automation-cloud
latest
false
UiPath logo, featuring letters U and I in white

Automation Cloud admin guide

Last updated Nov 24, 2025

About logs

The Audit Logs capabilities in Automation Cloud™ offer two concurrent experiences for managing and exporting organizational audit data: the unified logging experience and the classic logging experience.

Both experiences provide visibility into platform activity, helping you monitor usage, ensure compliance, and analyze operational events across your organization.

Unified logs

The unified logging experience provides a centralized view of audit logs across most UiPath services that are onboarded to the unified framework. Unified logging experience supports filtering, exporting logs for the last 90 days as a CSV file, and exporting up to two years of data through a custom script.

The unified logging experience also includes audit logs at the tenant level for tenant-specific services, offering a broader and more consistent view of activity across the platform.

Audit logs

Audit logs in Automation Cloud provide a centralized, secure, and scalable way to track key activities across your organization. Administrators can use audit logs to maintain compliance, monitor user actions, and support security investigations.

Audit logs give you access to the following capabilities:
  • Advanced filtering and search: You can use filters and search tools to quickly locate specific events. You can search by the following criteria: time range, user, source, category, action, status, IP address, and and perform text search.
    Note: You can view audit logs from the past 90 days.
  • Export options: You can export up audit logs to CSV for external storage or analysis, via the Export option, the Audit Logs APIs, or via a dedicated UiPath script.
    Note: You can export up to 100,000 rows, with data for up to 90 days being available.
  • Multi-scope visibility: Audit logs are available at both organization and tenant levels.
Organization administration

Organization-level audit logs capture action performed in organization-scoped services. This includes operations such as identity management, directory sync, user and group administration, and organization-wide settings.

As an organization administrations, you can view audit logs by going to Admin > Organization > Audit Logs.

The following table lists the audit events generated by organization-scoped services that you can view in Automation Cloud:

Source

Category

Activity

Access Policy Ip Configuration Created a new Ip Configuration, Deleted an Ip Configuration, Delete all Ip Configurations, Update the Ip Configurations
Access Policy Ip Configuration Status Created a new Ip Configuration Status, Deleted an Ip Configuration Status, Updated the Ip Configuration Status
Access Policy AccessPolicyAccessPolicy Is Evaluated
AdminUser Administration Invite User, Delete User, Update User Details
AdminRobot Administration Create, Update, Delete Robot Account
AdminGroup Administration Create, Update, Delete Group, Create/Update/Delete Group Membership Rule
AdminExternal Application Admin Register, Update, Delete External App, Create/Delete Secret, Generate New Secret, Create/Delete/Regenerate Personal Access Token
AdminDirectory Administration Create, Update, Delete Directory Connection
AdminSecurity Settings Update Encryption Key, Authentication Setting, Access Restriction Setting
AdminOrganization AdministrationCreate, Update, Delete Org and Org Settings
AdminTenant Administration Create, Update, Enable, Disable Tenant
Directory Sync Org Membership User Auto-Joined Org, User Details Auto-Updated, User Auto-Deleted from Org
Directory Sync Group Management Group Auto-Created, Group Auto-Updated, Group Auto-Deleted
Group Management Group Membership User Manually Added/Removed from Group, User Auto-Added/Removed from Group
IdentityAuthenticationUser Login, Robot Login, External App Login
IdentityUser Account Changed Password, Reset Password, Reset Password Email Sent, Linked Accounts
Organization ManagementOrg Membership User Manually Joined Org, User Manually Removed from Org
Apps

This section describes the audit log actions recorded for Apps, under the App Management category. For each action, the following table lists what action is logged and the captured information.

Table 1. Apps logged actions
ActionDescriptionLogged information
Create AppA user has successfully created an App .User email, App name, creation date
Clone AppA user has successfully cloned an App.User email, Original App name, Cloned App name, clone date
Delete AppA user has successfully deleted an App.User email, App name, deletion date
Export AppA user has successfully exported an App.User email, App name, export date
Import AppA user has successfully imported an App.User email, App name, import date
Share AppA user has successfully shared an App.User email, App name, share date
Automation Ops

This section describes the unified audit experience log actions recorded for Automation Ops, specifically for the Governance, Manage Feeds, Pipelines, and Source control audit sources. For each action, the following table lists what action is logged and the captured information:

Category

Action

Description

Logged Information

Policy management

Created policy

A user successfully creates a new policy.

