As a system administrator, sign in to the Admin Console and navigate to Insights > Logs.
- Adobe Enterprise & Teams: Administration guide
- Plan your deployment
- Basic concepts
- Deployment Guides
- Deploy Creative Cloud for education
- Deployment home
- K-12 Onboarding Wizard
- Simple setup
- Syncing Users
- Roster Sync K-12 (US)
- Key licensing concepts
- Deployment options
- Quick tips
- Approve Adobe apps in Google Admin Console
- Enable Adobe Express in Google Classroom
- Integration with Canvas LMS
- Integration with Blackboard Learn
- Configuring SSO for District Portals and LMSs
- Add users through Roster Sync
- Kivuto FAQ
- Primary and Secondary institution eligibility guidelines
- Set up your organization
- Identity types | Overview
- Set up identity | Overview
- Set up organization with Enterprise ID
- Setup Azure AD federation and sync
- Set up Google Federation and sync
- Set up organization with Microsoft ADFS
- Set up organization for District Portals and LMS
- Set up organization with other Identity providers
- SSO common questions and troubleshooting
- Manage your organization setup
- Manage users
- Overview
- Administrative roles
- User management strategies
- Assign licenses to a Teams user
- Add users with matching email domains
- Change user's identity type
- Manage user groups
- Manage directory users
- Manage developers
- Migrate existing users to the Adobe Admin Console
- Migrate user management to the Adobe Admin Console
- Overview
- Manage products and entitlements
- Manage products and product profiles
- Manage products
- Buy products and licenses
- Manage product profiles for enterprise users
- Manage automatic assignment rules
- Entitle users to train Firefly custom models
- Review product requests
- Manage self-service policies
- Manage app integrations
- Manage product permissions in the Admin Console
- Enable/disable services for a product profile
- Single App | Creative Cloud for enterprise
- Optional services
- Manage Shared Device licenses
- Manage products and product profiles
- Get started with Global Admin Console
- Adopt global administration
- Select your organization
- Manage organization hierarchy
- Manage product profiles
- Manage administrators
- Manage user groups
- Update organization policies
- Manage policy templates
- Allocate products to child organizations
- Execute pending jobs
- Explore insights
- Export or import organization structure
- Manage storage and assets
- Storage
- Asset migration
- Reclaim assets from a user
- Student asset migration | EDU only
- Manage services
- Adobe Stock
- Custom fonts
- Adobe Asset Link
- Adobe Acrobat Sign
- Creative Cloud for enterprise - free membership
- Deploy apps and updates
- Overview
- Create packages
- Customize packages
- Deploy Packages
- Manage updates
- Adobe Update Server Setup Tool (AUSST)
- Adobe Remote Update Manager (RUM)
- Troubleshoot
- Manage your Teams account
- Renewals
- Manage contracts
- Reports & logs
- Get help
To track all changes made in the Admin Console—settings, admins, users, and products—sign in to the Admin Console and navigate to Insights > Logs > Audit Log.
Overview
Audit log helps ensuring continued compliance, safeguarding against any inappropriate system access, and auditing suspicious behavior within your organization.
As a system administrator, you have full visibility on the changes made in the Admin Console. You can search the audit log based on the type of actions, when they occurred, and who made them. Then, view and download these reports for further analysis.
Audit log makes it easy for you to understand events like:
- Why a user lost access to a product
- When a new user was added and by whom
- When a former user was removed
The audit log records changes made at the organizational level. It does not provide information around product-specific event, for example, when a certain Report Suite was created in Analytics, or when an HTML template was deleted in Adobe Acrobat Sign.
View and download the audit log
To view or download your organization's audit log, do the following:
-
-
Click Audit Log.
By default, the log displays the following information about the events occurred in the last seven days:
Field
Description
Date
The date and time of the event in the local time zone.
Event Name
Description of the event performed.
Event Details
Additional details on an event, if available.
Object Name
The name of the product, product profile, or user group that is involved in the event, as applicable.
Affected User
The email of the user affected by the event, if applicable.
Admin
Email address of the admin who performed the event. "System" is displayed if the event was performed by an Adobe back-end system.
IP Address
IP address of the machine where the action was taken. Usually reflects the physical location, but could be a proxy server or VPN address.
-
Define a date range or use the search field to search the events by event name, affected user, or the admin who performed the event.
Note:- Audit Log retains the last 90 day's events. However, events performed before the launch of this feature are unavailable.
- Most of the events appear instantly, with a small chance that some are delayed or omitted.
- Cascading events are not included in the log. For example, if you delete a user group with three users in it, the log only includes the user group deletion, the three additional events about the users' removals from the group are not included.
-
The results are displayed. To download the results, click Export CSV.
The results are downloaded in a csv file. For a description of the fields in the downloaded file, see Log Schema.
Note:If your organization is a child organization within the Global Admin Console hierarchy, actions taken by a Global Admin that affect your organization are included in the audit log. Learn more about how Global Administrators can track changes made in the Global Admin Console.
Field |
Description |
---|---|
Id |
Event ID |
eventTime |
The date and time of the event in the local time zone. |
eventType |
Name of the event. |
eventSubType |
If available, additional details on an event. |
actorEmail |
Email address of the admin who performed the event. "System" is displayed if the event was performed by an Adobe back-end system. |
targetUserEmail |
Email address of the affected user, if applicable. |
targetGroupName |
Affected user group name, if applicable. |
targetProductName |
Affected product name, if applicable. |
targetProfileName |
Affected product profile name, if applicable. |
IpAddress |
IP address of the machine where the action was taken. Usually reflects the physical location, but could be a proxy server or VPN address. |