Understanding the Admin audit log
Last updated: July 16, 2026
Who can use this feature
Supported on Enterprise plans
Accessible to org admins and business admins

Maintain transparency and control with our new Admin audit log: a centralized record of all system-level activity.
Accessing the Admin audit log

To access the Admin audit log, go to Org settings > Billing & reporting > Audit log.

The Admin audit log provides admins with the information they need to track system-level activities like:
Configuration changes
User management updates
Security-related activities
Understanding the Admin audit log
The Admin audit log records actions occurring in the WRITER app and via API. For a full list of events recorded, see the chart below.
Each recorded action includes key metadata, including:
Actor (user email)
IP address
Product area (the part of the product in which the action occurred, e.g. style guide, settings, sign-in, etc)
Action taken
Result (whether the attempt was successful or not successful)

You can conduct a search to narrow down the events on display. You can search by:
Event
IP address
You can filter by:
Area
Event
Actor (email address)
Result (whether the attempt was successful or not successful)
You can sort by the most recent or least recent events.
Events captured in the Admin audit report
Product Area | Action |
Sign in | Enable password |
Sign in | Disable password |
SAML/Domain discoverability | Enable SAML domain |
SAML/Domain discoverability | Disable SAML domain |
SAML/Domain discoverability | Update domain discoverability settings |
Security | Updated domain management settings |
Billing groups | Create a billing group |
Billing groups | Update a billing group |
Billing groups | Delete a billing group |
ServiceAccount | Created service account |
ServiceAccount | Deleted service account |
OAuthApp | Created OAuth app |
OAuthApp | Updated OAuth app |
OAuthApp | Deleted OAuth app |
Team | Created team |
Team | Updated team |
Team | Deleted team |
Style guide | Created style guide page |
Style guide | Updated style guide page |
Style guide | Deleted style guide page |
Style guide | Published style guide |
Style guide | Unpublished style guide |
Style guide | Updated style guide settings |
Style guide | Updated style guide appearance |
People | Invited WRITER app user |
People | Invited AI Studio user |
People | Deleted user |
People | Updated user billing group |
People | Updated user organization role |
People | Updated user organization console role |
Suggestion | Updated suggestion Punctuation settings |
Suggestion | Updated suggestion Style settings |
Suggestion | Updated suggestion Clarity settings |
Suggestion | Updated suggestion Delivery settings |
Suggestion | Updated suggestion Inclusivity settings |
Suggestion | Updated suggestion Compliance settings |
Suggestion | Updated suggestion Plagiarism settings |
Suggestion | Updated suggestion General settings |
Suggestion | Updated suggestion Grammar checker settings |
Suggestion | Updated suggestion Terms settings |
Term | Created term |
Term | Updated term |
Team | Deleted term |
Snippet | Created snippet |
Snippet | Updated snippet |
Snippet | Deleted snippet |
Voice | Created voice |
Voice | Updated voice |
Voice | Deleted voice |
Team prompt | Created team prompt |
Team prompt | Updated team prompt |
Team prompt | Deleted team prompt |
Knowledge Graph | Created knowledge graph |
Knowledge Graph | Updated knowledge graph |
Knowledge Graph | Deleted knowledge graph |
Knowledge Graph | Added knowledge graph files |
Knowledge Graph | Deleted knowledge graph files |
Knowledge Graph | Data connector added to Knowledge Graph |
Knowledge Graph | Data connector removed from Knowledge |
Magic link | Added magic link website |
Magic link | Deleted magic link website |
Teammate | Added teammate |
Teammate | Removed teammate |
Teammate | Updated teammate role |
Connectors | MCP connector created |
Connectors | MCP connector updated |
Connectors | MCP connector deleted |
Connectors | MCP connector accessed |
Note: the following connector types are supported: Box, GoogleDrive, Notion, OneDrive, SharePoint, Confluence, Zendesk
Configuring audit log export
You can ingest data from our admin audit log into your SIEM of choice via S3 export, allowing you to query and integrate WRITER audit log data into your preferred platforms.

To get started, select Configure logs from the top right corner of the page.

Next, setup an S3 bucket and corresponding IAM policy on AWS.
Enter your S3 bucket name and role name (ARN) copied from your IAM policy into your Writer settings and select Next.

Copy the ‘Role Trust Policy’. In your AWS console, navigate to IAM > Roles, ‘Trust relationships’ and then ‘Edit trust policy’ and paste the policy.

Copy the ‘S3 Bucket Policy’. In your AWS console, navigate to your IAM policy and add this as a permission in the policy editor.

Click ‘Test & Save’ and you’ll see a successful authentication notice if configured correctly.
Frequently asked questions
Can I export the Admin audit log?

Yes, you can select the ••• menu next to the search bar to export as a CSV or an XLSX file. You can also set up S3 export as described above to automatically export log events.
How far back does the Admin audit log data extend?
The Admin audit log retains data up to 2 years and 1 month old.