Audit Logs

​

Introduction

Audit logs provide a detailed record of security-relevant actions within your Replit organization. They allow you to track who did what, when, and where — giving your security and compliance teams the visibility they need to monitor and investigate activity. Replit’s audit log system is powered by WorkOS, ensuring enterprise-grade reliability and security for log storage, retrieval, and streaming.

​

Key Features

​

Prerequisites

Before you can use audit logs, your organization must meet the following requirements:

1. Enterprise plan — Audit logs are an Enterprise-only feature
2. SCIM enabled and active — Your organization must have SCIM configured with an active directory sync
3. Admin role — Only organization admins can access audit logs and configure SIEM integration

​

Getting Started

​

Tracked Events

Audit logs capture security-relevant events across your organization, including user lifecycle actions such as provisioning, deprovisioning, and invitation management. The set of tracked events is actively expanding. For a full list of currently tracked events, contact your Replit account representative or reach out to sales@replit.com.

​

Viewing Audit Logs

To view your organization’s audit logs:

1. Go to Organization Settings > Authentication
2. In the Audit Logs section, select View audit logs
3. The audit log portal opens, where you can search, filter, and review events

The portal provides:

• Search — Find specific events by keyword
• Filters — Narrow results by event type, date range, actor, or target
• Export — Download log data for offline analysis or compliance reporting

​

SIEM Integration

SIEM (Security Information and Event Management) integration allows you to stream audit log events in real time to your existing security tools. This is useful for:

• Centralizing security monitoring across all your enterprise tools
• Setting up automated alerts based on audit log patterns
• Meeting compliance requirements for log retention and analysis

​

Setting Up Log Streaming

1. Go to Organization Settings > Authentication
2. In the Audit Logs section, select Set up SIEM integration
3. The log streaming configuration portal opens
4. Follow the instructions to connect your SIEM provider

Replit supports streaming to any destination compatible with WorkOS Log Streams, including:

• Datadog
• Splunk
• Amazon S3
• Generic HTTP endpoint (webhook)

​

FAQs

​

Who can view audit logs?

Only organization admins can access audit logs and configure SIEM integration. Non-admin members do not have access to any audit log data.

​

Do I need SCIM enabled to use audit logs?

Yes. Audit logs require SCIM to be enabled and have an active directory sync for your organization. This is because the current audit log events are tied to user lifecycle management through your identity provider.

​

What happens if an audit log event fails to record?

Audit log recording is designed to never interfere with the underlying operation. If an event fails to be recorded, the original action (such as user provisioning) still completes successfully. Failed events are logged internally for investigation.

​

How long are audit logs retained?

Audit log retention is managed through WorkOS. By default, logs are retained in the audit log portal for viewing and search. For longer retention, set up SIEM integration to stream logs to your own storage.

​

Can I export audit logs?

Yes. You can export audit log data directly from the audit log portal or by configuring a SIEM integration to stream events to your preferred storage destination.

​

Related Resources