Authentication Logs

Authentication Logs record the sign-in activity for your organization — who authenticated, from where, and whether it succeeded. Where the compliance audit trail records actions on records, this records access itself, which is the front line of security monitoring.

What’s recorded

Each entry captures the event and whether it was successful or failed, along with the IP address, location, device, and timestamp. That detail is what lets you tell a routine login from a suspicious one — a failure from an unexpected country, a burst of attempts, a sign-in from an unfamiliar device.

Failed attempts and blocked addresses

The log highlights failed attempts and surfaces any blocked IP addresses, so the security-relevant activity stands out rather than being buried in routine successes. A cluster of failures against an account, or repeated attempts from one address, is exactly the signal you want visible — and it ties directly to the lockout and suspicious-login controls in Security Policies.

Why it matters

For a regulated platform, being able to demonstrate who accessed the system and when — and that you monitor for abuse — is part of a sound security posture. Authentication logs provide that evidence and that visibility, complementing the record-level audit trail with the access-level picture.