SAP Knowledge Base Article - Public

2744431 - How to Create Change Audit Reports and What Reports are Available - SuccessFactors

Symptom

  • How to create a Change Audit Report
  • What reports are available?
  • What are the modules supported by Change Audit Report
  • How can we access SuccessFactors System logs?
  • Can we export the logs for tools such as Splunk/SIEM?
  • Retention Policy configuration in Change Audit Report
  • Audit the changes in Manage language , Manage Email Notification , Manage Support Access

Environment

SAP SuccessFactors HCM Suite

Resolution

Creating Change Audit Reports

  • The Change Audit Reports are divided in two types: Personal Data Reports and Configuration Data Reports
  • Within in each type there are several options of reports to create
  • The following SAP Help Portal Article provides guidance on creating each report, divided by types: Creating A Change Audit Report

What Reports are Available?

  • The SAP Help Portal also provides the details regarding all the jobs and what each one covers: Types of Change Audit Reports
  • In the section "Related Information" you will find a link for each report showing more specific details

Which Modules are Supported by Change Audit Report?

Please, take time to read what is support in each module: Important Notes about Change Audit for Personal Data

Frequently Asked Questions

  • How to get a report on user status change? (active/inactive)
    • In order to check when some user status was changed and who did the change, you need to use the User Change Report, inside the Create Business Data Report tab.
    • This report will bring all the changes done in the UDF (User Directory File) fields, including the status.
    • For further information on User Change report please see this link here.
  • Is it possible to get report on user account changes? (Login Name, Login Method...)

    • You can now run change audit reports to track user account changes, including changes to account status, login name, login method, locale, time zone, account type, global user ID, and person UUID.

    • See details in the Help Guide - Change Audit Reporting for User Account Management

  • How to get a report on Provisioning Changes? 
    • To generate report on Provisioning Changes run the Other Configurations Changes' Audit see details on KB article 2771768 - Other Configuration Changes Audit Report - How to Audit on Provisioning.
    • This Audit report only capture provisioning enabled /disabled features, except the SSO on/off option, in case you need to audit it, kindly raise a case to LOD-SF-PLT-CHA (for support, please see "Internal memo" section of this KBA for your reference).
  • Does the "Other Configuration Changes Audit Report" include changes on all features in Admin Center?
    • The "Other Configuration Changes Audit Report" only captures changes on enable/disable Provisioning features.
    • Some of these provisioning features have been moved to Admin Center to enable from there.
    • To confirm even if the feature is enabled or disabled from Admin center or provisioning it will be captured in the report, this report does not include all admin center changes. 

  • How long the system keep the audits reports in the system?
    • Only audit data within the last 3 years is available. Please see KBA 3286668 - What's the oldest date that can be pulled in Change Audit Report for an instance? 

  • How to Generate a Report on Provisioning's Single Sign-On (SSO) Settings Changes?
    • To generate report on Provisioning Changes run the Other Configuration Changes Audit see details on KBA article 3589513 - SSO System Configuration Change - How to Audit on Single Sign-On (SSO) Settings (1H 2025)
    • These logs capture essential details like the timestamp of the action, the user who made the change, the type of operation (create, update, or delete), and the values of the assertion party records (for create/update operations).
  • Is it possible to have audit on proxy?
    • The General Audit feature covers proxy operation-> Activities Included in General Audit 
    • That aside, it is possible to know when some change was performed by someone who proxied. For example, if some change in the user data was performed by User A, in the report it will be shown if it was performed really by User A or by someone who was proxying as User A.
    • Also, Proxy Assignment Change Report track changes made to proxy assignments, see details in the Help Guide - Proxy Assignment Change Report | SAP Help Portal

  • Is it possible to have audit on people who access determined feature or dashboards?
    • The change audit feature is able to perform audit only on changes made in the system, that have generated a record in the database. When some user simply access some feature, or dashboard, or tile, no record is generated in the database. This way, we don't have audit on this data.

  • Is it possible to have audit on Manage Home Page changes?
    • Currently, there is not any option to audit changes made on Manage Home Page feature.

  • Is it possible to have audit on IP Restriction Management Page changes?
    • With 2H 2025 release, You can now audit changes made on the IP Restriction Management page. A new change audit type called IP Restriction Management is available under Admin Center > Change Audit Reports > Create Configuration Data Report, allowing you to generate reports on modifications to IP restriction settings. see details in the Help Guide - IP Restriction Management Supports Change Audit | SAP Help Portal 
  • Is it possible to have audit on Static RBP groups memberships?
    • Yes. Under Create Configuration Data Report, you can choose the RBP option and select the static group membership from the dropdown. 
  • Does Change Audit Feature respect the RBP permissions to view certain data when showing the report?
    • No. If the users have the necessary permissions to access, view and run change audit reports, they will be able to report on anything user-related on the system, and there will not be any restriction on the data shown in the reports.

  • Is it possible to export the audit logs in .XLS files?
    • No. You can only export the logs in .CSV files. 
    • Sometimes the results of the changing audit are not shown for complete, due to a certain limit of characters. In this case, at the end of the result of the change, will appears three dots indicating that there's more content but is not shown.

  • Is it possible to export the system logs to access them via external data management tools such as SIEM/Splunk?
    • Success Factors' system logs are only accessible via Change Audit Reports. As a Cloud-designed Solution, the logs are generated in a Data Center level, and not for each customer environment. So it's not possible to export the application logs for each customer, neither connect them to external data management tools such as SIEM/Splunk. 

  • Where can I get information on this from the Guide?

    Guide: Change Audit Admin Guide

  • In Create Business Data Report tab, I see only four options. Why don’t I see the options for "Dynamic Teams Data Change" and "Objective and Key Results Data Change"? This simply means that Dynamic Teams has not been enabled yet. To enable it, please follow the instructions in these help guides: Enabling Dynamic Teams and Enabling Objectives and Key Results, and ensure that the necessary permissions are assigned.

Note:

  • Some types of change audit data can take from 8 to 32 hours to be made ready for reporting. Solutions impacted by this delay include: Compensation (except Rewards and Recognition), Performance and Goals (except Continuous Performance Management), Succession and Development (except Mentoring), Employee Profile, User Management, Proxy Management, and Role-Based Permissions. For these solutions, wait for 32 hours after the desired date range before you run the audit report. Otherwise, recent changes may not appear or the report may be blank.

  • Please consider date starting always at the time set as 12:00 a.m, once system take the server time zone.

  • Change audit data for other solutions are not impacted by this delay.

  • Engineering team sets a maximum number of change records for an instance to accommodate the server workload and performance. If you select a date range that has data exceeding the max number in the system, the audit job will fail. As a workaround, please select a smaller date range.

  • For Proxy Audit Reports, "All modules but no access to "****" (***:specifc module name) is displayed when user has selected all modules. If user has selected two or three modules apart from selecting All modules , the report shows the list of modules the user has proxy permission under Permission column in the proxy audit report.
  • With 1H 2024 release, changes made in Manage LanguagesManage Email Notifications, and Manage Support Access are now added in change audit and you can create change audit reports on these changes. You can create change audit reports for the above changes in Admin Center > Change Audit Reports > Create Configuration Data Report >Locales and Customizations, Email Notifications, or Manage Support Access.
  • You can configure retention policy for the new change audit data in Admin Center > Manage Audit Configuration > Audit Retention and they will be purged automatically according to the retention policy. See help guide Other Configuration Changes Audit Report or Creating a Change Audit Report

  • With the 1H 2026 release, Change Audit support is now available for the following Admin Center settings:

    1. Password & Login Policy Settings – Set API Login Exceptions
      (Adding, updating, and deleting API login exceptions)
      Report Path: Change Audit Report → Create Configuration Data Report → IP Restriction Management

    2. OData API Basic Authentication Configuration
      (Modifying access settings — Always, Never, or Restrict to specified IPs — and adding, updating, or removing IP addresses)
      Report Path: Change Audit Report → Create Configuration Data Report → SSO System Configuration Change

    3. Manage OAuth2 Client Applications
      (Registering new client applications, updating existing registrations, enabling/disabling applications, and deleting applications)
      Report Path: Change Audit Report → Create Configuration Data Report → SSO System Configuration Change

    4. Manage Geofences
      (Creating, deleting, activating/deactivating geofences, and updating geofence names or coordinates)
      Report Path: Change Audit Report → Create Configuration Data Report → Other Configuration Changes

See Also

Keywords

SF, success factors, RPT, bizx, biz x, PLT, platform, change audit, audit proxy, active, inactive, provisioning changes, access, dashboards, dash boards, tiles, employee, user, status, login name, login method, locale, time zone, account type, global user ID, person UUID, SIEM, Splunk, system, retention policy , changes , Manage Languages, Manage Email Configurations, and Manage Support Access , Audit Retention , Dynamic Teams Data Change, Objective and Key Results Data Change , KBA , LOD-SF-PLT-CHA , Change Audit , LOD-SF-EC , Employee Central , LOD-SF-PLT-AUDR , Request Audit Report (Not Change Audit) , How To

Product

SAP SuccessFactors HCM Suite all versions