Audit Logs

Unthread Audit Logs is an admin-only page that captures key account and configuration events.

Events captured in the initial scope

Authentication & Access

• Login / logout
• Portal user registration
• Portal password reset request
• User impersonation (dashboard + portal)
• SSO config changes (enabled/disabled, protocol)
• Auth method changes (password/Google sign-in toggled)
• API key created / revoked

User Management

• User created (name, email, role)
• User updated (role, name, email, status — role changes flagged as high importance)
• User deactivated / reactivated
• User deleted

Service Accounts

• Service account created / disabled / enabled
• API key created / revoked

Projects

• Project created / deleted
• Project settings updated (name, visibility, description, escalation settings, AI features, channel settings, intake settings, autoresponder settings, etc.)

Automations

• Automation created / deleted
• Automation updated (name, status, trigger)

Org / Tenant Settings

• Tenant settings updated (name, support branding, permissions, working hours, AI features, Slack inbox config, integrations, post-close settings, allowed priorities, customer view settings, AI usage limits, allowed email domains, etc.)

Metadata included with each audit log entry

Every entry captures (when available):

• Who performed the action (user, automation, or system)
• Source (Dashboard, API, Slack, Portal, etc.)
• IP address + geo location (city, region, country)
• Auth method (session, API key, etc.)
• Timestamp

Not yet audited (initial launch)

• Ticket type changes
• Tag changes
• Channel changes
• Webhook changes
• Portal CRUD (only impersonation is tracked)
• Escalation type changes

Retention

Audit logs are retained until the customer wants Unthread to delete their data.