As requested by various enterprise customers, we create audit logs which we use to track a range of customer activities on a per-team basis.
These logs are currently not available for customers to access directly. If a customer requests access to their logs, please submit an on-call ticket and an engineer will manually export them from our external system.
Logs begin around 2pm PST on August 1st 2025.
What do we log?
We currently log actions relating to the following:
- Login attempts
- Account creation, edits, etc.
- User sessions
- User roles or permissions
- API keys
- Team creation and settings
- Data exports
- Jobs
- Job boards
- Job posts
- Offers
- SAML config
- Approvals and approval processes
An audit log as generated by an on-call engineer will be a CSV of individual actions and their corresponding timestamps. For each action, where possible we log both the original state and new state of the record that was changed.
Generally speaking, an audit log will have the following structure:
- The action name
- The actor (i.e. who initiated the action)
- The target(s) (i.e. the target(s) of the action)
- The ip address access route (if the actor was a user)
- The user agent (if the actor was a user)
- The ip address of the client sending the request (if the actor was a user)
- Action-specific metadata
As it stands, we support two actors in logs - users and the system (i.e. anything that can’t be attributed to an individual).
For example, here’s a sample log for job_user_access_changed:
There you can see that access_level_id is now 7349, but previous_access_level_id is showing the original state as 7347.
Every record has its own format, so different actions will return different responses.
The full list of actions logged is as follows:
Value | Description |
user_created | A user account was created |
user_updated | A user account was updated |
user_deleted | A user account was deleted |
user_login_failed | A user failed a login attempt |
user_login_complete | A user successfully logged in |
user_logout_complete | A user successfully logged out |
session_created | A user session was created |
session_deleted | A user session was deleted |
user_access_changed | User access permissions were changed |
team_api_key_created | A team API key was created (Note: New API keys are automatically enabled, so only team_api_key_created is triggered upon creation and not team_api_key_enabled_changed) |
team_api_key_enabled_changed | A team API key was reactivated or disabled |
team_created | A team was created (Note: Applies for all types of teams, including sandbox, namespaced and main instances) |
team_active_status_changed | A team’s ‘Gem Trial Status’ was changed |
team_domain_mail_agent_type_changed | A team changed to a new email provider |
data_export | Team data was exported (API, Nightly, or one-off) |
admin_action | An admin action was performed (i.e. an action which can only be taken by an admin user) |
job_user_access_created | A user was granted access to a job (in Job settings > Hiring team & permissions) |
job_user_access_changed | A user’s permissions were changed |
job_user_access_deleted | A user’s job access level was changed to ‘No explicit access’ |
job_created | A job was created |
job_updated | A job was updated |
job_deleted | A job was deleted |
job_opened | A job was opened |
job_closed | A job was closed |
job_post_created | A job post was created |
job_post_updated | A job post was updated |
job_post_published | A job post was published |
job_post_unpublished | A job post was unpublished |
job_board_created | An external job board was created |
job_board_updated | An external job board was updated |
offer_created | An offer was created |
offer_approved | An offer was approved |
offer_sent | An offer e-signature request was sent |
offer_updated | An offer was updated |
offer_deprecated | An offer was revoked or replaced. Also triggers if an active application is rejected, or a candidate drops out with a pending offer |
saml_config_created | An SAML configuration was created |
saml_config_changed | An SAML configuration was changed |
saml_config_deleted | An SAML configuration was deleted |
team_settings_changed | A team’s settings were changed (see below for details of which settings trigger this) |
approval_requested | Approval was requested for an entity (i.e. a job, opening or offer) |
approval_retriggered | A reapproval was triggered for an entity |
approval_user_added | A user was added to an approval process (triggered when an approval process is updated) |
approval_user_removed | A user was removed from an approval process |
approval_action_taken | An action was taken on an approval (e.g. approved, changes requested, rejected) |
approval_process_changed | An approval process was modified |
approval_process_created | An approval process was created |
Actions tracked for team_settings_changed:
- Data export enabled
- API data export enabled
- 'Include new report types in data export' enabled
- 'Include new fields in data export' enabled
- Gem pages subdomain changed
- Private note privacy type changed
- Captcha protection level changed
- Sync email history enabled
- 'Hide email history for hired stage' enabled
- 'Hide email history for offer stage' enabled
- 'Hide email history for confidential jobs' enabled
- 'Hide email history for internal candidates' enabled
- Default sequence privacy type changed
- Default project privacy type changed
- Gem AI early access visibility changed
- Outbound email override changed