enable, disable SCIM notifications
- Enable, disable, change allowlist
- Enable, disable sharing with guests outside of allowed domains
- Enable, disable sharing via public link
- Enable, disable sharing via public link for editing
- Enable, disable team privacy
- Enable, disable, update domain control settings
- Enable, disable Block deactivated users
- Change request management settings (including changing ServiceNow email or service desk URL)
- Create, delete a team
- Change team name
- Change, remove team logo
- Change team invitation settings
- Change team discovery
- Enable, disable guests for a team
- Change default board sharing settings
- Change default project sharing settings
- Install, uninstall an app
- Approve, restrict an app
- Invite a new team member
- Convert a member to guest
- Convert a user to Full member
- Promote a user to Company admin, revoke Company admin
- Promote a user to Team admin, revoke Team admin
- Delete a user from a team or from a company (if a user leaves a team, they act both as an actor and an affected object)
- Revoke invitation
- Deactivate, reactivate a user
- User joins a team/Company
- Open a board
- Create, delete, restore a board
- Rename a board
- Change board description
- Change board cover
- Move a board to another team
- Add a board to a project, remove from a project, move to another project
- Change a Board owner
- Share a board with a Viewer/Commenter/Editor
- Remove a user from a board
- Enable, disable, change board public link
- Enable, disable, change password for a public board
- Enable, disable, change sharing a board with Company
- Enable, disable, change sharing a board with team
- Upload a file, download a file, export a board - please note that tracking these events is enabled upon request; reach out to Miro Support
Please note, the audit log does not record information related to changes on boards.
- Open a template
- Create, delete, restore a template
- Rename a template
- Change a Template owner
- Create, delete a project
- Rename a project
- Share a project with a user, remove a project participant
- Enable, disable team sharing for a project
- Change a Project owner
- Sign in
- Failed to sign in
- Sign out
- Profile locked, unlocked
⚠️ Login events will include the activity of Deactivated users.
- Change profile details
- Request an email address change
- Change email address
- Use Miro AI feature