Administration Reports
Capabilities to Identities Report
The Capabilities to Identities Report displays a list of the identities assigned to each capability defined in your enterprise.
The detailed results of this report can be exported to a CSV or PDF file.
The Capabilities to Identities Report consists of the following sections:
-
Capability Properties – these options are described in the table below
All reports use a set of standard properties for basic information such as naming and descriptions, and for setting controls, such as scoping and requiring sign-off.
You must enter the following before running this report:
- Name
For step by step instructions on creating or editing a report, see Working With Reports.
Capabilities Properties
The following criteria determines what information is included in this report. You can use any combination of options to build a report.
Note
Selecting NO options from a list indicates that ALL options in the list are included in the report.
| Option | Description |
|---|---|
| Capabilities | The capabilities to include in the report. |
| Exclude Indirect Capabilities | Do not include identities that have the capability assigned indirectly, through a workgroup. |
| Exclude Workgroups | Do not include workgroups in the report results. |
Connectivity Information Report
The Connectivity Information Report displays all of the information collected about application configurations and statistics that match the specified criteria.
This report collects the following information:
-
Application configuration attributes and schema from Application xml
-
Last aggregation run time for all type of aggregations such as, Account aggregation, Group aggregation, and Delta aggregation
-
Average time taken for all type of aggregations
-
Schedule frequency for all type of aggregations
-
Provisioning operations statistics such as, number of create, update, and change password
-
Total accounts and groups
-
Maximum and average entitlements per account
-
Maximum and average members per group
Note
Remove sensitive data before exporting.
The detailed results of this report can be exported to a CSV or PDF file.
The Connectivity Information Report consists of the following sections:
-
Application Filter
-
Attributes Filter
All reports use a set of standard properties for basic information such as naming and descriptions, and for setting controls, such as scoping and requiring sign-off.
You must enter the following before running this report:
- Name
For step by step instructions on creating or editing a report, see Working With Reports.
Application Filter
Specify applications to exclude from this report. You can exclude applications by type or name. For excluded application, only statistical information is collected. Application configuration details are ignored for excluded applications.
Attribute Filter
Specify attributes to exclude from this report. The values of the application attributes displayed in the list are not included in the report.
Detailed Provisioning Transaction Object Report
The Detailed Provisioning Transaction Object Report displays information reflected in the Administrator Console's Provisioning Transactions table, down to the attribute level of detail. In the Administrator Console UI page (Gear menu > Administrator Console), clicking the information button on a given transaction displays these details for that individual line item. This report displays the data in a report format, across multiple transactions at once. For more information on the Provisioning Transaction Table, see Manage Provisioning Transaction Results.
The detailed results of this report can be exported to a CSV or PDF file.
The Detailed Provisioning Transaction Object Report consists of the following sections:
-
Provisioning Transaction Properties – these options are described in the table below
All reports use a set of standard properties for basic information such as naming and descriptions, and for setting controls, such as scoping and requiring sign-off.
You must enter the following before running this report:
- Name
For step by step instructions on creating or editing a report, see Working With Reports.
Provisioning Transaction Properties
The following criteria determines what information is included in this report. You can use any combination of options to build a report.
Note
Selecting NO options from a list indicates that ALL options in the list are included in the report.
| Option | Description |
|---|---|
| Application | The applications list to include in this report. Click the arrow to the right of the suggestion field to display a list of all applications, or enter a few letters in the field to display a list of applications that start with that letter string. |
| Identities | The identities list to include in this report. Click the arrow to the right of the suggestion field to display a list of all identities, or enter a few letters in the field to display a list of identities that start with that letter string. |
| Channel | Include provisioning transactions which have been processed through one of the specified write channels (e.g. connector or integration). Click the arrow to the right of the suggestion field to display a list of all available channels, or enter a few letters in the field to display a list of channels that start with that letter string. |
| Account | Limit returned provisioning transactions to those with the account display name begins with value entered in this field. |
| Event | The events list to include in this report (such as Create, Modify, Disable, etc.) Click the arrow to the right of the suggestion field to display a list of all available events, or enter a few letters in the field to display a list of events that start with that letter string. |
| Source | The source list to include in this report. Click the arrow to the right of the suggestion field to display a list of all available sources, or enter a few letters in the field to display a list of sources that start with that letter string. |
| Status | The status list to include in this report, such as Failed, Success, or Pending. Click the arrow to the right of the suggestion field to display a list of all available statuses, or enter a few letters in the field to display a list of statuses that start with that letter string. |
| Type | Select Manual or Auto to limit the results of this report by transaction type. Auto means the original provisioning request was (or is being) processed by a connector or integration. Manual means a manual work item was created to manage the provisioning request because the target application is not connected to an automated write channel. |
| Transaction Initiation Date | Limit the report results by date range. |
| Overridden | Include only transactions which have previously failed but have been overridden by creating a manual work item to have it processed outside of IdentityIQ's automated provisioning channels. Once a transaction has failed with a non-retryable error, a manual work item is the only option for processing the provisioning request through a channel that IdentityIQ will track. |
Environment Information Report
The Environment Information Report gives detailed information about user activity on each application. Count statistics are provided for a number of IdentityIQ objects: identities, applications, accounts, work items, identity requests, workgroups, certifications, task schedules, roles, policies, and entitlement catalog. Note that for these objects the value column shows counts of objects. Individual identity data is not included in this report, to ensure that privacy requirements are met if the report needs to be shared.
