What's my plan?
Add-on Advanced Data Privacy and Protection (ADPP)
Quick Look: Admin Center > Account > Logs > Access log
You must have the Advanced Data Privacy and Protection (ADPP) add-on to use the features described in this article.

The access log is a powerful tool that enhances data security and administrative control of your account. It's a record of access events for your account related to tickets, user profiles, and searches. It provides insight into what has been accessed based on the URLs that have been visited. This differs from the audit log, which provides a detailed log of changes to settings or fields.

The access log is currently available as an API and from Admin Center.

Access logs can help you answer the following questions:

  • What tickets are agents accessing?
  • What information are agents searching for?
  • What user profiles are agents viewing?

The access log captures what data an agent or admin has accessed in your account within the last 90 days. It doesn't capture end user activity.

This article covers the following topics:
  • Turning on the access log
  • Viewing the access log in Admin Center
  • Using the API to export access logs
  • Example scenarios for using access logs

Turning on the access log

Before you can view access logs, you must turn on the Access Log API in Admin Center. When you do, Zendesk begins capturing access events. Access events that occurred before you turned on the API are not captured.

After you turn on the access log, data may take up to 60 minutes to populate.

To turn on the access log

  1. In Admin Center, click Account in the sidebar, then select Logs > Access log.
  2. Click Manage settings.
  3. Select Turn on the Access Log API.
  4. Click Save.

Viewing the access log in Admin Center

The Access log page in Admin Center lets you view a detailed list of access events in your account. You can filter the log by a specific time period and name or email address. You must first turn on the access log before viewing it in Admin Center.

Tip: If you repeat the same access log filters, bookmark them in your web browser after you apply them. The filter displays in the URL.
To view the access log
  • In Admin Center, click Account in the sidebar, then select Logs > Access log.

    The Access log page displays.

To filter the access log

  1. Click Filter on the Access logs page.
  2. Filter by date or actor:
    • To filter by date, set the fields: Start date, Start time, End date, and End time.

      The default date reflects the maximum number of days the log can capture data (90 days). The time reflects the local time for your account in your localization settings.

    • To filter by agent or admin, enter the name or email address in the Actor field.
  3. Click Apply filters.

Using the API to export access logs

Use the Access Logs API to export access logs to a CSV file. The API lets you filter the logs by a time period, a specific user, or a particular resource, such as tickets. You can also use scripting to filter the data returned further.

You’ll need to work with a developer or other technical resource at your company to export the data. See Exporting access logs to a CSV file and Zendesk API Reference: Access Logs.

Example scenarios for using access logs

Next, we'll explore some example scenarios. In these examples, Anna is an IT security manager responsible for data security and privacy. Claire is an agent at her company.

Using the access log to help define permissions

Anna relies on access logs to ensure that the right agents are viewing the right data to comply with data privacy regulations that require a record of customer data access.

Anna leverages the access log to understand what permissions are required for a new customer service team.

Claire is a member of the new team, and Anna uses her activity as a reference point. When Anna makes the API call filtered by Claire’s user ID, she sees all of Claire’s access events, including a record of the tickets viewed and searches, at what time, and from which IP address.

For example, Anna can see that Claire (user_id 1213456789) viewed ticket number 937.

timestamp: "2023-02-16T19:00:00Z",
user_id: 1213456789,
ip_address: "00.00.000.00",
url: ""/api/v2/tickets/937?[...]
method: "GET",
status: 200

Clarie also opened the profile belonging to user_id 9878654.

timestamp: “2023-02-16T19:00:00Z”,
user_id: 1213456789,
ip_address: “00.00.000.00”,
url: “/api/v2/users/9878654?[...]
method: “GET”,
status: 304

This helps Anna understand if Claire is accessing tickets assigned to other agent groups or if Claire is viewing profiles of customers assigned to other agents. Anna now has more data to help her set up the proper permissions for Claire and other agents in her group.

Using the access log to proactively address security risks

Anna uses search records in the access log to proactively address security risks. She can identify suspicious behavior like repeated searches for credit cards or other personal or sensitive information.

In this example, Anna can see that Claire is searching for "credit card." 

timestamp: “2023-02-16T19:00:00Z”,
user_id: 1213456789,
ip_address: “00.00.000.00”,
url: “/hc/api/v2/articles/search.json?[...]query=credit%20card”,
method: “GET”,
status: 200

After noticing repeated similar searches, she decides to follow up and investigate.

If Anna were investigating an incident, she could similarly use the access log to help trace which customers have been affected. This helps the security team take proper steps to address the issue.

Once Anna has done this, she continues to use the access log to proactively identify data security risks, refine CX security and privacy policies, and support compliance with data privacy laws and regulations.

Powered by Zendesk