Is there any feature in the Teams service that does audit logging of user actions?

jamescatjamescat Junior Member

We have recently purchased licenses for our new Teams account. While setting up Vaults, Users, and access between them, I asked my boss about how we wanted to handle distribution of the multiple Admins / Owners roles. One thing that he wanted to know about was whether there was any auditing, so we could track if one of the Admins/Owners had reset another user's account. Similarly, I think he'd want to know whenever passwords were Trashed, and Trashes Emptied, and Users created, and Vault permissions changed... if any or all of that is also possible.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:user audit

Comments

  • khadkhad Social Choreographer

    Team Member

    Hi @jamescat,

    Thanks for asking about this.

    Admins and owners will receive an email notification when account recover is initiated for any user.

    We keep a log of most (if not all) of the other activities you mentioned, but we haven't yet exposed it in the UI. It's on our list for a future revision. :)

    From the 1Password Teams pricing page:

    I don't have a time frame for a specific date, but hopefully it won't be too much longer. :+1:

  • hesspaulhesspaul Junior Member

    Just a +1 for exposing the activity log. Filters would be nice if it's large. :-)

    I specifically want to be able to see a log of certain doubtful users' actions who are known to sometimes delete or change data without thinking of or understanding the impact on others. I am setting them up for only certain vaults and to be able to move items to trash but not to empty the trash, and I would like to occasionally browse an activity log of items they either edited or trashed.

  • hesspaulhesspaul Junior Member

    p.s. I view this as a great way to slowly train some users over time. I can tell them "I notice you did XYZ, and that now prevents Lillian down the hall from doing things she needs to do. What were you trying to achieve when you did that, and a better way would have been to do ABC."

  • MeganMegan

    Team Member

    Hi @hesspaul,

    Thanks so much for sharing your thoughts here! I’ll let our team know you’re excited to see the Activity Log. :)

  • JacobJacob

    Team Member

    @hesspaul @jamescat Just wanted to let you know the Activity Log feature is now in beta. Feel free to enable it from your settings page and let us know what you think. :) It has some filters as well, and we're open to feedback on making them better.

  • hesspaulhesspaul Junior Member

    Wow @penderworth it's off to a great start already! I'm wishing that the log would name items (except of course if they are in someone's personal vaults). There also might be something flaky going on with the filter by type option not quite filtering all items by that. I'll try to test more carefully tomorrow and let you know if I see a genuine issue.

  • hesspaulhesspaul Junior Member

    p.s. Very impressed to also see an activity log display on the management page of each individual vault.

  • brentybrenty

    Team Member

    @hesspaul: Thanks for the feedback! I'm glad you're enjoying the new activity log. Be sure to let us know if you have any other suggestions! :)

  • JacobJacob

    Team Member

    @hesspaul Very good to hear indeed. :) Let us know if you do find some consistent issues.

  • jamescatjamescat Junior Member
    edited July 2016

    @penderworth Glad to see the Activity Log, but as mentioned elsewhere ( https://discussions.agilebits.com/discussion/66597/activity-log-should-be-more-detailed-and-allow-export-via-syslog-or-webhook ) it would help if it were exportable to syslog or a webhook, plus had more detail about certain actions as @hesspaul mentions.

    But sadly, even just printing the log for my boss is impossible without doing some major "Web Inspector" hacking of the CSS, because it only prints a single page, and chops off data otherwise. A simple print or CSV-export (or better yet, TSV-export) option would be a good step forward until / unless something like a webhook is made available. Thanks!

  • JacobJacob

    Team Member

    @jamescat Thanks for the feedback! As Roustem mentioned there, we'll keep this in mind for some future improvements. :) One of our other developers also said webhook export would be nice.

  • jamescatjamescat Junior Member

    Also... I probably should be more specific, just so I'm clear that I was suggesting printing cleanly should probably be worked on first. :) A webhook or some such would be best for automating / integrating with other security systems / reports, etc. -- However, the printing issue would be nice to resolve without fiddling in CSS every time, regardless of whether a webhook is available or not.

    And then, I might note that beyond being only vaguely informative "You role Lee H. - the Communications Group" :| is not a log entry that reads very well grammatically either...

    Did I "role" him up / down to some particular level? -- These details become much more important to know when there are multiple Admins doing such things, instead of when the log just says "You did such and such" like it does so far in my account. ;)

    Finally... I'm sorry that it probably sounds entirely like a lot of griping and grousing... So remember I'm loving what you guys have done so far! -- 1Password has always been amazing, and the Teams/Families services are awesome! (I'm on Teams accounts at 2 jobs, and have my own Family account too! I love 'em! -- Although if I had a true complaint, it's that you guys are getting paid 3 times for me to sync passwords. ;) ) Just want the new features to live up to the quality of the rest... :+1: Keep up the great work, guys!!

  • brentybrenty

    Team Member

    @jamescat: No need to apologize. Those are excellent points! We definitely want to continue to refine it to make the activity log more readable — both for the humans and perhaps for the machines as well. Your suggestions and observations are much appreciated! :chuffed:

This discussion has been closed.