Skip to content

AI-Driven Identity Security Reports

AI-Driven Identity Security recommendation information is included in the following IdentityIQ reports.

  • Access Review Decision Report(LINK IN DOC) – note that the Roles table for this report intentionally does not contain the recommendation columns

  • Access Request Status Report(LINK IN DOC)

  • Advanced Access Review Live Report(LINK IN DOC)

  • Application Owner Access Review Live Report(LINK IN DOC)

  • Certification Activity by Application Report(LINK IN DOC)

  • Manager Access Review Live Report(LINK IN DOC)

  • Role Membership Access Review Live Report(LINK IN DOC)

  • Targeted Access Review Live Report(LINK IN DOC)

  • Work Item Archive Report(LINK IN DOC)

The following columns are included in these access review and certification reports. In live reports, the columns function the same as the other IdentityIQ columns on the Report Layout tab.

Note

These columns are always blank on Policy Violation tables. Access recommendations are not evaluated for policy violations.

  • Recommended Decision

  • Recommendation Timestamp

  • Recommendation Reasons

  • Auto Decision Generated

  • Auto Decision Accepted

For request types that are not supported by access recommendations, the reports return the following:

  • Recommendation – Not Consulted

  • Recommendation Timestamp – Blank

  • Recommendation Reasons – The recommender in use does not support recommendations for this work item type

  • Auto Decision Generated – False

  • Auto Decision Accepted – False

If a recommendation is not found for a line item, the report returns the following:

Recommendation – Not Found

Recommendation Reasons – We do not have a recommendation for this access because the identity was not found within AI-Driven Identity Security

Recommendation Timestamp – Blank

Auto Decision Generated – False

Auto Decision Accepted – False

AI-Driven Identity Security IdentityIQ Console Commands

You can use the IdentityIQ console to view the status of your recommender or to disable access recommendations for this IdentityIQ instance.

These commands are available in the IdentityIQ console after init-ai.xml is imported:

  • reco list – a list of all recommender definitions and their status: In Use, Available, or Unavailable

  • reco use – the name of the recommender to use. If the recommender name contains white spaces, put quotation marks around the name (“Recommender Name”)

  • reco use -- – disable and clear the recommender selection

For more information see IdentityIQ Console(LINK IN DOC).