The Environment Information Report also shows information about your IdentityIQ environment, such as database type, version and driver, JDBC drivers and hosts, processor details, and IdentityIQ version.
The Environment Information Report consists of the following sections:
All reports use a set of standard properties for basic information such as naming and descriptions, and for setting controls, such as scoping and requiring sign-off.
There are no filter options for this report. It always reports the full set of environment data. You must enter the following before running this report:
- Name
For step by step instructions on creating or editing a report, see Working With Reports.
Identity to Capabilities Report
The Identity to Capabilities Report displays a list of the capabilities assigned to each identity in your enterprise.
The detailed results of this report can be exported to a CSV or PDF file.
The Capabilities to Identities Report consists of the following sections:
-
Identity Properties – these are described in the table below
All reports use a set of standard properties for basic information such as naming and descriptions, and for setting controls, such as scoping and requiring sign-off.
You must enter the following before running this report:
- Name For step by step instructions on creating or editing a report, see Working With Reports.
Identity Properties
The following criteria determines what information is included in this report. You can use any combination of options to build a report.
Note
Selecting NO options from a list indicates that ALL options in the list are included in the report.
| Option | Description |
|---|---|
| Identities | The identities to include in the report. |
| Include Empty Capabilities | Include identities that have no assigned capabilities. |
| Exclude Indirect Capabilities | Do not include capabilities assigned through workgroups in the report results. |
| Exclude Workgroups | Do not include workgroups in the report results. |
Mitigation Report
This report lists policy exceptions that have been allowed in the system. It can be used to review the mitigation decisions made by a given actor, to see the exceptions allowed for certain people or against certain roles, or to review exceptions that are set to expire by a given date.
The detailed results of this report can be exported to a CSV or PDF file.
The Mitigation Report consists of the following sections:
-
Mitigation Properties – these are described in the table below
All reports use a set of standard properties for basic information such as naming and descriptions, and for setting controls, such as scoping and requiring sign-off.
You must enter the following before running this report:
- Name
For step by step instructions on creating or editing a report, see Working With Reports.
Mitigation Properties
The following criteria determines what information is included in this report. You can use any combination of options to build a report.
Note
Selecting NO options from a list indicates that ALL options in the list are included in the report.
| Option | Description |
|---|---|
| Expiration Date | The expiration limit on the exception. Exceptions that expire on dates up to and including the selected date are included in this report. You can enter the date manually, or click the [...] icon to select a date from the calendar. |
| Identities | The identities list to include in this report. If no identities are specified, mitigation for all identities are included. Click the arrow to the right of the suggestion field to display a list of all identities, or enter a few letters in the field to display a list of identities that start with that letter string. |
| Actors | The manager (mitigator) list to include in this report. If no managers are specified, mitigations for all managers are included. Click the arrow to the right of the suggestion field to display a list of all managers, or enter a few letters in the field to display a list of managers that start with that letter string. |
| Business Roles | The roles list to include in this report. If no roles are specified, mitigation on all roles are included. Click the arrow to the right of the suggestion field to display a list of all roles, or enter a few letters in the field to display a list of roles that start with that letter string. |
Provisioning Transaction Object Report
The Provisioning Transaction Object Report shows data reflected in the Administrator Console's Provisioning Transactions table. This report captures the summary level of transaction data, which is the same level of information displayed in the Provisioning Transaction table in the UI. For more information on the Provisioning Transaction Table, see Manage Provisioning Transaction Results.
The Provisioning Transaction Object Report consists of the following sections:
-
Provisioning Transaction Properties – these are described in the table below
All reports use a set of standard properties for basic information such as naming and descriptions, and for setting controls, such as scoping and requiring sign-off.
You must enter the following before running this report:
- Name
For step by step instructions on creating or editing a report, see Working With Reports.
Provisioning Transaction Properties
The following criteria determines what information is included in this report. You can use any combination of options to build a report.
Note
Selecting NO options from a list indicates that ALL options in the list are included in the report.
