Is there any feature in the Teams service that does audit logging of user actions?

jamescat
jamescat
Community Member

We have recently purchased licenses for our new Teams account. While setting up Vaults, Users, and access between them, I asked my boss about how we wanted to handle distribution of the multiple Admins / Owners roles. One thing that he wanted to know about was whether there was any auditing, so we could track if one of the Admins/Owners had reset another user's account. Similarly, I think he'd want to know whenever passwords were Trashed, and Trashes Emptied, and Users created, and Vault permissions changed... if any or all of that is also possible.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:user audit

Comments

  • khad
    khad
    1Password Alumni

    Hi @jamescat,

    Thanks for asking about this.

    Admins and owners will receive an email notification when account recover is initiated for any user.

    We keep a log of most (if not all) of the other activities you mentioned, but we haven't yet exposed it in the UI. It's on our list for a future revision. :)

    From the 1Password Teams pricing page:

    I don't have a time frame for a specific date, but hopefully it won't be too much longer. :+1:

  • hesspaul
    hesspaul
    Community Member

    Just a +1 for exposing the activity log. Filters would be nice if it's large. :-)

    I specifically want to be able to see a log of certain doubtful users' actions who are known to sometimes delete or change data without thinking of or understanding the impact on others. I am setting them up for only certain vaults and to be able to move items to trash but not to empty the trash, and I would like to occasionally browse an activity log of items they either edited or trashed.

  • hesspaul
    hesspaul
    Community Member

    p.s. I view this as a great way to slowly train some users over time. I can tell them "I notice you did XYZ, and that now prevents Lillian down the hall from doing things she needs to do. What were you trying to achieve when you did that, and a better way would have been to do ABC."

  • Megan
    Megan
    1Password Alumni

    Hi @hesspaul,

    Thanks so much for sharing your thoughts here! I’ll let our team know you’re excited to see the Activity Log. :)

  • @hesspaul @jamescat Just wanted to let you know the Activity Log feature is now in beta. Feel free to enable it from your settings page and let us know what you think. :) It has some filters as well, and we're open to feedback on making them better.

  • hesspaul
    hesspaul
    Community Member

    Wow @penderworth it's off to a great start already! I'm wishing that the log would name items (except of course if they are in someone's personal vaults). There also might be something flaky going on with the filter by type option not quite filtering all items by that. I'll try to test more carefully tomorrow and let you know if I see a genuine issue.

  • hesspaul
    hesspaul
    Community Member

    p.s. Very impressed to also see an activity log display on the management page of each individual vault.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @hesspaul: Thanks for the feedback! I'm glad you're enjoying the new activity log. Be sure to let us know if you have any other suggestions! :)

  • @hesspaul Very good to hear indeed. :) Let us know if you do find some consistent issues.

  • jamescat
    jamescat
    Community Member
    edited July 2016

    @penderworth Glad to see the Activity Log, but as mentioned elsewhere ( https://discussions.agilebits.com/discussion/66597/activity-log-should-be-more-detailed-and-allow-export-via-syslog-or-webhook ) it would help if it were exportable to syslog or a webhook, plus had more detail about certain actions as @hesspaul mentions.

    But sadly, even just printing the log for my boss is impossible without doing some major "Web Inspector" hacking of the CSS, because it only prints a single page, and chops off data otherwise. A simple print or CSV-export (or better yet, TSV-export) option would be a good step forward until / unless something like a webhook is made available. Thanks!

  • @jamescat Thanks for the feedback! As Roustem mentioned there, we'll keep this in mind for some future improvements. :) One of our other developers also said webhook export would be nice.

  • jamescat
    jamescat
    Community Member

    Also... I probably should be more specific, just so I'm clear that I was suggesting printing cleanly should probably be worked on first. :) A webhook or some such would be best for automating / integrating with other security systems / reports, etc. -- However, the printing issue would be nice to resolve without fiddling in CSS every time, regardless of whether a webhook is available or not.

    And then, I might note that beyond being only vaguely informative "You role Lee H. - the Communications Group" :| is not a log entry that reads very well grammatically either...

    Did I "role" him up / down to some particular level? -- These details become much more important to know when there are multiple Admins doing such things, instead of when the log just says "You did such and such" like it does so far in my account. ;)

    Finally... I'm sorry that it probably sounds entirely like a lot of griping and grousing... So remember I'm loving what you guys have done so far! -- 1Password has always been amazing, and the Teams/Families services are awesome! (I'm on Teams accounts at 2 jobs, and have my own Family account too! I love 'em! -- Although if I had a true complaint, it's that you guys are getting paid 3 times for me to sync passwords. ;) ) Just want the new features to live up to the quality of the rest... :+1: Keep up the great work, guys!!

  • AGAlumB
    AGAlumB
    1Password Alumni

    @jamescat: No need to apologize. Those are excellent points! We definitely want to continue to refine it to make the activity log more readable — both for the humans and perhaps for the machines as well. Your suggestions and observations are much appreciated! :chuffed:

This discussion has been closed.