A practical guide to the Intercom audit log

Knowing who did what inside your support platform isn't just a "nice to have", it's a must. You need it for security, keeping everyone accountable, and figuring out what went wrong when a setting mysteriously changes. In a busy place like Intercom, tracking every little thing, from a teammate updating a customer profile to a new message going live, is how you maintain control and trust.

Intercom’s tool for this is the "Teammate Activity Log," which is basically what most of us would call an audit log. This guide will walk you through what the Intercom audit log is, how to actually use it, where it falls short, and how newer AI tools can give you a more proactive way to manage your team’s actions instead of just reviewing them after the fact.

What is the Intercom audit log?

So, what exactly is this "Teammate Activity Log"? Think of it as a running, chronological record of all the important actions your team takes in your Intercom workspace. According to Intercom's own documentation, every entry in the log tells you a few key things:

• Which teammate performed the action.

• What they did (like assigning a conversation, exporting data, or changing a setting).

• When they did it, down to the exact date and time.

• The IP address they were using at the time.

You can find these logs by heading over to Settings > Workspace > Teammates > Activity logs. The data sticks around in the user interface for one year, which is generally fine for most day-to-day checks.

But here’s the first hurdle you might run into. Access to the activity log is limited to teammates with the "Can manage general & security settings" permission. In most companies, this means only a small circle of admins can actually see it. While that’s logical for top-level security, it can create a transparency problem. As your team grows, you'll find that more people need to see who changed what without needing full-blown admin rights.

How to use the Intercom audit log for security and troubleshooting

Even with its access limits, the audit log is a genuinely useful tool for daily security checks and fixing things that break. It’s the paper trail that helps you solve those common "who did that?" mysteries.

Monitoring workspace changes

We've all been there: a tiny, accidental click causes a huge headache. Maybe a key outbound message gets paused, or a messenger setting is changed without anyone noticing. The audit log is your best friend for pinpointing these changes fast. If you see something’s off, you can filter the log by activity type or date to find exactly who made the change and when. This lets you fix the problem and have a friendly chat with the right person.

Auditing data exports and teammate invitations

Few actions carry as much weight as exporting customer data or inviting a new person into your workspace. If not handled carefully, these activities can open up security risks. The audit log provides a clean record of who is exporting data and when, which is often a strict requirement for compliance standards like GDPR and SOC 2. It also tracks every new teammate invitation, so you can double-check that only authorized users are getting access.

Investigating user-reported issues

Sometimes, the quickest way to solve a customer's issue is to look at the recent history of their account. Let's say a customer writes in, confused because their profile information is suddenly wrong. The audit log can show you which teammate was the last one to touch their profile. This isn't about playing the blame game; it’s about getting the full picture. Did the change come from a manual update, an automated workflow, or an integration? The log gives you a starting point to find the root cause, whether it was a simple mistake or a sign that one of your workflows needs a second look.

A view of the Intercom ticket interface, showing how customer details can be reviewed alongside their message, which is useful when using the Intercom audit log to investigate issues.

Accessing the Intercom audit log via the API

For larger teams or those who have to deal with serious compliance rules, just looking at the log inside the app isn't going to be enough. That’s when Intercom's Activity Logs API becomes really useful. It lets you pull the log data automatically, which opens up some powerful possibilities:

• Long-term storage: You can grab logs that are older than the one-year limit in the UI and save them in your own systems for long-term compliance and auditing.

• Custom monitoring: You can build your own internal dashboards or set up alerting systems to watch for specific, high-risk activities as they happen.

• SIEM integration: You can feed your activity logs directly into a Security Information and Event Management (SIEM) tool like Splunk or Datadog. This lets your security team keep an eye on Intercom activity right alongside data from all your other applications.

Getting started with the API is pretty simple. Here’s a quick cURL example to pull logs created after a certain time:

curl -X GET 'https://api.intercom.io/admins/activity_logs?created_at_after=1677253093' \  

  -H 'Authorization: Bearer ' \  

  -H 'Intercom-Version: 2.14' \  

  -H 'Accept: application/json'  

You can also use webhooks to get real-time pings for specific events, like when a new teammate is invited or an admin's permissions are changed.

