Viewing Application and Identity Risk Scores
Use the Intelligence > Identity Risk Score page to view individual risk scores for users. The page displays one tab for each risk level defined in IdentityIQ. The risk criteria and number of risk levels are defined during the configuration process.
Use the Intelligence > Application Risk Scores page to view the risk scores associated with each application. This page displays a table that summarizes all of the applications score cards. The score information for each applications is separated into scoring components that were defined when the product was configured.
Identity Risk Scores
Use this page to view individual risk scores for users. The page displays one tab for each risk level defined in IdentityIQ. Click a tab to display a list of all of the users that fall into that risk level.
You can access this page from the navigation menu bar. Go to **Intelligence > Identity Risk Score**s.
Use the Filter options to reduce the number of identities displayed on the list.
-
The Group to filter by dropdown list is contains all of the groups defined for your enterprise when IdentityIQ was configured and is based on attributes use for identity mapping.
-
The Value dropdown list contains all of the values assigned to the selected attribute.
Identity risk scores are determined by weighted scores assigned to components that comprise the individual’s Identity Cube. The identity risk scores table lists the component scores and enables you to identify the areas most at risk and take the appropriate actions.
From the Identity Risk Scores table you can schedule Identity Certifications for any or all identities listed. Identity Certifications are certification requests for identities with risk scores that warrant special attention. For example, a contract database administrator might require more frequent certification than a full-time employee. These do not replace the regularly scheduled certification requests, such as Manager or Application, but are in addition to those certifications.
This Identity Risk Scores table includes the following:
| Column Name | Description |
|---|---|
| Identity selection box | Activate this checkbox to mark this user as one for whom to request an Identity Certification. |
| Name | The login name of the user. Only users with risk scores that fall into the risk band associated with the selected tab are displayed. |
| First Name | The first and last name of the user. |
| Last Name | |
| Composite Score | The total composite risk score for the user. This score is based on risk factors defined when IdentityIQ was configured for your enterprise. |
| Role | The sum of compensated role risk scores as defined when IdentityIQ was configured. |
| Entitlement | The sum of compensated entitlement scores as defined when IdentityIQ was configured. |
| Policy | The sum of compensated risk scores associated with policy violations as defined when IdentityIQ was configured. |
| Certification | The sum of compensated risk scores associated with certifications as defined when IdentityIQ was configured. |
Click a user in the table to open the View Identity page. The View Identity page contains individual Identity Cube risk information. Identity Cubes are multidimensional data models of identity information that offer a single, logical representation of each managed user. Each Cube contains information about user entitlements, associated context and historical records of user access configurations and activity.
Application Risk Scores
Use this page to view the risk scores associated with each application. You can access this page from Intelligence > Application Risk Scores.
This page displays a table summarizing all of the applications score cards. The score information for each applications is broken down by the scoring components defined when the product was configured. The first column in the table contains the composite risk score for the application. The composite score is calculated by combining the compensated scores of the individual components.
Click an application in the table to display the Edit Application page. Click the Risk tab to view the latest score card for the application.
The algorithms used by the Refresh Application Scoring task to update this page are defined on the Application Risk page.
All scores are calculated by first determining the percentage of accounts that have the qualities tested by the component score. For example, if 10 out of 100 accounts are flagged as service accounts, then the raw percentage is ten percent (.10). This number is then multiplied by a sensitivity value which can be used to increase or decrease the impact of the original percentage. The default sensitivity value is 5 making the adjusted percentage fifty percent (.50). This final percentage is then applied to the score range of 1000 resulting in a component score of 500.
After the component score is calculated, a weight or compensating factor is applied to each component score to determine the amount each will contribute to the overall risk score for the application. For example, a few violator accounts might increase risk more than many inactive accounts.
Service, Inactive, and Privileged component scores look for links that have a configured attribute. For example, the component service with a configured value true.
The Dormant Account score looks for a configured attribute that is expected to have a date value, for example lastLogin. This algorithm has an argument, daysTillDormant, that defaults to thirty (30). If the last login date is more than thirty (30) days prior to the current date, the account is considered dormant and is factored into the risk score.
The Risky Account score looks for links whose owning identity has a composite risk score greater than a configured threshold. The default threshold is five hundred (500).
The Violator Account score looks for links whose owning identity has a number of policy violations greater than a a configured threshold. The default threshold is ten (10).