# Login History

Login History provides a record of all authentication events for your tenant, helping you monitor access and investigate suspicious activity.

## Viewing Login History

1. Go to **Security > Login History**.
2. Browse the chronological list of login events.

## Event Details

Each login event includes:

| Field          | Description                                                               |
| -------------- | ------------------------------------------------------------------------- |
| User           | Email or username of the account                                          |
| Status         | Success, Failed, or Locked                                                |
| Time           | Date and time of the attempt                                              |
| IP address     | Source IP of the request                                                  |
| Location       | Approximate geographic location (based on IP)                             |
| Device         | Browser and operating system                                              |
| Method         | Authentication method used (password, SSO, magic link, etc.)              |
| Failure reason | Why the attempt failed (wrong password, account locked, MFA failed, etc.) |

## Filtering and Search

Use filters to narrow down the history:

| Filter     | Options                         |
| ---------- | ------------------------------- |
| Date range | Custom start and end dates      |
| Status     | Success, Failed, Locked         |
| User       | Search by email or name         |
| IP address | Filter by specific IP           |
| Method     | Password, SSO, Magic Link, etc. |

## Identifying Suspicious Activity

Watch for these patterns:

* **Multiple failed attempts** for the same user in a short period -- may indicate a brute-force attack.
* **Successful login from an unusual location** -- could indicate compromised credentials.
* **Logins at unusual hours** -- may warrant verification with the user.
* **Same IP with failed attempts across multiple accounts** -- may indicate credential stuffing.

## Exporting Login History

1. Apply the desired filters.
2. Click **Export**.
3. Choose CSV or JSON format.
4. The export is generated and available for download.

Exports are useful for compliance reporting and external security analysis.

## Retention

Login history is retained based on your tenant plan:

| Plan         | Retention period      |
| ------------ | --------------------- |
| Starter      | 30 days               |
| Professional | 90 days               |
| Enterprise   | 1 year (configurable) |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://accessiq.gitbook.io/accessiq-docs/security/login-history.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.