Login Audit

​

What you can do on this page

• Review who logged in and from where.
• Filter by date range, event type, and search fields (email/IP/device).
• Investigate impersonation, invite acceptance, and forced logout events.
• Open View Details to inspect the full event record.

​

Access

• You must be a manager.
• Open Settings → Users (in the header dropdown), then click Login Audit.
• Direct URL: /{orgId}/admin/audit/logins

​

Filters

• Search — email, IP address, or device fingerprint
• Date range — defaults to the last 7 days
• Event type — multi-select

​

How to verify you’re seeing the right activity

• Confirm you’re in the correct organization (account pill / org name).
• Expand the date range if you’re looking for older events.
• Spot-check one known user/email and confirm the timestamp + event type match expected activity.
• If the IP/location looks odd, use device fingerprint + user agent for correlation (VPNs/private networks can mask location).

​

What you can see

• Timestamp
• User email (if the user still exists)
• Event type
• IP address + location (city/region/country when available)
• Device fingerprint

​

View details

• Event ID and user ID
• User agent string
• Extra info (when available)
• IP enrichment details (when available)

​

Common issues

• I don’t see a login event I expected: expand the date range, confirm the email/IP filter, and verify you’re searching the correct organization.
• User email is missing: the user may have been deleted; the event can still exist even if the user record no longer does.
• IP location is blank or odd: IP enrichment is best-effort (VPNs/private networks can mask location). Use IP + device fingerprint for correlation.