AI-Driven Identity Security Reports and Console Commands

AI-Driven Identity Security Reports

AI-Driven Identity Security recommendation information is included in the following IdentityIQ reports.

• Access Review Decision Report – note that the Roles table for this report intentionally does not contain the recommendation columns

• Access Request Status Report

• Advanced Access Review Live Report

• Application Owner Access Review Live Report

• Certification Activity by Application Report

• Manager Access Review Live Report

• Role Membership Access Review Live Report

• Targeted Access Review Live Report

• Work Item Archive Report

The following columns are included in these access review and certification reports. In live reports, the columns function the same as the other IdentityIQ columns on the Report Layout tab.

Note

These columns are always blank on Policy Violation tables. Access recommendations are not evaluated for policy violations.

• Recommended Decision

• Recommendation Timestamp

• Recommendation Reasons

• Auto Decision Generated

• Auto Decision Accepted

For request types that are not supported by access recommendations, the reports return the following:

• Recommendation – Not Consulted

• Recommendation Timestamp – Blank

• Recommendation Reasons – The recommender in use does not support recommendations for this work item type

• Auto Decision Generated – False

• Auto Decision Accepted – False

If a recommendation is not found for a line item, the report returns the following:

Recommendation – Not Found

Recommendation Reasons – We do not have a recommendation for this access because the identity was not found within AI-Driven Identity Security

Recommendation Timestamp – Blank

Auto Decision Generated – False

Auto Decision Accepted – False

AI-Driven Identity Security IdentityIQ Console Commands

You can use the IdentityIQ console to view the status of your recommender or to disable access recommendations for this IdentityIQ instance.

These commands are available in the IdentityIQ console after init-ai.xml is imported:

• reco list – a list of all recommender definitions and their status: In Use, Available, or Unavailable

• reco use <Recommender_Name> – the name of the recommender to use. If the recommender name contains white spaces, put quotation marks around the name (“Recommender Name”)

• reco use -- – disable and clear the recommender selection

For more information see IdentityIQ Console.