Audit Logs
Audit log availability depends on the CIAM provider. AUMS surfaces the events the provider exposes — no additional storage is required.
Provider support
Section titled “Provider support”| Provider | Support | Notes |
|---|---|---|
| Auth0 | ✅ Full | Filter by user, event type, date range. Full event metadata. |
| Firebase | ⚠️ Basic | Requires Google Cloud Logging integration. Limited filtering. |
| Cognito | ❌ Not available | Use AWS CloudTrail externally. |
Auth0 audit logs
Section titled “Auth0 audit logs”With Auth0, audit logs are available at /users/[userId] (per-user activity) and at the organization level.
Filters available:
- Event type — login, logout, password reset, MFA, rate limit, etc.
- User — filter by specific user
- Date range — filter by start and end date
Each event shows:
| Field | Description |
|---|---|
| Type | Event code (e.g. s = success login, f = failed login) |
| Date / time | UTC timestamp |
| IP address | Client IP |
| User agent | Browser or application |
| Client | Auth0 application that triggered the event |
Firebase audit logs
Section titled “Firebase audit logs”When Cloud Logging is configured, AUMS displays:
- User creation and deletion events
- Password and email change events
- Sign-in events
Cognito
Section titled “Cognito”AWS Cognito does not expose user-level audit events via the Management API. To monitor activity:
- Enable AWS CloudTrail in your account.
- Filter for
cognito-idp.amazonaws.comas the event source. - Use CloudWatch Logs Insights or a SIEM tool to query events.
AUMS does not display Cognito events in the dashboard.