Logged activities in the Sitecore Cloud Portal
To start forwarding audit logs to your external system, use the Webhook REST API to create a webhook.
Sitecore Cloud Portal activities always use the EUW region (https://mesh-management-api-euw.sitecorecloud.io).
The Sitecore Common Audit Log records when a team member has a role assigned or removed. This includes both organization roles and app roles, so you can also see when a team member joins or is removed from an organization.
It also records when a Sitecore support engineer logs in to your organization or app to help resolve a technical issue.
Here's a list of all the activities that Sitecore Common Audit Log records for Sitecore Cloud Portal entities:
The following example shows the audit logs that are created when an organization admin, Jane, performs certain actions in a Sitecore Cloud Portal organization:
Jane assigns various roles to John based on his shifting job responsibilities, and then later she removes him from the organization.
Jane invites John to the Sitecore Cloud Portal organization, assigning him the Organization User role and the user role in a CDP app.
When John accepts the invitation to join the organization, the following log is recorded:
[
{
"action": "roles_assigned",
"entity": {
"id": "[email protected]",
"type": "user"
},
"sourceSystemUserContext": {
"id": "[email protected]"
},
"extensions": {
"roles": [
{
"role": "Organization User",
"scope": "Organization"
},
{
"tenantId": "fake1D2321-4324vdvsd3-44",
"role": "User",
"scope": "CDP"
}
],
"eventId": "1234567891011121314151617181920"
},
"time": "2025-05-27T11:20:16.216+00:00"
}
]
Jane then assigns John the Admin role in a SitecoreAI app:
[
{
"action": "roles_assigned",
"entity": {
"id": "[email protected]",
"type": "user"
},
"sourceSystemUserContext": {
"id": "[email protected]"
},
"extensions": {
"roles": [
{
"tenantId": "fake1Dxmc21-4324vdvsd3-44",
"role": "Admin",
"scope": "XMCloud"
}
],
"eventId": "1234567891011121314151617181921"
},
"time": "2025-05-28T11:20:16.216+00:00"
}
]
John doesn't need to use CDP anymore, so Jane removes his CDP app access:
[
{
"action": "roles_removed",
"entity": {
"id": "[email protected]",
"type": "user"
},
"sourceSystemUserContext": {
"id": "[email protected]"
},
"extensions": {
"roles": [
{
"tenantId": "fake1D2321-4324vdvsd3-44",
"role": "User",
"scope": "CDP"
}
],
"eventId": "12345678910111213141516171819212"
},
"time": "2025-06-02T11:20:16.216+00:00"
}
]
John needs to create webhooks and deploy SitecoreAI environments, so Jane assigns him the Organization Admin role:
[
{
"action": "roles_assigned",
"entity": {
"id": "[email protected]",
"type": "user"
},
"sourceSystemUserContext": {
"id": "[email protected]"
},
"extensions": {
"roles": [
{
"role": "Organization Admin",
"scope": "Organization"
}
],
"eventId": "123456789101112131415161718192123"
},
"time": "2025-06-03T11:20:16.216+00:00"
}
]
Which also removes his Organization User role:
[
{
"action": "roles_removed",
"entity": {
"id": "[email protected]",
"type": "user"
},
"sourceSystemUserContext": {
"id": "[email protected]"
},
"extensions": {
"roles": [
{
"role": "Organization User",
"scope": "Organization"
}
],
"eventId": "123456789101112131415161718192161"
},
"time": "2025-06-03T11:20:17.216+00:00"
}
]
After a long and exciting career at the company, John decides to retire. It's a sad day for everyone, as Jane removes him from the organization:
[
{
"action": "roles_removed",
"entity": {
"id": "[email protected]",
"type": "user"
},
"sourceSystemUserContext": {
"id": "[email protected]"
},
"extensions": {
"roles": [
{
"role": "Organization Admin",
"scope": "Organization"
},
{
"tenantId": "fake1Dxmc21-4324vdvsd3-44",
"role": "Admin",
"scope": "XMCloud"
}
],
"eventId": "90020250509113832745797000000000000001223372119995312709"
},
"time": "2055-05-27T11:20:16.216+00:00"
}
]
Detailed activity properties
The following table describes the fields of each activity in the Sitecore Cloud Portal: