13.8 Auditing for Self Service Password Reset

In order to meet compliance standards, many companies require auditing for password changes, whether the changes came from the users or the help desk. Self Service Password Reset provides an auditing solution that tracks specific events that occur in the system as well as actions users took. It also allows you to forward events to a Syslog server for further analysis of the information.

13.8.1 Configuring Auditing

Self Service Password Reset allows you to enable and configure event alerts such as intruder alerts and fatal event alerts.

To configure the logging and auditing options, perform the following steps:

  1. Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.

  2. In the toolbar, click your name.

  3. Click Configuration Editor > Settings > Auditing > Audit Configuration.

  4. Configure the following settings:

    System Audit Event Types

    Select the system event types to record and take action.

    User Audit Event Types

    Select the user audit event types to record and take action.

    LocalDB Audit Events Storage Max Age

    Specify the maximum age (in seconds) of the local audit event log. The default is 30 days.

  5. Select Save changes.

13.8.2 Forwarding Auditing Information

You can forward auditing events to external systems to analyze the information.

  1. Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.

  2. In the toolbar, click your name.

  3. Click Configuration Editor > Settings > Auditing > Audit Configuration.

  4. Configure the following settings:

    System Audit Event Email Alerts

    Specify the email address where you want to send the system audit events information. You can provide multiple email addresses.

    User Audit Event Email Alerts

    Specify the email address on which you want to send the user audit events information. You can provide multiple email addresses.

    Syslog Audit Servers

    Self Service Password Reset can send events to the Syslog service. Specify Syslog audit servers information as follows:

    • Protocol: TCP, UDP or TLS/ SSL

    • Host: Host name or IP address of the computer running the Syslog service

    • Port: Port number where the Syslog service is listening

    Syslog Audit Server Certificates

    Import the certificates from the Java keystore to configure TLS/SSL from the Syslog service.

  5. Select Save changes.

13.8.3 Configuring Auditing for User History

Self Service Password Reset allows you to store the user history in different locations. Use the following settings to configure that storage.

  1. Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.

  2. In the toolbar, click your name.

  3. Click Configuration Editor > Settings > Auditing > User History.

  4. Configure the following settings:

    User History Storage Location

    Select the data store location where to store the user-specific audit history. The options are LDAP and Remote Database.

    Use History Event

    Select the event types to store for the user audit history.

    User History LDAP Attribute

    These are the attributes used to write a user event attribute in LDAP. The user event log attribute will hold an XML document with the users’ event history. Leave blank to disable logging event history to LDAP.

    User History Maximum Events

    Specify the maximum number of events to hold in the event history attribute for a user.

  5. Select Save changes.