What information does each Access log row contain?

Short Answer: Each Access log row shows Date, User, Action, IP address, and Location for the event.

PreRequisites

1. Open Settings → Security → Access logs.

Steps

1. Open Settings, then click Security and ensure the "Access logs" tab is selected.
   The Access logs table appears on the page.

2. Look at the table header, which contains the following columns:
   Date, User, Action, IP address, and Location.
   Each column represents a specific detail about the event.

3. Read an individual row to understand the event details.
   Each row shows:

   • Date – The timestamp when the event occurred.

   • User – The account associated with the event.

   • Action – The result or type of sign-in event (e.g., New device, Recognized device, Incorrect password, MFA failed).

   • IP address – The source IP address used during the event.

   • Location – The estimated geographic location of the IP address.

4. Use this information to trace when and where the event originated or to cross-check activity with users or network records.

Troubleshooting

1. The Location column shows an unexpected city or country.

   Likely Cause:

   • GeoIP lookup inaccuracies, or

   • The user may be connected through a VPN or proxy.

   Action:

   • Confirm with the user whether they were using a VPN.

   • Compare the IP address with known corporate network ranges.

   • Contact your network administrator if needed.

Note: Access logs provide high-level security visibility for sign-in activity but may not include deeper details such as device fingerprint or full user agent.