Audit Log#
The audit log is an append-only record of security- and identity-relevant events that occur in your Novaza workspace. It is the system of record for compliance, incident investigation, and routine security review.
What is Logged#
| Category | Examples |
|---|---|
| Authentication | successful logins, failed logins, MFA challenges, SSO redirects, logouts |
| User management | user created, deactivated, deleted, password reset, email changed |
| Role & permissions | role assigned, role revoked, group membership changed |
| SSO configuration | identity provider added, certificate rotated, protocol changed |
| Admin actions | workspace settings changed, MFA policy changed, password policy changed |
Application-level actions (records edited, workflows executed, etc.) are logged by each Novaza product separately and are out of scope for the SSO audit log.
Event Fields#
Every event records:
- Timestamp (UTC, millisecond precision)
- Actor — the user or service that performed the action
- Action — a machine-readable event code (
user.login.success,role.assigned, …) - Target — the object affected by the action
- IP address and User agent of the request
- Result — success or failure, with a reason code on failure
Viewing the Log#
Administrators can browse the log from SSO → Audit Log. Filters are available by:
- Date range
- Actor
- Action code
- Target
- IP address
The log is searchable across all visible fields.
Retention#
Audit logs are retained for 13 months by default. Enterprise workspaces can configure longer retention (up to 7 years) to satisfy regulatory requirements.
Export#
Audit events can be exported to CSV or streamed to an external SIEM. See the Admin API for programmatic access.
Tamper Protection#
Audit log entries are immutable. They cannot be edited or deleted from the user interface or the API. Retention windows apply to automatic purging only.