Key limitations of the Intercom audit log

The Teammate Activity Log is a solid, necessary feature. But as your team grows and you start relying more on automation and AI, you'll begin to bump up against its limits. Knowing what these are helps you figure out when it's time to find a more powerful solution.

The Intercom audit log is reactive, not proactive

The biggest problem with any audit log is that you're always looking in the rearview mirror. It’s great for figuring out what went wrong, but it does absolutely nothing to stop mistakes from happening in the first place. You can see that a workflow was changed incorrectly, but you couldn't prevent that change from going live.

This is where you need to shift from just reviewing what happened to proactively controlling what will happen. Instead of just logging that an AI agent mis-tagged 1,000 tickets, wouldn't you rather simulate that change on your historical data and catch the error before it goes live?

Limited context and insights

The Intercom audit log shows you what happened, but it almost never tells you why. It's just a raw feed of events. It won't tell you that a certain type of question keeps getting mis-tagged by your automation, or that a gap in your knowledge base is causing your AI to give up and escalate conversations it should be able to handle. It gives you data, but not the kind of insights that help you actually improve how your support team works.

The challenge of managing AI actions

As more teams bring on AI agents like Intercom’s Fin, the audit log can quickly fill up with thousands of actions performed by bots. While it’s good to know the AI is doing its job, a simple log entry doesn't help you manage its behavior. When an AI messes up, you need more than just a record of what it did. You need fine-grained controls to tweak its rules, adjust what knowledge it can access, and define its actions with real precision. This is where a customizable workflow engine becomes non-negotiable for any team that's serious about scaling with AI.

An example of Intercom's Fin AI Agent, whose actions would be tracked in the Intercom audit log.

A quick look at Intercom's pricing

Let's talk money for a second. Understanding what your tools cost is important, especially when AI resolutions can start to add up. Intercom’s pricing is mostly based on how many seats you have, but their AI agent, Fin, comes with a usage-based cost.

Fin is priced at $0.99 per resolution, which is on top of your plan's per-seat fees. That sounds simple enough, but it creates a cost that can be hard to predict and grows with your ticket volume. A busy month could leave you with a surprisingly high bill, making it tough to budget properly.

A better approach: Proactive automation control with eesel AI

Instead of being stuck cleaning up messes after they happen, a better way forward is to add a layer of proactive control. That's exactly what eesel AI was designed for. It plugs directly into your helpdesk, like Intercom, to give you a level of control over your automation that you just can't get otherwise.

Here’s how it helps with the limitations of a standard audit log:

Stop cleaning up messes and start preventing them. Instead of waiting to see what your AI did wrong, you can use eesel AI’s powerful simulation mode to test it on thousands of your actual historical tickets. You can see exactly how your AI agent will respond, which tickets it will resolve, and what actions it will take, all before it ever interacts with a live customer. This lets you deploy new automation with confidence, not just hope.

Get total control over your workflows. eesel AI provides a fully customizable workflow engine. You can build precise rules that tell the AI exactly when to handle a ticket, when to escalate it to a human, and what custom actions it can perform, like looking up order details or applying specific tags. This is the granular control you need to manage AI well, and it's something a simple log just can't offer.

A visual workflow builder, demonstrating a more proactive way to manage automation than a reactive Intercom audit log.

Get transparent, predictable pricing. Tired of worrying about runaway costs from per-resolution fees? eesel AI offers plans based on a set number of monthly AI interactions. This means no surprise bills after a spike in support volume. Your costs are predictable, so you can scale your automation without scaling your stress levels.

Move beyond the Intercom audit log to intelligent control

The Intercom audit log is a fundamental tool for basic security and troubleshooting. It gives you a record of what's happening in your workspace, and that's a critical starting point for any support team.

But as you grow, you'll quickly feel its limits. It’s reactive, it doesn't give you much insight, and its visibility is often locked down to just a few admins. For teams that are serious about using AI and automation safely and effectively, the goal should be to move beyond just logging actions to proactively controlling and simulating them.

This is where a dedicated AI platform becomes so important. With a tool like eesel AI, you can build, test, and deploy powerful automation with complete confidence, knowing you have full control over the actions that will one day show up in your audit log. If you're ready to add a layer of truly controllable AI to Intercom, it's worth taking a look.