<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Find Password Reset Event Performed by an Admin
Jun 27, 2025
Administration
Okta Classic Engine
Okta Identity Engine
Overview

This article details how to find a password reset event or a temporary password being generated by an administrator.

Applies To
  • System Logs
Solution

The system logs can be queried for past events to create a query depending on the use case. 

  1. The following system log query is for a temporary password that is generated for a user on the Admin Console:
    • eventType eq "user.account.update_password"
  2. The following system log query is for a password reset event in which an email is sent to the end user after selecting the option in the Admin Console.
    • eventType eq "user.account.reset_password"
  3. Self Service Password reset events can be seen in the logs if the Actor performing the action is "Okta System (SystemPrincipal)".
    • eventType eq "user.account.reset_password"
  4. If the Actor field lists an administrator account, then the reset was performed by the Administrator on the Admin Console. 

Related References

Recommended content

Still looking for help?
Loading
Find Password Reset Event Performed by an Admin