Policy name, license name, product name, policy data, priority, availability.

Policy management

Edited policy

A user successfully edits an existing policy.

For both the original policy and the edited policy: name, product name, license name, policy data, priority, availability.

Policy management

Edited product policy version

A user performs a successful upgrade / downgrade of a policy template

Each per-product edit is tracked in a separate log, regardless of whether or not it is the result of a bulk action.

Product name, old template version, new template version (major.minor.patch).

Policy management

Deleted policy

A user successfully deletes a policy.

Policy name, product name, license name, policy data, priority, availability.

Deployment management

Deployed tenant policy

A user successfully deploys one or more policies at tenant level.

Each per-product edit is tracked in a separate log, regardless of whether or not it is the result of a bulk action.

Policy name or No policy / Inherit, license name, product name, tenant name.

Deployment management

Deployed group policy

A user successfully deploys one or more policies at group level. It includes all actions that can affect the deployment settings:

  • editing a group’s deployment settings
  • removing a group deployment (results in Inherit)

Each per-product edit is tracked in a separate log, regardless of whether or not it is the result of a bulk action.

Policy name or No policy / Inherit, license name, product name, group name.

Deployment management

Deployed user policy

A user successfully deploys one or more policies at user level. It includes all actions that can affect the deployment settings:

  • editing a user’s deployment settings
  • removing a user deployment (results in Inherit)

Each per-product edit is tracked in a separate log, regardless of whether or not it is the result of a bulk action.

Policy name or No policy / Inherit, license name, product name, user name.

Connection Management

Created GitHub connection

A user successfully creates a new connection to GitHub.

Organization name (GitHub) / Account Id

Connection Management

Created Azure connectionA user successfully creates a new connection to Azure. Account Id + Account name

Connection Management

Deleted GitHub connectionA user successfully removes a new connection to GitHub. Organization name

Connection Management

Deleted Azure connectionA user successfully removes a new connection to Azure. Account Id + Account name

Connection Management

Connection synced

The connection to an external provider is updated.

Organization name (GitHub) / Account Id + Account name (Azure)

Feeds management

Added custom feed

A user adds a custom feed.

Feed name, type, URL, security method, description.

Feeds management

Deployed feed to tenant

A user deploys a feed to a tenant.

Feed name and URL, tenant name.

Feeds management

Removed deployed feed from tenant

A user removes a feed from a tenant.

Feed name and URL, tenant name.

Feeds management

Removed custom feed

A user deletes a feed.

Feed name, type, URL, security method, description.

Feeds management

Updated Feed

A user updates the details of a feed.

For both the original feed and the edited feed: name, type, URL, security method, description, tags.

Package management

Uploaded package to feed

A user uploads a package to a feed.

Package name and version, feed name and URL.

Package management

Removed package from feed

A user removes a package from a feed.

Package name and version, feed name and URL.

Package management

Duplicated package to feed

A user copies a package from one feed to another.

Package name and version, name and URL of source and destination feeds.

Pipeline management

Created pipelineA user created a pipeline.User email, pipeline name and ID, flow ID, pipeline arguments, run selection, creation date

Pipeline management

Edited pipelineA user edited a pipeline.User email, pipeline name and ID, flow ID, pipeline arguments, run selection, update date

Pipeline management

Deleted pipelineA user deleted a pipeline.User email, pipeline name and ID, flow ID, pipeline arguments, run selection, deletion date

Environment management

Initial pipeline setupA user initially sets up a pipeline.User email, pipeline name and ID, flow ID, pipeline arguments, run selection

Environment management

Deleted runtime settingsA user deletes runtime settings.User email, pipeline name and ID, flow ID, pipeline arguments, run selection, deletion date
Licensing

This section outlines the audit log entries recorded for licensing-related activities, specifically for the License Accountant and License Resource Manager sources. Logged actions are grouped under the License Management category.

The table below provides details about each recorded action, including the event type and the logged information captured in the audit log.

