Table of Contents
Audit logs in Authlete provide a detailed record of security-related events and system activities.
They help administrators understand what happened, who performed it, and when and where it occurred.
Authlete audit logs capture operations such as creating or deleting organizations, services, clients, tokens, and other key events.
All actions — whether performed directly by a user or automatically by a system actor (service principal) — are recorded in a single, unified audit trail.
Each audit log entry identifies the user responsible for the action.
| User Type | Description |
|---|---|
| User | A human user performing actions through the Authlete Console or APIs. |
| Service Principal | A system-level or non-human actor that performs automated or background operations on behalf of the platform. Service principals represent trusted internal services such as migration or cleanup processes. |
Audit logs clearly distinguish between user and service principal activities, ensuring visibility into both human and automated operations.
Audit logs can be viewed in the Authlete Management Console or accessed via the Authlete API.
Once you reach the logs page, you can view the following information:
| Log Information | Description |
|---|---|
| Event Type | The category of the recorded event |
| Status | Indicates whether the event completed successfully or failed |
| Date | Timestamp of the event |
| User | The user or service principal that performed the action |
Audit logs can be filtered to help you locate specific entries quickly.
Security Login, User Delete, Client Update).
When you select an event, the log entry is displayed in JSON format showing key information about the recorded activity.
Each audit log entry may include the following fields:
| Log Field | Type | Description |
|---|---|---|
| Event | String | The type of event recorded |
| Status | String | Status of completion (success or fail) |
| Timestamp | String | Time of the event |
| Cluster | String | The environment or server group targeted (e.g., us.authlete.com, jp.authlete.com, login.authlete.com) |
| Path | String | The API endpoint or system path involved |
| Remote Address | String | IP address of the user performing the action |
| User Agent | String | The web browser or system client used to perform the action |
| User Type | String | Indicates whether the actor is a user or service_principal |
| User Identifier | String | The unique identifier of the actor (e.g., user email or service principal ID) |
| Details | Object | Additional context such as Organization ID, Service ID, or other relevant metadata |
User event types describe activities performed directly by human users through the Authlete Console or APIs.
| Event Name | Description |
|---|---|
| Organization Create | An organization was created |
| Organization Delete | An organization was deleted |
| Organization Token Create | A new organization token was created |
| Organization Token Rotate | An organization token was replaced |
| Organization Token Delete | An organization token was deleted |
| Service Token Create | A service token was successfully created |
| Service Token Rotate | A service token was replaced with a new token |
| Service Token Delete | A service token was deleted |
| Service Create | A new service was created |
| Service Delete | A service was deleted |
| Service Update | Service settings were updated |
| Client Create | A client was created |
| Client Delete | A client was deleted |
| Client Update | Client settings were updated |
| Security Login | A user logged in through OIDC authentication |
| Security Logout | A user logged out |
| Security Register | A user registered a new account |
| Security Verify Email | A user verified their email address |
| Security Login Mfa | A user logged in using Multi-Factor Authentication |
| Security Login Oidc | A user logged in using Single Sign-On (SSO) or external identity |
| Security Mfa Create | A user enabled Multi-Factor Authentication |
| Security Mfa Delete | A user removed Multi-Factor Authentication |
| Security Password Update | A user updated their password |
| User Create | A user account was created |
| User Delete | A user account was deleted |
| User Invite | A user was invited to an organization |
| User Invite Accepted | A user accepted an invitation |
| User Invite Decline | A user declined an invitation |
| User Invite Revoke | A user invitation was revoked |
| User Admin Set | A user was assigned the System Administrator role |
| User Admin Unset | The System Administrator role was removed from a user |
| Permission Change | User access permissions were updated for an Organization, Service, or Client |
Some audit entries are generated automatically by internal Authlete services or background processes.
These system-level actors are called Service Principals.
Service principals represent trusted services that perform operational or maintenance tasks on behalf of Authlete.
Their actions appear in audit logs the same way user actions do, but with:
migration-service@system.authlete.com)This ensures full visibility of both human and automated activities within a single, consistent audit view.
Service principal event types record automated actions performed by system-level or background processes.
These events reflect non-human activity such as maintenance or data migration tasks performed by trusted Authlete services.
| Event Name | Description |
|---|---|
| Migration Service | Automated background service that processes or transfers data between systems as part of migration operations. |
| Batch Cleanup Service | Internal background service that performs scheduled maintenance or cleanup of expired tokens and resources. |
These event types appear alongside user events within the same audit log interface.
Each entry lists its User Type as a Service Principal to indicate that the operation was automated.
Authlete audit logs provide a unified record of all activity — whether performed by users or by automated system actors.
By distinguishing between user and service principal events, Authlete ensures complete transparency, accountability, and traceability across the platform.