How to use the Audit Log
βNavigation prompt
Go to REPORTING > click Audit log
The Audit Log in evaluagent lets administrators view and track specific user-triggered events across the platform. This feature is essential for compliance, security, and user activity monitoring.
Required permissions
Feature flag | Technical name | Description |
Default | Included by default | Audit log is available to all contracts |
Required permissions:
View Audit Log β to access and view audit records
Note: Contact your evaluagent administrator if you don't have access to these features.
Accessing the Audit Log
Navigate to the Reporting section in the main menu
Click on Audit Log in the reporting menu
The system displays a chronological list of all recorded activities
Filtering audit logs
At the top of the audit log page, you'll find filtering options to narrow down log entries:
Date range selection
Select specific start and end dates using the date range selector.
User filtering
Filter by individual users from the user dropdown, or select "Show all users" to view events from everyone.
Team filtering
Filter by hierarchical teams or departments. Team structure is displayed with indentation to show hierarchy.
Custom group filtering
Filter by custom user groups you've defined in your system.
Event filtering
Filter by specific event types using the event selector. Events are organised by category for easier selection. You can select multiple events at once, and selected events appear as badges that can be removed individually.
Session filtering
Filter by session ID to see all related actions in a single user session. Session IDs group together related activities performed in one sitting.
All dropdowns support multi-select to combine filters for more precise auditing.
Viewing audit entries
Basic list view
The main table displays the audit trail based on your selected filters:
User: The person who performed the action (with "System" shown for automated actions). Displays "Impersonated by [Name]" if an administrator was acting on behalf of another user.
Event name: The specific action triggered (hover to see the full description in a tooltip)
Event category: The broader category of the event
Event date: When the event occurred
Event time: The time when the event occurred
Click any column header to sort by that column.
Detailed view
For more information, click the Actions menu and select:
View session events: View all events that occurred in the same session (only available if a session ID exists)
More info: Open a detailed modal showing basic log information (user, event name, timestamp, IP address), associated resource information with links to related items, and raw metadata showing technical details
Audit log categories and events
The Audit Log organises events into 21 categories. Here are the main ones:
User Actions
User login, user logout, failed login, account locked, account unlocked, account locked - login fail, password reset, UI preference changes.
Admin
User management (create, edit, reactivate, deactivate, remove from contract), scorecard management (publish, deactivate), API key management (create, delete), and system operations (run audit report, sandbox refresh).
Quality and Evaluations
Contact management (create, edit, delete, reassign), attachment management (upload, view, delete), evaluation management (start, delete, publish, edit, assign for review, review completed, query reassigned), scorecard events (created, updated, duplicated, copied, roles updated, guidelines updated), calibration events, badge and data capture question management.
Analytics
Entity recognition activation/deactivation, topic management (create, edit, delete, duplicate, activate, deactivate, link/unlink to scorecards and line items), analytics processing and AI events.
Assignment Builder
Work queue template management, evaluator management, contact type management, and queue operations.
1-to-1s
Session management (created, submitted, viewed, acknowledged, scheduled, deleted) and development plan events.
Actions
Action management (created, messages, closed, deleted, bulk actions) and learning management (eLearning lessons and paths assigned).
SCIM
User created, modified, deactivated, and reactivated via SCIM.
Settings
Quality settings updated, feedback label updated, notification settings updated, support access granted/revoked.
Security Settings
MFA settings, password settings, SCIM enabled/disabled, SSO provider management.
Integrations
Integration configuration changes.
Feedback
Evaluation feedback created/updated, access feedback table.
Coaching
Attachment management for coaching sessions, access coaching session table.
Community
Engagement management, auctions, Voice of the Employee (suggestions, tags).
SmartScore
SmartScore moment created/edited.
Reporting
Quality performance, line item performance, category performance, calibration performance, and exporter run events.
Custom Reporting Groups
Manual reporting group and SmartGroup management.
RFC and Intent
RFC and Intent lifecycle events (created, updated, approved, declined, archived, restored) and auto-generation settings.
Auto Publish
Auto publish job executed, edited, and failed events.
Other
External content sharing, domain management, and miscellaneous events.
Exporting data
Click the Download to CSV button in the top right
The CSV export includes all filtered records with complete details
Use this for compliance reporting, backup, or analysis in external tools
Best practices
Regular review process
Schedule regular reviews of critical system areas (user management, security settings, integrations)
Document significant findings including security incidents or unusual patterns
Focus on high-priority events such as failed login attempts, administrative user changes, security settings modifications, API key creation/deletion, and integration configuration changes
Targeted monitoring
Security monitoring:
Monitor failed login attempts and account lockouts
Track password resets and account status changes
Review MFA, SSO, and SCIM configuration changes
User management:
Track user creation, modification, and deactivation
Monitor role and permission changes
Review API key lifecycle events
Quality assurance:
Monitor evaluation creation and publishing
Track scorecard changes and publications
Review calibration session activities
Session-based investigation
When investigating specific incidents:
Identify the initial event of concern
Click "View session events" from the actions menu
Review all activities performed in that session
Look for patterns or related activities
Document the complete sequence of events
Documentation and reporting
Export critical log sections regularly for archival purposes
Keep records of significant events with context and resolution notes
Include in compliance reporting for audits and regulatory requirements
Troubleshooting
No results appearing
Verify your permissions include audit log access
Check your date range selections aren't too restrictive
Clear all filters and try again
Ensure you haven't filtered to a user or team with no activity
Missing expected events
Verify the event type isn't filtered out
Check if the feature generating the event is enabled for your contract
Confirm the date range includes when the event should have occurred
Cannot view details
Ensure you have appropriate permissions
Check if the related resource still exists
Verify your user account has access to view the related resources
Export not working
Check your browser's download settings
Try reducing the date range if the export is very large
Contact support if the issue persists
Feature availability notes
Some audit events may not be visible depending on your contract's enabled features:
1-to-1 events require the 1-to-1s feature
Coaching events require the Coaching feature
Feedback events require the Feedback feature
Work queue events require the Assignment Builder feature
SCIM events require the SSO/SCIM feature
Calibration events require the Calibration feature
Analytics events require the Analytics Data Processing feature
If you don't see events you expect, verify that the corresponding feature is enabled for your account.