Table 2. Licensing logged actions
ActionDescriptionLogged information
Direct license allocation to userA user allocated a license directly to another user.User email, license type, recipient email, allocation date and time
Group rule license allocation to userA license was automatically allocated to a user based on a group allocation rule. User email, user group name, license allocation rule, recipient email, allocation date and time
Updating group rule license allocationA user updated the license allocation rule for a user group.User email, user group name, licenses added to the rule, update date and time
Upgrade license to trialA user upgraded the organization license to a trial.User email, trial name, upgrade date and time
Product quantity changedA user changed the quantity of product licenses in the organization. User email, organization name, updated product quantity, change date and time
Activate licenseA user activated a license for the organization.User email, organization name, license type, activation date and time
Update licenseA user updated the organization license.User email, organization name, license type, update date and time
Deactivate licenseA user deactivated the organization's license.User email, organization name, license type, deactivation date and time
Host allocated products to hosted organizationsA user allocated host licenses to an organization.User email, organization name, license number, license types, allocation date and time
Request trial per SKU licenseA user requested a trial per SKU license.User email, trial per SKU license, request date and time
Disable trial per SKU licenseA user disabled a trial per SKU license.User email, trial per SKU license, disabling date and time
Create user group quotaA user created a quota for a user group.User email, user group name, quota, creation date and time
Update user group quotaA user updated an existing user group quota.User email, user group name, updated quota, update date and time
Delete user group quotaA user deleted a user group quota.User email, user group name, deletion date and time
Tenant administration

Tenant-level audit logs include events from tenant-scoped services, such as roles, services, and tenant settings.

To view audit logs for organization administrator, go to Admin, select your tenant, then choose Audit Logs.

The following table lists audit events generated by tenant-scoped services, including service management and role assignments within individual tenants.

Source

Category

Activity

AdminTenant AdministrationEnable, Disable, Remove Service in Tenant
AdminRole AdministrationAdd, Remove, Update User Role
Apps

This section describes the audit log actions recorded for Apps, under the App Management category. For each action, the following table lists what action is logged and the captured information.

Table 3. Apps logged actions
ActionDescriptionLogged information
Publish AppA user has successfully published an App.User email, App name, Folder name where the App was published
Deploy App to a FolderA user has successfully published an App.User email, App name, Orchestrator folder name.
Data Fabric

To export Data Fabric audit logs at tenant level, take the following steps:

  1. Log in to Automation Cloud™.
  2. Navigate to Admin.
  3. Select your tenant, and then select Audit logs.
  4. Search and select DataFabric from the Source filter.
  5. Select Export to download the audit log .csv file.

The following actions are audited:

  • Create
  • Update
  • Delete entities
  • Entity fields
  • Entity records
Note: For record-level actions (Create, Update, Delete), audit logs show that a change occurred, but do not display the actual data values.
Document Understanding™

The Audit logs page displays the audit trail for actions performed by entities in Document Understanding™.

Audit logs for the Document Understanding™ service are available in Automation Cloud Admin > Audit Logs at tenant level.

The following table lists all the Document Understanding-specific events logged in Audit logs.

Table 4. Document Understanding-specific actions
CategoryActionDescriptionLogged information
Project operationsCreate projectA user creates a new project.
  • Project ID
  • Project name
  • Project type
  • OCR method
  • Apply OCR on PDFs
Project operationsUpdate projectA user edits the settings of a project.
  • Project ID
  • Source OCR method
  • Destination OCR method
  • Source apply OCR on PDFs
  • Destination apply OCR on PDFs
Project operationsDelete projectA user deletes a project.
  • Project ID
  • Project name
  • Project type
Project versionsCreate project versionA user creates a project version.
  • ID
  • Name
  • Models used
Project versionsEdit project versionA user edits a project version.
  • ID
  • Name
  • Tag
Project versionsDeploy project versionA user deploys a project version.
  • ID
  • Name
  • Version
  • Status
Project versionsUndeploy project versionA user undeploys a project version.
  • ID
  • Name
  • Version
  • Status
Project versionsDelete project versionA user deletes a project version.
  • ID
  • Name
  • Models used
Integration Service

This section describes the Integration Service events that are recorded in the audit log.

Each log entry contains the following information:

  • Date and time when the action was performed
  • IP address
  • User who performed the action
  • Source (IntegrationService)
  • Category (Connection Management)
  • Action
  • Status (Success or Failure)

See the following table for a list actions and the details logged for each one.

Action

Description

Log details

Create Connection

A user creates a new connection.

