Audit and User Reports

Users assigned the Identity Domain Administrator role can view both audit reports and login reports. Additionally, Service Administrators have access to the Role Assignment Audit report. These reports include information on all users including deactivated ones, who aren't assigned to a predefined role. All reports, except the Role Assignment Audit Report can be accessed from the Oracle Cloud Console.

Audit Data Retention Periods

The default retention period for audit data is 30 days, configurable up to 90 days using the Audit Retention Period (days) setting in the Oracle Cloud Console. This setting applies to the Invalid Login Report and the Role Assignment Audit Report. Oracle Fusion Cloud Enterprise Performance Management or Oracle Enterprise Data Management Cloud maintain the audit data displayed in the Group Assignment Audit Report and User Login Report for a maximum of 120 days.

Custom Date Range Reporting

Reports can be generated for a custom date range, subject to the following rules:

  • The start date must not be earlier than the allowed maximum retention period from the current date.
  • The end date must not be later than the maximum retention period from the current date.
  • The end date must be earlier than the start date.

Archiving Reports

To retain audit data for more than the audit data retention period, it is recommended to periodically download and archive the reports. All reports can be exported in CSV format.

Available Audit Reports

Role Assignment Audit Report

The Role Assignment Audit Report tracks changes to predefined and application role assignments within your environment.

Each row includes:

  1. Name: Name of the user, IDCS group, or EPM group associated with the role change
  2. Type: Whether it is a user, IDCS group, or EPM group
  3. Role: The specific predefined or application role that was assigned or unassigned
  4. Action: If a user or group is assigned or unassigned the application or predefined role
  5. Performed By: The user who performed the role change
  6. Date and Time: The UTC timestamp (in 24-hour format) when the action was completed

You can generate this report using roleAssignmentAuditReport EPM Automate command.

Application Access Report

The Application Access report provides you information on the users who logged in, including the login date, the application accessed, and whether the login attempt was successful.

Application Role Privileges Report

This report tracks changes to the predefined roles. Each row includes:

  • The environment where the role change occurred
  • The beneficiary (user assigned or unassigned a role)
  • The specific role that was assigned or unassigned
  • The approver (user who made the role change)
  • The date and time of the role change

This report can be used as an audit report for all predefined role modifications.

Available Login Reports

The user login reports can be generated for predefined ranges of 30, 60, or 90 days, and you also have the option to create reports for a custom date range. These reports can be downloaded as CSV files.

Successful Login Attempts Report

The report lists the following information:

  • The user ID of the user who signed in
  • Timestamp of the log in attempt
  • Login provider, which is UserNamePassword or the name of a SAML provider

Unsuccessful Login Attempts Report

This report lists the following information

  • User ID of the user who attempted to sign in
  • Timestamp of the log in attempt
  • Comments explaining the reason for the failed sign-in attempt

Dormant Users Report

This report lists the following information:

  • User ID of the user who has not signed in during the selected period
  • Date when the user signed in last
  • Full name of the user
  • Primary email of the user

All report columns are sortable. For example, in the Application Access report, you can click the sort button in the User column to sort the report alphabetically on user name.