Skip to main content
The audit log gives you a complete, tamper-evident record of every significant action taken in your organization — from member invitations and removals to SSO configuration changes and admin access events. Because entries are append-only and cannot be edited or deleted, the audit log is suitable for compliance reviews, security investigations, and internal governance. Audit logs are available exclusively on the Business plan.
Audit logs require the Business plan. If you are on the Free, Solo, or Team plan and need audit logging for compliance purposes, upgrade your plan to unlock this feature.

What is logged

Knoq writes an audit entry for every admin action and member lifecycle event. Each entry records the event type, the actor who triggered it, the affected subject, and the timestamp.
Event typeDescription
member.joinedA member accepted an invitation and joined the organization
member.removedAn admin removed a member from the organization
member.invite_sentAn admin sent an invitation to an email address
member.invite_resentAn admin resent an invitation (token was rotated)
member.invite_revokedAn admin revoked a pending invitation
member.invite_expiredAn invitation expired without being accepted
sso.configuredAn admin saved a new SSO provider configuration
sso.enforcedAn admin enabled or disabled SSO enforcement
session.cancelledA chat session was cancelled by the user or an admin
admin.impersonationA platform admin accessed your organization for support purposes
This list covers the core event surface. Additional event types may be added as new admin features ship.

Viewing the audit log

The audit log is accessible to all admins in your organization.
1

Go to Admin > Audit Log

In the sidebar, click Admin, then select Audit Log. The log opens with the most recent entries at the top.
2

Filter the log

Use the filter controls to narrow the results:
  • Date range — restrict entries to a specific period
  • Event type — show only a particular category of events (for example, all sso.* events)
  • Member — show only events involving a specific member’s email or user ID
3

Inspect an entry

Click any row to expand the full detail payload, including the actor’s IP address, the affected resource, and any relevant metadata.

Log retention

The audit log is append-only. Entries are written once and cannot be modified or deleted by anyone, including platform admins. This design ensures the log remains a trustworthy record for compliance purposes. Knoq retains audit log entries for the lifetime of your organization. There is no rolling deletion window — events from the day you enabled the Business plan remain accessible alongside the most recent entries.

Exporting logs

You can download the complete audit log, or a filtered subset of it, for use in external compliance tooling, SIEM systems, or internal record-keeping.
1

Apply any filters

Use the date range, event type, and member filters to scope the export to the records you need. An unfiltered export includes every entry in the log.
2

Choose a format

Select Export as CSV or Export as JSON depending on how you intend to process the data.
3

Download the file

Click Download. Knoq generates the export and your browser downloads the file immediately.
CSV exports are suitable for spreadsheet review and importing into compliance tools. JSON exports preserve the full structured payload of each entry and are better suited for programmatic processing or ingestion into a SIEM.