Viewing Session History
The Session History tab gives Account Owners a complete, read-only audit log of every login session across your organization that has either expired or been terminated. It's a powerful tool for security reviews, troubleshooting access issues, and confirming when a specific user signed in or out.
🔐 Who can view this? Session History is intended for organization-level oversight and is most useful for Account Owners and Billing Managers. Standard Users see only their own sessions under the My Sessions tab.
🧭 Getting to Session History
Step 1: Click the Settings ⚙️ icon in the bottom-left corner.
Step 2: You'll land on the Users area by default.
Step 3: From the top tab bar, click Session History.
You'll see a header that reads Session History – All Users, followed by a subtitle showing the total number of terminated and expired sessions on file (for example, "68 terminated and expired sessions from your organization").
🔎 Searching the History
A Search by user name or email… box sits at the top of the list. Type any portion of a user's name or email to instantly narrow the list to that person's historical sessions. This is the fastest way to investigate a single user's recent sign-in activity.
📋 What You'll See in Each Row
Every entry in Session History shows:
- User & Device — the user's name, email, and a role badge (e.g.,
Customer), along with the browser and IP address used for the session - Session — a unique session ID (truncated for readability, e.g.,
b6ad5bd5...0d552422) - Status — one of two states:
- 🟡
Expired— the session reached its expiration time naturally - 🔴
Terminated— the session was ended early (by the user, an admin, or a manual logout). Terminated rows also show how long ago the termination occurred.
- 🟡
- Location — the geographic location associated with the IP address, when available
- Created — when the session was originally established
- Expires — when the session ended (or would have ended)
💡 Many environments will display Unknown Browser, Unknown IP, and Unknown location. This simply means the device or network metadata wasn't captured at sign-in time and is not, on its own, a security concern.
🟡 Expired vs. 🔴 Terminated — What's the Difference?
| Status | What it means |
|---|---|
| 🟡 Expired | The session was inactive long enough to hit its automatic expiration window. No one acted on it — the system simply timed it out. |
| 🔴 Terminated | The session was ended early. This usually happens when a user (or admin) clicks Logout on a session, or when an Account Owner disables a user account. |
Knowing the difference helps you spot intentional sign-outs versus normal session aging.
🔍 Common Things to Look For
Session History is most useful when you want to:
- Confirm when a user last signed in before a permission change or account update
- Investigate a security incident — e.g., look for sessions from unfamiliar locations or devices around a specific time
- Verify a logout after disabling a user, sharing a device, or recovering a lost laptop
- Audit trial activity to see how frequently a particular team member has been signing in
💡 Best Practices
- Review periodically. Even a quick monthly scan can surface devices or sign-in patterns you didn't expect.
- Cross-reference with the Active Sessions tab. If a session appears in Active Sessions you don't recognize, you can sign it out from there, then confirm the termination here in Session History.
- Pair with the History tab. The general History tab logs user, invitation, and access-request activity, while Session History focuses specifically on sign-in sessions. Use them together for a fuller picture.
- Use the search box instead of scrolling — the list can be very long for established organizations.