Operational runbooks for SyntrixOne platform owners and workspace admins.
What we record and how to read it.
Every transition is logged.
Every PATCH /api/admin/workspaces/:id/approval call writes an audit-log row: actor (platform-owner email), workspace id, previous approvalStatus, new approvalStatus, timestamp, optional note.
These rows let you reconstruct the full history of any workspace.
Successful + failed login attempts.
Successful logins record actor, IP, user-agent and timestamp.
Failed logins record the same plus the failure reason — useful when triaging compromise attempts.
MFA toggles, session revokes, password changes.
MFA enable/disable, recovery-code regeneration, password change, session revoke-all — each writes an audit row with the actor, IP, user-agent and timestamp.
Per-message send/delivery audit.
Email logs live in `email_logs` and are surfaced at /dashboard/email-logs. They include: recipient, template, send status, delivered timestamp, opens and clicks.
Webhook events from Resend update existing rows in place.
Stripe webhook event store.
Stripe webhook events land in `stripe_webhook_events`. Each row stores the event id, type, raw payload and a received-at timestamp.
Platform owners can browse the last 20 events from /dashboard/platform/stripe-status.
Reach the SyntrixOne platform team or browse the user-facing Help Center.
