1. Securing HCM
  2. User Password Changes Audit Report

User Password Changes Audit Report

This report identifies users whose passwords were changed in a specified period. You must have the ASE_USER_PASSWORD_CHANGES_AUDIT_REPORT_PRIV function security privilege to run this report. The predefined IT Security Manager job role has this privilege by default.

To run the User Password Changes Audit Report:

  1. Open the Scheduled Processes work area.

  2. Click Schedule New Process.

  3. Search for and select the User Password Changes Audit Report process.

  4. In the Process Details dialog box, set parameters and click Submit.

  5. Click OK to close the confirmation message.

User Password Changes Audit Report Parameters

Search Type

Specify whether the report is for all users, a single, named user, or a subset of users identified by a name pattern that you specify.

User Name

Search for and select the user on whom you want to report. This field is enabled only when Search Type is set to Single user.

User Name Pattern

Enter one or more characters that appear in the user names on which you want to report. For example, you could report on all users whose user names begin with the characters SAL by entering SAL%. This field is enabled only when Search Type is set to User name pattern.

Start Date

Select the start date of the period during which password changes occurred. Changes made before this date don't appear in the report.

To Date

Select the end date of the period during which password changes occurred. Changes made after this date don't appear in the report.

Sort By

Specify how the report output is sorted. The report can be organized by either user name or the date when the password was changed.

Viewing the Report Results

The report produces these files:

  • UserPasswordUpdateReport.csv

  • UserPasswordUpdateReport.xml

  • Diagnostics_[process ID].log

For each user whose password changed in the specified period, the report includes:

  • The user name.

  • The first and last names of the user.

  • The user name of the person who changed the password.

  • How the password was changed:

    • ADMIN means that the change was made for the user by a line manager or the IT Security manager, for example.
    • SELF_SERVICE means that the user made the change by setting preferences or requesting a password reset, for example.
    • FORGOT_PASSWORD means that the user clicked the Forgot Password link when signing in.
    • REST_API means that the change was made for the user by SCIM REST APIs.

  • The date and time of the change. The format of date and time of the change is "dd/MM/yyyy HH:mm:ss".