Audit Logs
Permiso keeps a log of authentication events so you have a clear picture of who logged in, when, from where, and what they accessed. This is useful for security reviews, compliance requirements, and investigating unusual activity.
Viewing audit logs
There are two views of the audit log:
- Your own activity: go to Settings → Audit Log to see your personal login history
- All users' activity: admins can go to Settings → Audit Log → All Users to see the full log across the instance
What gets logged
Every authentication-related action creates an audit log entry:
| Event | When it happens |
|---|---|
| Sign In | A user successfully logs in |
| Account Created | A new user completes sign-up |
| Client Authorization | A user grants an application access (first time or each time, depending on settings) |
| Passkey Added | A user registers a new passkey |
| Passkey Removed | A user or admin removes a passkey |
| One-time Login | A user logs in via a one-time email link |
| Device Code Authorization | A user authorizes a device code flow |
Each entry includes the user's IP address, location (city and country, if geolocation is configured), and browser/device information.
Filtering and searching
You can filter the log by:
- User: show activity for a specific person
- Event type: show only sign-ins, or only passkey changes, etc.
- Date range: narrow down to a specific time window
Retention
Audit log entries are kept for 90 days by default. You can change this by setting the AUDIT_LOG_RETENTION_DAYS environment variable. Setting it to a higher value is useful if you have compliance requirements around log retention.
Entries older than the retention period are automatically deleted.
Geolocation
If you've configured a MaxMind GeoLite2 database, Permiso will show the city and country for each login event based on the user's IP address. This makes it easy to spot unusual logins from unexpected locations.
To enable geolocation, set the MAXMIND_LICENSE_KEY environment variable. See Environment Variables for details.