Teams and business

Use the Activity Log in 1Password Business

Learn how to use the Activity Log to monitor events that happen on your team.

With 1Password Business, owners and administrators can view the Activity Log to keep track of important events in the account, such as when team members view reports or set up new devices. Other team members can also view the Activity Log if they’re part of a group with the View Administrative Sidebar permission.

Sign in to your account on 1Password.com and select Activity Log in the sidebar to get started.

Tip

The Activity Log is only available in 1Password Business. If you have 1Password Teams or Teams Starter Pack (TSP) and use direct billing, start a free trial of the Activity Log and reports and get instant access to these features.

Read the Activity Log

Activities listed in the Activity Log

The Activity Log lists actions performed by team members. It includes the following types of events:

  • Accounts. Updating the account settings, such as changing the account name, logo, or sign-in address.
  • Added new managed company. Adding or linking a managed company to a managed service provider (MSP) account.
  • Delegate sessions. Starting a new session.
  • Devices. Authorizing and removing a device.
  • Email changes. Beginning and completing an email changes for team members.
  • Family accounts. Generating a code, linking and unlinking family accounts.
  • Files. Creating a document.
  • Firewall rules. Updating a firewall rule in the account.
  • Groups. Creating, updating, and removing a group.
  • Group membership. Updating a team member’s access to groups.
  • Group vault access. Modifying a group’s access to vaults.
  • Invites. Inviting a team member or guest.
  • Items. Creating, editing, archiving, and deleting an item.
  • Item sharing. Sharing an item, updating the sharing settings, and deleting a shared item link.
  • Launched into managed company. Launching a managed company from an MSP account.
  • Multi-factor authentication. Turning on, updating, and turning off multi-factor authentication.
  • Packages. Sending a copy of an item within 1Password.
  • Provisioning. Provisioning a new team member.
  • Reports. Viewing and exporting a report.
  • Service accounts. Adding a service account.
  • Service account tokens. Registering, updating, and revoking a service account token.
  • Sign-in tokens. Creating, ratcheting, and signing in with a sign-in token for Unlock with SSO.
  • Slack app. Connecting or removing a Slack app.
  • SSO settings. Adding, changing, and removing SSO settings, groups, and policies.
  • Stripe cards. Creating, updating, and removing a payment card for the account.
  • Stripe payment methods. Adding a new payment method to the account.
  • Stripe subscriptions. Creating, updating, and canceling the account’s subscription.
  • Templates. Adding, updating, hiding, and deleting a custom template.
  • Unlinked managed company. Unlinking a managed company from an MSP account.
  • Users. Inviting, joining, confirming, and all other user-related changes.
  • User vault access. Changing a team member’s access to vaults.
  • Vaults. Creating, updating, and removing a vault.
  • Verified domain. Verifying a domain for the breach report.
  • View/Export: Viewing and exporting a report or vault.

    Export events for vaults are only captured on devices using 1Password 8.4.0 or later.

To see more items, select the right arrow at the top to move to the next page of activities. You can also select the number beside “Items per page” in the top right to and choose to see a larger amount on each page.

Tip

The Activity Log keeps 365 days of events. To monitor and store all your events as they occur, send them to your security information and event management (SIEM) system using 1Password Events Reporting and the 1Password Events API.

Filter the Activity Log

To narrow the scope of activities shown in the log, use one or more filters:

  • To only view actions performed on a certain date or during a specific period, select Date and choose a date or range, then select Apply.
  • To only view actions performed by a specific team member, select Actor, choose the team member, then select Apply.
  • To only view certain types of actions, select Events, choose one or more actions, then select Apply.

To select multiple filters at the same time, select All filters then search for and choose each filter you want. When you’re done, select Apply filters.

To remove a filter, select its name and select Clear. To remove all filters, select All filters then select Clear all selections.

The events filter in the Activity Log with several events selected.

Export the Activity Log

To see additional information about the events shown in the Activity Log, you can export your data to a CSV file. Select Download and choose where to save the file.

The CSV file will include the following information about the actions that were performed in your team’s account:

  • Date: The unique identifier for the event.
  • Actor UUID: The unique identifier for the team member who performed the action.
  • Actor: The name of the team member who performed the action.
  • Action: The type of action that was performed.
  • Object Type: The type of object that the action was performed on.
  • Object UUID: The unique identifier for the object the action was performed on, if one exists.
  • Aux Info: Additional information about the activity, if any exists.
  • Aux UUID: The unique identifier that relates to additional information about the activity, if one exists.
  • IP Address: The IP address used by the 1Password app at the time the event was performed.

To learn more about the exported information for each action, see 1Password Events Reporting audit events.

Learn more


Published: