Teams and Businesses

Use the Activity Log in 1Password Business

Learn how to use the Activity Log to monitor events that happen on your team.

Tip

The Activity Log keeps 365 days of events. To monitor and store all your events as they occur, send them to your security information and event management (SIEM) system using 1Password Events Reporting and the 1Password Events API.

With 1Password Business, owners and administrators can view the Activity Log to keep track of important events in the account, such as when team members view reports or set up new devices. Other team members can also view the Activity Log if they’re part of a group with the View Administrative Sidebar permission.

Sign in to your account on 1Password.com and click Activity Log in the sidebar to get started.

Read the Activity Log

Activities listed in the Activity Log

The Activity Log lists actions performed by team members. It includes the following types of events:

  • Accounts. Updating the account settings, such as changing the account name, logo, or sign-in address.
  • Delegate sessions. Starting a new session.
  • Devices. Authorizing and removing a device.
  • Email changes. Beginning and completing an email changes for team members.
  • Family accounts. Generating a code, linking and unlinking family accounts.
  • Files. Creating a document.
  • Firewall rules. Updating a firewall rule in the account.
  • Groups. Creating, updating, and removing a group.
  • Group membership. Updating a team member’s access to groups.
  • Group vault access. Modifying a group’s access to vaults.
  • Invites. Inviting a team member or guest.
  • Items. Creating, editing, archiving, and deleting an item.
  • Item sharing. Sharing an item, updating the sharing settings, and deleting a shared item link.
  • Multi-factor authentication. Turning on, updating, and turning off multi-factor authentication.
  • Packages. Sending a copy of an item within 1Password.
  • Provisioning. Provisioning a new team member.
  • Reports. Viewing and exporting a report.
  • Service accounts. Adding a service account.
  • Service account tokens. Registering, updating, and revoking a service account token.
  • Sign-in tokens. Creating, ratcheting, and signing in with a sign-in token for Unlock with SSO.
  • Slack app. Connecting or removing a Slack app.
  • SSO settings. Adding, changing, and removing SSO settings, groups, and policies.
  • Stripe cards. Creating, updating, and removing a payment card for the account.
  • Stripe payment methods. Adding a new payment method to the account.
  • Stripe subscriptions. Creating, updating, and canceling the account’s subscription.
  • Templates. Adding, updating, hiding, and deleting a custom template.
  • Users. Inviting, joining, confirming, and all other user-related changes.
  • User vault access. Changing a team member’s access to vaults.
  • Vaults. Creating, updating, and removing a vault.
  • Verified domain. Verifying a domain for the breach report.
  • View/Export: Viewing and exporting a report or vault.

To see more items, click the (next results page) button at the top to move to the next page of activities. You can also click the number beside “Items per page” in the top right to and choose to see a larger amount on each page.

Filter the Activity Log

To narrow the scope of activities shown in the log, use one or more filters:

  • To only view actions performed on a certain date or during a specific period, click Date and select a date or range, then click Apply.
  • To only view actions performed by a specific team member, click Actor, select the team member, then click Apply.
  • To only view certain types of actions, click Events, select one or more actions, then click Apply.

To select multiple filters at the same time, click All filters then search for and select each filter you want. When you’re done, click Apply filters.

To remove a filter, click its name and click Clear. To remove all filters, click All filters then click Clear all selections.

The events filter in the Activity Log with several events selected.

Export the Activity Log

To see additional information about the events shown in the Activity Log, you can export your data to a CSV file. Click Download and choose where to save the file.

The CSV file will include the following information about the actions that were performed in your team’s account:

  • Date: The unique identifier for the event.
  • Actor UUID: The unique identifier for the team member who performed the action.
  • Actor: The name of the team member who performed the action.
  • Action: The type of action that was performed.
  • Object Type: The type of object that the action was performed on.
  • Object UUID: The unique identifier for the object the action was performed on, if one exists.
  • Aux Info: Additional information about the activity, if any exists.
  • Aux UUID: The unique identifier that relates to additional information about the activity, if one exists.
  • IP Address: The IP address used by the 1Password app at the time the event was performed.

To learn more about the exported information for each action, see 1Password Events Reporting audit events.

Learn more

Still need help?

If this article didn't answer your question, contact 1Password Support.

Published: