Self Service Password Reset Report

This report helps administrators with detailed insights into the usage and effectiveness of the self-service password reset feature. Using this report administrators can track password reset attempts, identify potential issues or password reset abuses, and optimize user experience.

To generate the report, do the following:

  1. Select the Self Service Password Reset option from the Compliance sub node by following the menu sequence: REPORTS BY FUNCTION -> Domain-specific Reports -> Microsoft Entra ID.

  2. Figure 1 then appears. In Figure 1, select a criteria for analysis from the Analyze By list box.

    Figure 1 : Specifying the criteria for generating the Self Service Password Reset report

  3. Using this report, you can analyze the self service password reset done by users belonging to one/more managed Microsoft Azure Entra ID components, or those that are part of a zone, service or segment. The options provided by the Analyze By list box are discussed hereunder:

    • Component: Select this option to choose the component(s) from across all the managed components in the environment.
    • Zone: To generate a report for one/more components that are included in a zone, pick the Zone option. A Zone drop-down list will then appear, from which you would have to select the zone to which the components of interest to you belong. A Sub zone flag also appears. Indicate whether the components present within the sub-zones of the chosen zone are also to be to be considered for report generation, by setting the Sub zone flag to Yes.
    • Segment: If you want to generate a report for one/more chosen components that belong to a segment, select the Segment option from Analyze By list box, and then pick the Segment from the drop-down list that appears.
    • Service: If you want to generate a report for one/more components involved in the delivery of a service, select the Service option from Analyze By, and then pick the required Service from the drop-down list that appears.
  4. By default, Microsoft Azure Entra ID is chosen from the Component Type list.
  5. The Components list will now be populated with all the components that are managed in your environment for the chosen component type. If the Components list consists of too many components, then viewing all the components and selecting the ones you need for report generation could require endless scrolling. To avoid this, you can click the button next to the Components list. A Components pop up window will then appear using which you can view almost all the components in a single interface and Select the ones to be included in this report.

  6. By default, All Activity Types option is chosen from the Activity Type list indicating that this report will be generated based on the type of self service activity that a user belonging to Microsoft Azure can perform. You can even generate this report for a self-service activity of your choice. For example, if you wish to generate this report on reset password activity performed by the users, then you can pick the Reset password (self-service) activity from this list.

  7. If you wish to generate the report for a user of your choice, then, specify the name or email ID of the user against the Initiated By text box. By default, * option is specified in this text box indicating that this report will be generated for all the users who have performed any self service password reset activity over the chosen period of time. To generate this report for multiple users of your choice, specify a comma-separated list of patterns against this text box. For example, specifying *john, *jose* against this text box will help you generate this report for all users with names containing the john and jose.

  8. Then, specify the Timeline for generating this report. You can either provide a fixed time line such as 1 hour, 2 days, etc., or select the Any option from the list to provide a From and To date/time for report generation.

    Note:

    For every user registered with the eG Enterprise system, the administrator can indicate the maximum timeline for which that user can generate a report. Once the maximum timeline is set for a user, then, whenever that user logs into eG Reporter and attempts to generate a report, the Timeline list box in the report page will display options according to the maximum timeline setting of that user. For instance, if a user can generate a report for a maximum period of 3 days only, then 3 days will be the highest option displayed in the Timeline list - i.e., 3 days will be the last option in the fixed Timeline list. Similarly, if the user chooses the Any option from the Timeline list and proceeds to provide a start date and end date for report generation using the From and To specifications, eG Enterprise will first check if the user's Timeline specification conforms to his/her maximum timeline setting. If not, report generation will fail. For instance, for a user who is allowed to generate reports spanning over a maximum period of 3 days only, the difference between the From and To dates should never be over 3 days. If it is, then, upon clicking the Run Report button a message box will appear, prompting the user to change the From and To specification.

  9. In addition to the settings discussed above, this report comes with a set of default specifications. These settings are hidden by default. If you do not want to disturb these default settings, then you can proceed to generate the report by clicking the Run Report button soon after you pick one/more components for report generation. However, if you want to view and then alter these settings (if required), click on the icon. The default settings will then appear in the More Options drop down window (See Figure 2). The steps below discuss each of these settings and how they can be customized.

    Figure 2 : The default settings for generating the report

  10. Next, indicate the report Time period.

    Note:

    By default, the Time period is set to 24 hours. Accordingly, the From and To parameters in the [timeframe] section of the eg_report.ini file (in the <eg_install_dir>\manager\config directory) are set to 00:00 and 24:00 respectively. If need be, you can override this default setting by configuring a different timeframe against the From and/or To parameters. 

  11. In large environments, reports generated using months of data can take a long time to complete. Administrators now have the option of generating reports on-line or in the background. When a report is scheduled for background generation, administrators can proceed with their other monitoring, diagnosis, and reporting tasks, while the eG manager is processing the report. This saves the administrator valuable time. To schedule background processing of a report, you can either select the Background Save - PDF option or the Background Save - CSV option from the Report Generation list. To process reports in the foreground, select the Foreground Generation - HTML option from this list.

    Note:

    • The Report Generation list will appear only if the EnableBackgroundReport flag in the [BACKGROUND_PROCESS] section of the eg_report.ini file (in the <EG_INSTALL_DIR>\manager\config directory) is set to Yes.
    • The default selection in the Report Generation list will change according to the Timeline specified for the report. If the Timeline set is greater than or equal to the number of days specified against the MinDurationForReport parameter in the [BACKGROUND_PROCESS] section of the eg_report.ini file, then the default selection in the Report Generation list will be Background Save - PDF. On the other hand, if the Timeline set for the report is lesser than the value of the MinDurationForReport parameter, then the default selection in the Report Generation list will be Foreground. This is because, the MinDurationForReport setting governs when reports are to be processed in the background. By default, this parameter is set to 2 weeks - this indicates that by default, reports with a timeline of 2 weeks and above will be processed in the background.
  12. Click the Done button if any changes were made to the More Options drop down window.
  13. Finally, click the Run Report button to generate the report.

  14. If the Report type is Foreground Generation - HTML, then Figure 3 will appear as soon as you click the Run Report button.

    Figure 3 : The generated Self Service Password Reset report

    The generated report (see Figure 3) displays the following sections:

    • The Self Service Password Reset by Time bar graph displays the number of password resets attempted by the users based of the chosen Timeline. Using this graph, administrators can figure out when which many password resets were attempted. This graph may help administrators identify potential issues or password reset abuses, and hence, optimize user experience.

    • The Self Service Password Reset Details table reveals the name of the each activity, exact time of each activity, the user who initiated each activity, the IP address of the user and the reason for the password reset initiated by the user. Using this table, administrators can figure out the user who initiated maximum password reset attempts.