| Option | Description |
|---|---|
| Application | Shows only provisioning transactions which impact one of the specified applications. Click the arrow to the right of the suggestion field to display a list of all applications, or enter a few letters in the field to display a list of applications that start with that letter string. |
| Identities | The identities list to include in this report. Click the arrow to the right of the suggestion field to display a list of all identities, or enter a few letters in the field to display a list of identities that start with that letter string. |
| Channel | The channels list to include in this report. Click the arrow to the right of the suggestion field to display a list of all available channels, or enter a few letters in the field to display a list of channels that start with that letter string. |
| Account | Limit returned provisioning transactions to those with the account display name begins with value entered in this field. |
| Event | The events to include in this report, such as Create, Modify, Disable, etc. Click the arrow to the right of the suggestion field to display a list of all available events, or enter a few letters in the field to display a list of events that start with that letter string. |
| Source | List only transactions which came from one of the selected sources in IdentityIQ (e.g. LCM, Identity Refresh, etc.). Click the arrow to the right of the suggestion field to display a list of all available sources, or enter a few letters in the field to display a list of sources that start with that letter string. |
| Status | The status list to include in this report. Click the arrow to the right of the suggestion field to display a list of all available statuses, or enter a few letters in the field to display a list of statuses that start with that letter string. |
| Type | Select Manual or Auto to limit the results of this report by transaction type. Auto means the original provisioning request was (or is being) processed by a connector or integration. Manual means a manual work item was created to manage the provisioning request because the target application is not connected to an automated write channel. |
| Transaction Initiation Date | Limit the report results by date range. |
| Overridden | Include only transactions which have previously failed but have been overridden by creating a manual work item to have it processed outside of IdentityIQ's automated provisioning channels. Once a transaction has failed with a non-retryable error, a manual work item is the only option for processing the provisioning request through a channel IdentityIQ will track. |
Revocation Live Report
This report shows all access revocation requests made in access reviews which meet the filter criteria and the current status of the revocation (open or finished). It also shows information about the revocation request such as who requested it, how the request was (or is being) revoked, the name of the person processing the revoke (for work item revocations only), the access request ID (for queued automated requests on some systems), the Identity from whom the access has been revoked, and any comments entered by the requester. It also includes the expiration date of the certification in which it was revoked, along with identifying information about which specific entitlement or role was revoked.
The detailed results of this report can be exported to a CSV or PDF file.
The Revocation Live Report consists of the following sections:
-
Certification Item Properties – these are described in the table below
You must enter the following before running this report:
- Name
For step by step instructions on creating or editing a report, see Working With Reports.
Certification Items Properties
The following criteria determines what information is included in this report. You can use any combination of options to build a report.
Note
Selecting NO options from a list indicates that ALL options in the list are included in the report.
| Option | Description |
|---|---|
| Creation Start and End Date(s) | The certification creation date range. The report includes all revocation information for certifications create on or after the start date and on or before the end date. You can enter the date manually, or click the [...] icon to select a date from the calendar. |
| Signed Start and End Date(s) | The certification signed off on date range. The report includes all revocation information for certifications signed off on, on or after the start date and on or before the end date. You can enter the date manually, or click the [...] icon to select a date from the calendar. |
| Due Start and End Date(s) | The certification due date range. The report includes all revocation information for certifications due on or after the start date and on or before the end date. You can enter the date manually, or click the [...] icon to select a date from the calendar. |
| Applications | Select the applications to include in the report. If no applications are specified, all applications are included. Click the arrow to the right of the suggestion field to display a list of all applications, or enter a few letters in the field to display a list of applications that start with that letter string. |
| Group | Select the groups to include in this report. Click the arrow to the right of the suggestion field to display a list of all groups, or enter a few letters in the field to display a list of groups that start with that letter string. |
| Certification Tags | To filter access reviews based on their tags, select one or more tags. If multiple tags are selected, only access reviews that match all selected tags are included in this report. |
| Certification Group | The manager certifications to include in this report. |
Work Item Archive Report
This report shows the current status of work items in the system. It can report on active work items, archived work items or both (depending on the Included Work Items filter). It shows the requester, work item owner, type, current state, number of reminders and escalations that have occurred for it, and its current status.
The detailed results of this report can be exported to a CSV or PDF file.
The Work Item Archive Report consists of the following sections:
-
Work Item Properties – these are described in the table below
All reports use a set of standard properties for basic information such as naming and descriptions, and for setting controls, such as scoping and requiring sign-off.
You must enter the following before running this report:
- Name
For step by step instructions on creating or editing a report, see Working With Reports
Work Item Properties
The following criteria determines what information is included in this report. You can use any combination of options to build a report.
Note
Selecting NO options from a list indicates that ALL options in the list are included in the report.
| Option | Description |
|---|---|
| Owners | The owners of the work items. Only work items belonging to the selected owners are included in the report. Click the arrow to the right of the suggestion field to display a list of all owners, or enter a few letters in the field to display a list of owners that start with that letter string. |
| Requestors | The requestors of the work items. Only work items requested by the selected requestors are included in the report. Click the arrow to the right of the suggestion field to display a list of all requestors, or enter a few letters in the field to display a list of requestors that start with that letter string. |
| Work Items Priority | The priority assigned by the requestor of the work item. |
| Work Items Type | The work item types to include in this report. Only work items of the type selected are included in the report. Use the Shift and Ctrl buttons to select multiple types. |
| Work Item State | The state of the work items to include in this report. Only work items in the selected states are included in the report. Use the Shift and Ctrl buttons to select multiple states. |
| Included Work Items | Choose to include active or archived work items in the report. |
| Minimum Reminders | The minimum number of sent reminders that a work item must be associate with before it is included in this report. |
| Maximum Reminders | The maximum number of sent reminders that a work item can be associated with and still be included in this report. |