User logs
User logs show a list of all users who have authenticated to Cloudflare Zero Trust. For each user who has logged in, you can view their enrolled devices, login history, seat usage, and identity used for policy enforcement.
In Zero Trust ↗, go to My Team > Users. This page lists all users who have registered the WARP client or authenticated to a Cloudflare Access application. You can select a user's name to view detailed logs, revoke their session, or remove their seat.
- User Registry identity: Select the user's name to view their last seen identity. This identity is used to evaluate Gateway policies and WARP device profiles. A refresh occurs when the user re-authenticates WARP, logs into an Access application, or has their IdP group membership updated via SCIM provisioning. To track how the user's identity has changed over time, go to the Audit logs tab.
- Session identities: The user's active sessions, the identity used to authenticate each session, and when each session will expire.
- Devices: Devices registered to the user via WARP.
- Recent activities: The user's five most recent Access login attempts. For more details, refer to your authentication audit logs.