Skip to main content

Overview

Audit Logs provide a detailed record of user actions across your OneSignal organization. Use audit logs to:
  • Investigate security incidents — Track login activity, IP addresses, and user sessions to identify unauthorized access.
  • Meet compliance requirements — Provide evidence of user actions for SOC2, HIPAA, and other regulatory audits.
  • Maintain accountability — Know who created, modified, or deleted templates, journeys, and notifications.
Audit logs are immutable—they cannot be edited or deleted, ensuring a trustworthy record of all activity.

Plan availability

Audit log retention varies by plan:
PlanRetention PeriodNotes
Free48 hoursIncluded
Growth48 hoursIncluded
Professional48 hoursUpgrade to 90 days with Legal & Security Package add-on
Enterprise90 daysIncluded
To upgrade your retention period or learn more about the Legal & Security Package, contact your account manager or [email protected].

Accessing Audit Logs

Audit logs are available at the Organization level and show activity across all apps in your organization. To access audit logs:
  1. Navigate to Organizations in the left sidebar
  2. Select your organization
  3. Click Audit Logs
OneSignal Audit Logs organization view showing the sidebar navigation and audit log table

Access Audit Logs from the Organizations sidebar

Understanding the Audit Log

The audit log displays a table of events with the following columns:
ColumnDescription
Date & TimeWhen the action occurred
User ActionThe type of action performed (e.g., Logged In, Template Updated)
EmailEmail address of the user who performed the action
Org RoleThe user’s organization-level role (Admin, Editor, Viewer)
App RoleThe user’s app-level role, if applicable
Item TypeThe type of object affected (Template, Notification, Journey)
Item NameThe name of the affected object
App NameThe app where the action occurred
UserDisplay name of the user
IP AddressThe IP address from which the action was performed

Tracked events

Audit logs track the following user actions:

Access events

ActionDescription
Logged InUser signed into the OneSignal dashboard
Logged OutUser signed out of the OneSignal dashboard

Template events

ActionDescription
Template CreatedA new message template was created
Template UpdatedAn existing template was modified
Template DeletedA template was removed

Journey events

ActionDescription
Journey CreatedA new journey was created
Journey UpdatedAn existing journey was modified

Notification events

ActionDescription
Notification CreatedA new notification was created
Notification DeletedA notification was removed

Viewing event details

Click the expand arrow (›) next to any event to view additional details:
Expanded audit log event showing detailed information including App ID, Browser, Event ID, and IP Address

Expanded event details showing IP address, browser, location, and more

Expanded details include:
FieldDescription
App IDUnique identifier for the app
App NameName of the app where the action occurred
App RoleUser’s role within the specific app
BrowserUser agent string (browser and OS information)
EmailUser’s email address
Event IDUnique identifier for this specific event
IP AddressFull IP address of the user
Item NameName of the affected object
Item TypeType of object (template, notification, etc.)
LocationGeographic location based on IP address
NameDisplay name of the user
Org RoleUser’s organization-level role

Search and filters

Use the search and filter options to find specific events:

Search by email

Enter an email address in the search bar to find all actions performed by a specific user.

Date range

Click the date picker (default: Last 7 days) to select a custom date range within your retention period.

Filters

Click Filters to narrow results by:
Audit logs filter dropdown showing User Action, App ID, IP Address, Item Type, and Target ID options

Filter options for audit logs

FilterDescription
User ActionFilter by action type (Logged In, Template Updated, etc.)
App IDFilter by a specific app’s unique identifier
IP AddressFilter by IP address
Item TypeFilter by object type (Template, Notification, Journey)
Target IDFilter by the unique ID of the affected object

Data retention

Audit log data is retained based on your plan:
  • Free and Growth plans: 48-hour retention
  • Professional plan: 48-hour retention by default, or 90-day retention with the Legal & Security Package add-on
  • Enterprise plan: 90-day retention included
After the retention period, audit log entries are automatically removed and cannot be recovered.
Need longer retention or export capabilities? Contact [email protected] to discuss your requirements.

FAQ

Who can access audit logs?

All team members with access to the organization can view audit logs. Audit logs are read-only—no user can modify or delete log entries.

Can I export audit logs?

Export functionality is not currently available. If you require audit log exports for compliance purposes, contact [email protected].

Can audit logs be deleted?

No. Audit logs are immutable and cannot be deleted by any user, ensuring a trustworthy record for compliance and security purposes.

Are API actions logged?

API actions are planned for a future release. Currently, audit logs track actions performed through the OneSignal dashboard.

How do I increase my retention period?

Enterprise customers receive 90-day retention automatically. Professional customers can upgrade to 90-day retention by adding the Legal & Security Package. Contact your account manager or [email protected] for details.