Connection ID, Connector, Connection name, Folder key, Operation.
Update Connection

A user updates an existing connection.

Connection ID, Connector, Connection name, Folder key, Operation.
Delete Connection

A user deletes a connection.

Connection ID, Connector, Connection name, Folder key, Operation.
Licensing

This section outlines the audit log entries recorded for licensing-related activities, specifically for the License Accountant and License Resource Manager sources. Logged actions are grouped under the following categories:

  • License Allocation
  • License Management

The table below provides details about each recorded action, including the event type and the logged information captured in the audit log.

Table 5. Licensing logged actions
CategoryActionDescriptionLogged information
License AllocationConfigure fallback to tenant allocated Robot Units.A user has configured a fallback to Robot Units available at the tenant level. User email, configuration date
License ManagementUpdate tenant allocated product quantitiesA user has updated the number of licenses for a tenant service User email, license type, updated quantity, update date
Orchestrator

The audit from the Orchestrator service lists all the events linked to a specific tenant. You can notice folders or machines creations, packages uploads, roles assignments, or settings updates. Simply put, every step that may influence the orchestration process is captured inside the Orchestrator's Audit page.

You need to be an Administrator to access the Audit page at the tenant level.



Note:

The audit logs are retained for six months in the case of the Community plan, and for two years for Enterprise.

To keep your logs beyond these limits, you can export them to your local storage.

Learn more about the audit logs at Orchestrator's tenant level.

Test Manager

This section describes the audit log actions recorded for Test Manager, under the available categories. For each action, the following table lists what action is logged and the captured information.

Table 6. Test Manager log actions
ActionDescriptionLogged information
Create projectA user successfully created a Test Manager project.User email, project name, project prefix, creation date, project admin status (IsAdmin).
Update projectA user made changes within a Test Manager project, such as CRUD operations on any test artifact. User email, project name, project prefix, update date, project admin status (IsAdmin), old values, new values.
Delete projectA user has successfully deleted a Test Manager project.User email, project name, project prefix, deletion date, project admin status (IsAdmin).
Import projectA user triggered the import of a project into Test Manager.User email, project name, project prefix, import date, project admin status (IsAdmin), import status, import details.
Export projectA user triggered the export of a Test Manager project.User email, project name, project prefix, export date, project admin status (IsAdmin), export status, export details.
Create requirementA user successfully created a Test Manager requirement.User name, user email, user role, requirement name, requirement ID, creation date and time (timestamp).
Update requirementA user made changes within a Test Manager test case, such as editing name and description. User name, user email, user role, requirement name, requirement ID, changes made (old_value to new_value), updated date and time (timestamp).
Delete requirementA user successfully deleted a Test Manager requirement.User name, user email, user role, requirement name, requirement ID, deletion date and time (timestamp).

Robot logs

The robot logs found at Orchestrator's folder level are useful to monitor the executions of every robot from a specific folder.

You need the specific folder permission to manage the logs .

Robot logs are kept for a maximum of 31 days by Orchestrator.

If you need these logs for longer, you can periodically export logs to:

  • your local storage
  • third-party cloud storage.

For instructions, refer to Exporting logs .

Retention periods

The retention periods for events captured in the unified logging experience are as follows:

  • CSV export (via the UI): 90 days

  • Long-term export (via the UiPath export script or Audit Logs APIs):

    • 5 years for Enterprise plans or tiers

    • 2 years for all other plans or tiers

Classic logs

The classic logging experience provides a simpler audit log view, covering primarily platform services and Automation Ops events. You can export logs as a CSV file for up to 5.000 entries at a time.

The classic logging experience is maintained for compatibility with existing workflows and offers a straightforward way to review key administrative and service-level activities.

Audit logs

Audit logs are a special type of logs that help to gain insight into events that happened within your organization. It answers the who, when, and where for every event, and it allows you to keep track of important changes.

Note:

When extracting audit logs, only the last 5000 entries are downloaded.

Organization administration

The Audit Logs page captures actions performed from the Admin pages and log in activity for the organization. This includes user log in activity, license upgrades, any changes made to your tenants, refresh of an API key, and more.

As the organization administrator, you can view the audit logs by going to Admin > Organization > Audit Logs.



