Skip to content
English
  • There are no suggestions because the search field is empty.

Security Control Center: Users Audit Log

The Users Audit Log in Checkwriters tracks login and logout activity and Two-Factor Authentication (2FA) events from users.

Each entry in the audit log captures the user’s Name, their Location (IP address), the kind of Event, the Date and time of the event, Browser type, and any additional Metadata that could be useful.

To access the Users Audit Log, navigate to HR Admin (module) → Security Control Center → Users Audit Log. You will then be required to set an audit duration, or you can create a custom timeline using the Override Duration checkbox.

Note: At any time, you can select Refresh to reload the audit log for the selected duration or select Re-Generate to select a new duration.

Events

The Users Audit Log tracks many different Events. These include standard records of when a user logs in or logs out of Checkwriters.

The log also tracks 2FA events, including enabling or disabling 2FA and passing or failing 2FA. 2FA Bypass events will also be recorded, and the Metadata column will provide further information about the bypass level used. Additional metadata will also be provided when a user utilizes the phone 2FA option.

Important: Users will only be able to see events for employees assigned to them.

2026-06-02_15-27-48

Tip: This Audit Log can be helpful if employees are unable to log in to WebClock. WebClocks can be restricted by IP address, so if the employee tries to log in from an unauthorized IP address, you will see that attempt in the log.

 

Take a look at the various Events that may return in the Users Audit Log.

Event Description Metadata
Logged In

The user successfully logged into Checkwriters.

None.
Logged Out

The user logged out of Checkwriters.

None.
2FA Bypass Saved

An Admin user successfully initiated a 2FA Bypass.

“Bypass Level Set To: __”

Level 0: Normal sign-in with 2FA enabled.

Level 1: 2FA disabled, user will be prompted with Security Questions.

Level 2: Complete override, 2FA and Security Questions disabled.

Learn more about 2FA Bypass Levels.

2FA Bypass Failed to Save

An Admin user attempted a 2FA Bypass, but it was not successful.

“Bypass Level Set To: __”

Level 0: Normal sign-in with 2FA enabled.

Level 1: 2FA disabled, user will be prompted with Security Questions.

Level 2: Complete override, 2FA and Security Questions disabled.

Learn more about 2FA Bypass Levels.

2FA Bypass Used

After an Admin user initiated a 2FA Bypass, the employee successfully logged in, and 2FA was re-enabled.

“Bypass Level: __ UserID: __”

Level 0: Normal sign-in with 2FA enabled.

Level 1: 2FA disabled, user will be prompted with Security Questions.

Level 2: Complete override, 2FA and Security Questions disabled.

Learn more about 2FA Bypass Levels.

2FA Bypass Used - Failed to Reset Bypass Flag

After an Admin user initiated a 2FA Bypass, the employee successfully logged in, but 2FA was not re-enabled.

“Bypass Level: __ UserID: __”

Level 0: Normal sign-in with 2FA enabled.

Level 1: 2FA disabled, user will be prompted with Security Questions.

Level 2: Complete override, 2FA and Security Questions disabled.

Learn more about 2FA Bypass Levels.

2FA Fob Method Verified

Verification was successful when enrolling in the Fob 2FA method.

None.
2FA Fob Method Failed Verification

The user failed to verify their Fob 2FA method. They may have entered the wrong 10-digit Fob code.

None.
2FA Phone Method Verified

Verification was successful when enrolling in the Phone 2FA method.

Masked phone number.

2FA Phone Method Failed Verification

The user failed to verify their Phone 2FA method.

Masked phone number.

2FA App Method Verified

Verification was successful when enrolling in the Authentication App 2FA method.

None.
2FA App Method Failed Verification

The user failed to verify their Authentication App 2FA method.

None.
2FA Phone Method Enrolled

The user has enrolled in the Phone 2FA method.

None.
2FA Phone Method Failed to Enroll

The user tried to enroll in the Phone 2FA method, but it failed to save.

None.
2FA Fob Method Enrolled

The user has enrolled in the Fob 2FA method.

None.
2FA Fob Method Failed to Enroll

The user tried to enroll in the Fob 2FA method, but it failed to save.

None.
2FA App Method Enrolled

The user enrolled in the Authentication App 2FA method.

None.
2FA App Method Failed to Enroll

The user tried to enroll in the Authentication App 2FA method, but it failed to save.

None.
2FA Phone Enabled

The Phone 2FA method was enabled using the Two Factor Settings after logging in.

Masked phone number.

2FA Phone Disabled

The Phone 2FA method was disabled using the Two Factor Settings after logging in.

None.
2FA Fob Enabled

The Fob 2FA method was enabled using the Two Factor Settings after logging in.

None.
2FA Fob Disabled

The Fob 2FA method was disabled using the Two Factor Settings after logging in.

None.
2FA Mobile App Enabled

The Authenticator App 2FA method was enabled using the Two Factor Settings after logging in.

None.
2FA Mobile App Disabled

The Authenticator App 2FA method was disabled using the Two Factor Settings after logging in.

None.
2FA Fob Challenge Presented

The user was presented with a Fob 2FA challenge before logging in.

None.
2FA Mobile App Challenge Presented

The user was presented with an Authenticator App 2FA challenge before logging in.

None.
2FA Challenge Failed

The user failed a 2FA challenge.

None.
2FA Phone Challenge Attempted

The user was presented with a Phone 2FA method challenge.

Masked phone number.

2FA Phone Call Made

The user selected “Call Me instead” and a 2FA Phone call was made to the phone number listed in the Metadata column.

Masked phone number.

2FA Phone Call Failed

The user selected “Call Me instead” and a 2FA Phone call was attempted to the phone number listed in the Metadata column. The call failed.

Masked phone number.

2FA Challenge Phone Passed

The user successfully logged in using the Phone 2FA method.

Masked phone number.

2FA Challenge Fob Passed

The user successfully logged in using the Fob 2FA method.

None.
2FA Challenge Mobile App Passed

The user successfully logged in using the Authenticator App 2FA method.

None.
2FA Device Remembered

The user successfully logged in, and the “Remember my Device” feature was used.

None.
2FA Reset

The ESS user reset 2FA within the Two Factor Settings in Employee Self-Service (ESS). They may be asked to re-enroll upon their next login attempt.

None.