Tip
To monitor all your events through your security information and event management (SIEM) system, learn how to get started with 1Password Events Reporting and the 1Password Events API.
With 1Password Business, owners and administrators can view the Activity Log. Other team members can also view the Activity Log if they belong to a group that has the View Administrative Sidebar permission.
Sign in to your account on 1Password.com and click Activity Log in the sidebar to get started.
Read the Activity Log
The Activity Log lists actions performed by team members, starting with the most recent:
- Activity. The type of action and the names of any team members, vaults, or groups involved. Click a team member, vault, or group to view its details page which includes its activities.
- Date. When the action was performed.
- Actor. The team member who performed the action. Click to view their details page which includes their activities.
Action types
The Activity Log includes the following types of actions:
- Account Changes. Updating (changing team settings) and confirming.
- Billing. Adding and removing credit cards, updating subscriptions.
- Devices. Authorizing and removing devices.
- Email Changes. Beginning and completing email changes for team members.
- File Uploads. Creating (adding documents).
- Group Access. Adding, changing, and removing access to vaults.
- Groups. Creating and deleting, adding and removing team members, changing roles, and updating group details.
- Integrations. Creating and deleting, adding and removing tokens, when a service account accesses an item.
- Invitations. Inviting team members and guests.
- Linked Family Accounts. Generating codes, linking and unlinking family accounts.
- Reports. Viewing and exporting reports.
- Shared Items. Sharing items.
- Sign-In Tokens. Using a sign-in token to log in.
- Single Sign-On Settings. Adding, changing, and removing SSO settings, groups, and policies.
- User Access. Adding, changing, and removing access to vaults and integrations.
- Users. Inviting, joining, and confirming.
- Vault Items. Updating (creating, editing, archiving, and deleting items).
- Vaults. Creating, deleting, viewing, and exporting, adding to and removing from a Connect Instance.
If an action has 
next to it in the activity log, click to open more details.
Filter the Activity Log
To narrow the scope of activities shown in the log, use one or more filters:
- To only view actions performed on or before a specific date, click Jump to Date and select a date.
- To only view certain types of actions, click Filter by Type, select one or more actions, and click Done. If none are selected, all types of actions will be listed.
- To only view actions performed by a certain team member, click Filter by Actor and select the team member.
To remove a filter, click 
next to its name.
Export the Activity Log
To see additional information about the events shown in the Activity Log, you can export your data to a CSV file. Click Create CSV File, then click Download and choose where to save the file.
The CSV file will include the following information about the actions that were performed in your team’s account:
- Date: The unique identifier for the event.
- Actor UUID: The unique identifier for the team member who performed the action.
- Actor: The name of the team member who performed the action.
- Action: The type of action that was performed.
- Object Type: The type of object that the action was performed on.
- Object UUID: The unique identifier for the object the action was performed on, if one exists.
- Aux Info: Additional information about the activity, if any exists.
- Aux UUID: The unique identifier that relates to additional information about the activity, if one exists.
- IP Address: The IP address used by the 1Password app at the time the event was performed.
To learn more about the exported information for each action, see 1Password Events Reporting audit events.