Note:

Each audit log entry is kept for approximately 30 days in the case of Community accounts, and for two years for Enterprise.

To keep the logs beyond this limit, we recommend to periodically archive them as CSV files to your local storage. Select Download to export the audit logs.

Automation Ops

Audit logs for the Automation Ops service are also displayed in the Admin > Organization > Audit Logs page.

This section describes the classic audit experience log actions recorded for Automation Ops, specifically for the Governance, Manage Feeds, Pipelines, and Source control audit sources. For each action, the following table lists what action is logged and the captured information:

Category

Action

Description

Logged Information

Governance

Create Policy

A user successfully creates a new policy.

Policy name, product name, policy data, priority, availability.

Governance

Edit Policy

A user successfully edits an existing policy.

For both the original policy and the edited policy: name, product name, policy data, priority, availability.

Governance

Upload Policy

A user successfully uploads a policy.

Policy name, product name, policy data, priority, availability.

Governance

Delete Policy

A user successfully deletes a policy.

Policy name, product name, policy data, priority, availability.

Governance

Deploy To Tenant

A user successfully deploys one or more policies at tenant level.

Each per-product edit is tracked in a separate log, regardless of whether or not it is the result of a bulk action.

Policy name or No policy / Inherit, license name, product name, tenant name.

Governance

Deploy To Group

A user successfully deploys one or more policies at group level. It includes all actions that can affect the deployment settings:

  • editing a group’s deployment settings
  • removing a group deployment (results in Inherit)

Each per-product edit is tracked in a separate log, regardless of whether or not it is the result of a bulk action.

Policy name or No policy / Inherit, license name, product name, group name.

Governance

Deploy To User

A user successfully deploys one or more policies at user level. It includes all actions that can affect the deployment settings:

  • editing a user’s deployment settings
  • removing a user deployment (results in Inherit)

Each per-product edit is tracked in a separate log, regardless of whether or not it is the result of a bulk action.

Policy name or No policy / Inherit, license name, product name, user name.

Governance

Edit Version

A user performs a successful upgrade / downgrade of a policy template

Each per-product edit is tracked in a separate log, regardless of whether or not it is the result of a bulk action.

Product name, old template version, new template version (major.minor.patch).

Source Control

Set up connection

A user succesfully creates a new connection to an external provider.

Organization name (GitHub) / Account Id (Azure)
Source ControlRemove connectionA user succesfully removes a new connection to an external provider. Organization name (GitHub) / Account Id + Account name (Azure)
Source ControlConnection synchronization

The connection to an external provider is updated.

Organization name (GitHub) / Account Id + Account name (Azure)

Artifacts

Add Custom Feed

A user adds a custom feed.

Feed name, type, URL, security method, description.

Artifacts

Deploy Feed To Tenant

A user deploys a feed to a tenant.

Feed name and URL, tenant name.

Artifacts

Remove Feed From Tenant

A user removes a feed from a tenant.

Feed name and URL, tenant name.

Artifacts

Remove Custom Feed

A user deletes a feed.

Feed name, type, URL, security method, description.

Artifacts

Edit Feed

A user edits the details of a feed.

For both the original feed and the edited feed: name, type, URL, security method, description, tags.

Artifacts

Upload Package

A user uploads a package to a feed.

Package name and version, feed name and URL.

Artifacts

Remove Package

A user removes a package from a feed.

Package name and version, feed name and URL.

Artifacts

Copy Package

A user copies a package from one feed to another.

Package name and version, name and URL of source and destination feeds.

Robot logs

The robot logs found at Orchestrator's folder level are useful to monitor the executions of every robot from a specific folder.

You need the specific folder permission to manage the logs .

Robot logs are kept for a maximum of 31 days by Orchestrator.

If you need these logs for longer, you can periodically export logs to:

  • your local storage
  • third-party cloud storage.

For instructions, refer to Exporting logs.

  • Unified logs
  • Audit logs
  • Robot logs
  • Retention periods
  • Classic logs
  • Audit logs
  • Robot logs

Was this page helpful?

Support and Services
Get The Help You Need
UiPath Academy
Learning RPA - Automation Courses
UiPath Forum
UiPath Community Forum
Uipath Logo
Trust and Security
Terms of Use
Privacy Policy
Cookies Policy
© 2005-2025 UiPath. All rights reserved.