Observability

Every access.
One audit trail.

Auth events, service access, cloud credentials, infrastructure findings -- all in one searchable, immutable timeline. Export to any SIEM.

Available on Free and above. See pricing

Unified access timeline

Every layer, every decision, every user -- one timeline.

console.authfi.app/audit
10:30:01 LOGIN Email/password + TOTP MFA alice@acme.com
10:30:05 APP require("read:patients") granted Hospital App
10:30:05 SERVICE GET /api/patients/123 eBPF 45us role:doctor
10:30:06 CLOUD GCP Editor token issued MFA verified, 1h
10:31:00 SERVICE POST /api/invoices DENIED role:doctor no access
10:31:05 LOGIN Login failed: bob@acme.com invalid password (3/5)

Five log streams, one platform

Auth logs

Logins, logouts, MFA challenges, password resets, SSO events, brute force detection.

Service logs (eBPF)

Every HTTP request decision at the kernel -- allow/deny, user, method, path, latency.

Cloud access logs

Cloud credential issuance -- console signin, API credentials, role, MFA status.

App access logs

OAuth2 authorization -- token issuance, consent grants, scope validation.

Agent audit logs

Infrastructure findings -- privileged containers, open ports, security posture scores.

Export to any SIEM

Splunk

HEC (HTTP Event Collector). Real-time log forwarding.

Datadog

Log pipeline integration. Tags and facets auto-mapped.

Grafana / Loki

LogQL-compatible export. Labels from AuthFI metadata.

Ready to get started?

Free for 5,000 monthly active users. No credit card required.

Start free Read the docs