Privileged Access Report

This report lists accounts that are marked as privileged accounts on the selected application(s), specifically the display name of those accounts. It also shows the identity to which the account is linked, the identity's manager, and the risk score assigned to the identity. This report returns a list of all accounts meeting the specified criteria. To make this function as a privileged access report, an account attribute must be defined for the installation to designate privileged accounts, and that attribute and privileged-account-designating value must be specified as a filter criterion for the report.

The detailed results of this report can be exported to a CSV or PDF file.

The Privileged Access Report consists of the following sections:

Standard Report Properties
Privileged Account Attributes
Account Applications
Identity Attributes
Identity Extended Attributes
Report Layout

All reports use a set of standard properties for basic information such as naming and descriptions, and for setting controls, such as scoping and requiring sign-off.

You must enter the following before running this report:

Name
At least one Privileged Account Attribute

For step by step instructions on creating or editing a report, see Working With Reports.

Privileged Account Attributes

The Privileged Account Attributes age of filter criteria shows all defined account attributes, which vary by installation. The report creator must choose the attributes and values that designate a privileged account for the system. Note that if additional account attributes are selected on this filter page, this report will be constrained to show only accounts meeting those criteria, which could make this report something other than a "privileged access" report.

Note: Selecting NO options from a list indicates that ALL options in the list are included in the report.

Note: Use the Shift and Crtl keys to select multiple items from lists.

Account Applications

Note: Selecting NO options from a list indicates that ALL options in the list are included in the report. Use the Shift and Crtl keys to select multiple items from lists.

Option	Description
Applications	Select the applications to include in the report. If no applications are specified, all applications are included. Click the arrow to the right of the suggestion field to display a list of all applications, or enter a few letters in the field to display a list of applications that start with that letter string.

Option

Description

Applications

Select the applications to include in the report. If no applications are specified, all applications are included.

Click the arrow to the right of the suggestion field to display a list of all applications, or enter a few letters in the field to display a list of applications that start with that letter string.

Identity Attributes

The following criteria determines what information is included in this report. You can use any combination of options to build a report.

Note: Selecting NO options from a list indicates that ALL options in the list are included in the report. Use the Shift and Crtl keys to select multiple items from lists.

Option	Description
First Name	Input the first name of the identity you wish the report to include. For example, if you input "John" in the field, the report includes information on identities whose first name is John.
Last Name	Input the last name of the identity you wish the report to include. For example, if you input "Smith" in the field, the report includes information on identities whose last name is Smith.
Display Name	Input the display name of the identity you wish the report to include. For example, if you input "John_Smith" in the field, the report includes information on identities whose display name is John_Smith.
Email	Input the email address of the identity you wish the report to include. For example, if you input "John@email.com" in the field, the report includes information on identities whose email address is name is John@email.com.
Manager	The manager list to include in this report. Only users who report to the selected managers are included in the report. Click the arrow to the right of the suggestion field to a list of all managers, or enter a few letters in the field to display a list of managers that start with that letter string.
Inactive	Choose how the report handles inactive users. Select No selection to include both inactive and active users, True to include only inactive users, or False to not include inactive users.

Identity Extended Attributes

You can use the identity extended attributes that have been defined for your installation as criteria for this report. Because these are custom-defined attributes, the specific criteria options you have here will be specific to your own installation of IdentityIQ. Any identity extended attributes defined as searchable or as multi-valued are included as possible filters for the report.