Audit Logs

Unthread Audit Logs is an admin-only page that captures key account and configuration events. This allows you to understand the who, when, and why of changes in your account.

Note: this feature is only available on the Enterprise plan.

Events Captured

Authentication & Access

• Login / logout
• Portal user registration
• Portal password reset request
• User impersonation (dashboard + portal)
• SSO config changes (enabled/disabled, protocol)
• Auth method changes (password/Google sign-in toggled)
• API key created / revoked

User Management

• User created (name, email, role)
• User updated (role, name, email, status — role changes flagged as high importance)
• User deactivated / reactivated
• User deleted

Service Accounts

• Service account created / disabled / enabled
• API key created / revoked

Projects

• Project created / deleted
• Project settings updated (name, visibility, description, escalation settings, AI features, channel settings, intake settings, autoresponder settings, etc.)

Automations

• Automation created / deleted
• Automation updated (name, status, trigger)

Org / Tenant Settings

• Tenant settings updated (name, support branding, permissions, working hours, AI features, Slack inbox config, integrations, post-close settings, allowed priorities, customer view settings, AI usage limits, allowed email domains, etc.)

Metadata included with each audit log entry

Every entry captures (when available):

• Who performed the action (user, automation, or system)
• Source (Dashboard, API, Slack, Portal, etc.)
• IP address + geo location (city, region, country)
• Auth method (session, API key, etc.)
• Timestamp