We are using Oracle ATP Database along with Oracle Integration Cloud to implement our integrations with Fusion Apps. We are using a custom schema in ATP database for this purpose. Our schema is configured as following.

Properties:
Graph - Enabled
Web Access - Enabled
Authorization Required - Disabled

Grants:
Connect, DWRole, Gather_System_Statistics, Graph_Developer, Resource, Select_Catalog_Role

This user was initially setup with password lifetime as 360 days.

We were able to use this user effectively since our last password rotation. After recent password change, we see that the user is getting locked multiple times and we are facing "ORA-28000: The account is locked" in our integrations.

Upon checking "unified_audit_trail" table, we could see odosvc (OS User) is trying to authenticate multiple times with different sessions. We have no clue about this user as we have no other applications except OIC hosted in our cloud tenant.

For now, we were able to avoid account locking issue by updating user profile with "FAILED_LOGIN_ATTEMPTS UNLIMITED". But, the "unified_audit_trail" table shows "ORA-1017" error code.

We are unable to find how and why the OS User sessions are coming back again and again and how to update the credentials in the sessions.

Please, can you let us know if you have any clue on this?

Here is the complete information from audit_trail table

AUDIT_TYPE, SESSIONID, PROXY_SESSIONID, OS_USERNAME, USERHOST, TERMINAL, INSTANCE_ID, DBID, AUTHENTICATION_TYPE, DBUSERNAME, DBPROXY_USERNAME, EXTERNAL_USERID, GLOBAL_USERID, CLIENT_PROGRAM_NAME, DBLINK_INFO, XS_USER_NAME, XS_SESSIONID, ENTRY_ID, STATEMENT_ID, EVENT_TIMESTAMP, EVENT_TIMESTAMP_UTC, ACTION_NAME, RETURN_CODE, OS_PROCESS, TRANSACTION_ID, SCN, EXECUTION_ID, OBJECT_SCHEMA, OBJECT_NAME, SQL_TEXT, SQL_BINDS, APPLICATION_CONTEXTS, CLIENT_IDENTIFIER, NEW_SCHEMA, NEW_NAME, OBJECT_EDITION, SYSTEM_PRIVILEGE_USED, SYSTEM_PRIVILEGE, AUDIT_OPTION, OBJECT_PRIVILEGES, ROLE, TARGET_USER, EXCLUDED_USER, EXCLUDED_SCHEMA, EXCLUDED_OBJECT, CURRENT_USER, ADDITIONAL_INFO, UNIFIED_AUDIT_POLICIES, FGA_POLICY_NAME, XS_INACTIVITY_TIMEOUT, XS_ENTITY_TYPE, XS_TARGET_PRINCIPAL_NAME, XS_PROXY_USER_NAME, XS_DATASEC_POLICY_NAME, XS_SCHEMA_NAME, XS_CALLBACK_EVENT_TYPE, XS_PACKAGE_NAME, XS_PROCEDURE_NAME, XS_ENABLED_ROLE, XS_COOKIE, XS_NS_NAME, XS_NS_ATTRIBUTE, XS_NS_ATTRIBUTE_OLD_VAL, XS_NS_ATTRIBUTE_NEW_VAL, DV_ACTION_CODE, DV_ACTION_NAME, DV_EXTENDED_ACTION_CODE, DV_GRANTEE, DV_RETURN_CODE, DV_ACTION_OBJECT_NAME, DV_RULE_SET_NAME, DV_COMMENT, DV_FACTOR_CONTEXT, DV_OBJECT_STATUS, OLS_POLICY_NAME, OLS_GRANTEE, OLS_MAX_READ_LABEL, OLS_MAX_WRITE_LABEL, OLS_MIN_WRITE_LABEL, OLS_PRIVILEGES_GRANTED, OLS_PROGRAM_UNIT_NAME, OLS_PRIVILEGES_USED, OLS_STRING_LABEL, OLS_LABEL_COMPONENT_TYPE, OLS_LABEL_COMPONENT_NAME, OLS_PARENT_GROUP_NAME, OLS_OLD_VALUE, OLS_NEW_VALUE, RMAN_SESSION_RECID, RMAN_SESSION_STAMP, RMAN_OPERATION, RMAN_OBJECT_TYPE, RMAN_DEVICE_TYPE, DP_TEXT_PARAMETERS1, DP_BOOLEAN_PARAMETERS1, DIRECT_PATH_NUM_COLUMNS_LOADED, RLS_INFO, KSACL_USER_NAME, KSACL_SERVICE_NAME, KSACL_SOURCE_LOCATION, PROTOCOL_SESSION_ID, PROTOCOL_RETURN_CODE, PROTOCOL_ACTION_NAME, PROTOCOL_USERHOST, PROTOCOL_MESSAGE

Standard 1783349562 0 odosvc 2f4e774d-b784-425b-b117-40b4e3fa3c28-ms2.dpapp.oic.oraclevcn.com unknown 2 3030477604 (TYPE=(DATABASE));(CLIENT ADDRESS=((PROTOCOL=tcps)(HOST=10.11.96.19)(PORT=18196))); YLPOICPROD JDBC Thin Client 1 1 09-JUL-23 11.26.21.791983000 PM 10-JUL-23 06.26.21.791983000 AM LOGON 1017 69935 0000000000000000 39930936690021 YLPOICPROD DB_UNIQUE_NAME="eep1pod"; ORA_LOGON_FAILURES
Standard 3440882794 0 odosvc 2f4e774d-b784-425b-b117-40b4e3fa3c28-ms1.dpapp.oic.oraclevcn.com unknown 2 3030477604 (TYPE=(DATABASE));(CLIENT ADDRESS=((PROTOCOL=tcps)(HOST=10.11.92.206)(PORT=44678))); YLPOICPROD JDBC Thin Client 1 1 09-JUL-23 11.26.21.662271000 PM 10-JUL-23 06.26.21.662271000 AM LOGON 1017 69902 0000000000000000 39930936689736 YLPOICPROD DB_UNIQUE_NAME="eep1pod"; ORA_LOGON_FAILURES