Skip to content

Audit Logs

Audit log availability depends on the CIAM provider. AUMS surfaces the events the provider exposes — no additional storage is required.

ProviderSupportNotes
Auth0✅ FullFilter by user, event type, date range. Full event metadata.
Firebase⚠️ BasicRequires Google Cloud Logging integration. Limited filtering.
Cognito❌ Not availableUse AWS CloudTrail externally.

With Auth0, audit logs are available at /users/[userId] (per-user activity) and at the organization level.

Filters available:

  • Event type — login, logout, password reset, MFA, rate limit, etc.
  • User — filter by specific user
  • Date range — filter by start and end date

Each event shows:

FieldDescription
TypeEvent code (e.g. s = success login, f = failed login)
Date / timeUTC timestamp
IP addressClient IP
User agentBrowser or application
ClientAuth0 application that triggered the event

When Cloud Logging is configured, AUMS displays:

  • User creation and deletion events
  • Password and email change events
  • Sign-in events

AWS Cognito does not expose user-level audit events via the Management API. To monitor activity:

  1. Enable AWS CloudTrail in your account.
  2. Filter for cognito-idp.amazonaws.com as the event source.
  3. Use CloudWatch Logs Insights or a SIEM tool to query events.

AUMS does not display Cognito events in the dashboard.