Release : 9.x 10.x 11.x

Component : API GATEWAY

Password changes are tracked via system audit messages. In the audit viewer you will find an event similar to the below:


NONE aebda644cc55356754006057e3fc41f6 <NODE> 20200319 12:54:05.939 INFO  InternalUser #aebda644cc55356754006057e3fc4098 (test) updated (changed hashedPassword, changed changePassword)

Node                : <NODE>
Time                : 20200319 12:54:05.939
Severity            : INFO
Message             : InternalUser #aebda644cc55356754006057e3fc4098 (test) updated (changed hashedPassword, changed changePassword)
Audit Record ID     : aebda644cc55356754006057e3fc41f6

Event Type          : Manager Action
Admin User Name     : unknownClientSubject
Admin User ID       : principal:unknownClientSubject
Identity Provider ID: 0000000000000000ffffffffffffffff
Admin IP            : <Admin IP>

Action              : Object Changed
Entity Name         : test
Entity ID           : aebda644cc55356754006057e3fc4098
Entity Type         : identity.internal.InternalUser


If the change was made as the result of the current password expiring (per your password policy) this is tracked in the database in the password_history table. This only applies to password changes due to expiration.