With 1Password Business, owners and administrators can view the beta audit log to keep track of important events in the account, such as when team members view reports or set up new devices. Other team members can also view the audit log if they’re part of a group with the View Administrative Sidebar permission.
Help
Events and features will be added to the audit log throughout the beta. If there’s a feature you need from the old audit log, or if you want to access events that took place before August 30, 2025, you can return to the old audit log at any time.
Turn on the audit log beta:
To get started with the beta:
- Sign in to your account on 1Password.com.
- Select Audit Log in the sidebar.
- Select Try new audit log at the top of the page.
To return to the old audit log, select Return to old audit log at the top of the page. You can switch between the old and new audit log at any time during the beta.
Read the audit log
The beta uses a new audit logging model designed to provide a more comprehensive view of the actions being performed in a 1Password account.
Each audit log entry provides information about an action (event), including: who performed the action, what was affected, and context about where and how the action occurred. The following is an example of what you might see in an audit log entry:
| Date | Action | Category | Actor | |
|---|---|---|---|---|
| 13 Jan 2026 at 12:34 PM | vault.access.grant | Vault | Wendy Appleseed wendy.appleseed@agilebits.com | View full details |
- Date: The date and time an event occurred.
- Action: The action that triggered the event. Actions use a
target.attribute.verbformat to indicate :target: The object an action was performed on. For example:vault.attribute: Additional context about the action, if applicable. For example:access.verb: The action that was performed. For example:grant.
- Actor: The name and email address of the team member who performed the action.
- Category: The high-level category of the event. For example,
Vault. - View full details: More detailed information about the audit event.
To see more information about an event, select View full details in the audit log entry. The details may include:
- Actor: The type, unique identifier, name, and email address of the team member who performed the action. The type indicates who or what initiated the action. For example:
userorservice_account. - Account: The name and unique identifier of the account where the event took place.
- Client: (Optional) Information about the app or integration that was used to initiate the action. For example,
1Password for Mac. - Device: (Optional) The unique identifier of the device used to initiate an action and the model of the device. For example:
MacBookPro18,2. - Location: The reported geographic location where the action was performed, including the IP address, country, region, city, latitude, and longitude.
- Operating system: (Optional) The name and version of the operating system where an event originated. For example:
MacOSX 15.7.1. - Session: (Optional) Information about the authenticated user session during which the action occurred, including a unique session identifier and the time when the user logged in.
- Source: The product or service that generated the event. For example:
Password managerorAdmin Console. - Target: The type of object affected by the action. The details of a target will vary based on the object.
The inclusion of optional fields depends on the specific event.
To see more items on each page, select the number beside “Items per page” in the top right, then choose an option for a larger amount.
Filter the audit log
To narrow the scope of activities shown in the beta audit log, you can use the following filters:
- Date/time: To only view actions performed on a certain date or during a specific period, select Date, choose the start and end dates and times, then select Apply. Note: The beta audit log includes events starting from August 30, 2025.
- Category: To only view actions for a specific category, select Category, choose a category, then select Apply.
- Action: To only view a specific type of action, select Action, choose an action, then select Apply.
- Actor: To only view actions performed by a specific team member, select Actor, choose the team member, then select Apply.
To remove a filter, select Clear in the filter category. Or select a different filter, then select Apply. To remove all filters, select Reset all.
Was this article helpful?
Glad to hear it! If you have anything you'd like to add, feel free to contact us.
Sorry to hear that. Please contact us if you'd like to provide more details.