Viewing Access History
This document describes how to view historical access data for your identities with Access History, part of SailPoint's Access Insights service.
About Access History
The SailPoint Identity Platform uses historical access analytics to provide a richer experience and understanding of access transactions for individual identities. You can view access history in different ways and quickly identify abnormal access, validate that changes in access occur as you expect, and identify access that may need to be removed for an identity. Your data source—for example, IdentityNow or IdentityIQ—determines the types of access available to view.
To view Access History, click Admin > Identities > Access History in the SailPoint interface. Use Access History's top navigation to access the following:
- Access History - A timeline of access events, including detailed information about change events for an identity.
- Compare Access - A calendar to compare the difference in access between two dates, including details about what was added and removed during that time
- View Profile - A view of identity attributes
To follow the principal of least privilege in your IdentityNow system, grant report admin user level permissions to employees that you want to have view access to the Access History and Data Explore interfaces. For more information, see Report Admin User Level.
Searching for Identities
The Access History identity list presents the 20 identities in your organization with the most recent access changes. The list includes active, inactive, and deleted identities. Having access to historical data for inactive or deleted identities can be helpful for auditing purposes.
To view access information for an identity, complete the following steps in the Access History interface:
Use one of the following methods to find a specific identity:
Start entering an identity name in the Search Identities box
Scroll through the list of identities
Select the identity name.
Viewing Access Changes in the Access History Timeline
The Access History page highlights an identity's access changes, displays general information about access items, and provides a record of change events.
Click Access History in the top navigation to see the Access History page.
Finding Access Changes
Use the Access Changes panel to navigate changes by month or day as follows:
Click on an identity name. The Access History page for that identity displays.
Click Month or Day to change the scope of the timeline.
Use the arrows to scroll through the timeline. A node outlined in blue indicates a change occurred during that month or day. Gray indicates no change.
Click a blue node to view the timestamp for each change in a drop-down menu.
Select a timestamp to view details about that specific change in the Access Items and Event Timeline sections below.
Reviewing Access Items
After selecting a timestamp, the Access Items panel displays tiles with counts for Accounts, Entitlements, and Roles. If you have IdentityNow as a data source, you'll also see tiles for Access Profiles and Apps.
Use the Access Items panel to review access items as follows:
Click the tile for an access item type to view the list of relevant access items. For example, click the Accounts tile to see a list of accounts that an identity had access to on the day of the selected timestamp.
Click the tile again to collapse the view.
Reviewing the Event Timeline
In the Event Timeline panel, you can scroll through a chronological list of all access changes that were made to the identity on the day of the selected timestamp, as well as any other changes leading up to that time.
The following changes are displayed in the event timeline:
- Governance events such as certifications and access requests
- Access items added or removed, along with information about the related governance event
- Attribute changes for accounts and identities
There are a couple ways to change what you see in the Event Timeline:
Click Filter to filter the timeline by specific access items (added, removed, or all), access requests, certifications, or attribute changes.
Click Requested Items to view an expanded list of access requests, along with general information such as description, approver, and decision.
Comparing Access Over Time
Use the Compare Access page to view all access changes for an identity between two dates. Click Compare Access in the top navigation to see the Compare Access page.
To compare access over time for an identity, complete the following steps:
Click on an identity name.
Click Compare Access in the top navigation.
Under Date Compare Access, enter two dates.
The Compare Access Details panel displays tiles with counts for Accounts, Entitlements, and Roles that were added or removed. If you have IdentityNow as a data source, you'll also see tiles for Access Profiles and Apps.
Compare Access only shows details if access changes occurred, so if you compare two dates and see only zero counts in the tiles then no change occurred between those dates.
Click on a tile to see a detailed side-by-side comparison about what access was added or removed in the area below the tiles.
For example, the expanded Access Profiles list below shows that between April 1 and April 30 this employee's Netherlands access profiles were removed and U.S. access profiles were added. This likely indicates that the employee transferred from the Netherlands location to the U.S. location during this time.
To find out exactly when such a change occurred, you could navigate to Access History and click the timestamp associated with April change events.
Viewing Identity Profile Attributes
You can view the specific attributes associated with an identity as follows:
Click on an identity name.
Click View Profile in the top navigation to see identity attributes such as job title, department, country, and usage location.
Visualizing Data with Data Explore
This document describes how to track and visualize data about your governance environment over time with Data Explore, part of SailPoint's Access Insights service.
About Data Explore
Making data-informed decisions is crucial to running an effective and innovative identity governance program. Data Explore puts all of your organization's identity data at your fingertips, making it easy to:
Monitor new governance-focused metrics across your organization
Generate and share interesting insights and knowledge with leadership
Present historical data for post-event analysis and reporting
To access Data Explore, click Admin > Dashboard > Data Explore in the SailPoint interface. Use Data Explore's top navigation to access the following:
Sources - A list of tables representing the columns of data being tracked, and parameters available for querying
Charts - A space to create queries and generate visualizations based on the query results
Dashboards - A set of visualizations, including prebuilt and custom combinations of charts
To follow the principle of least privilege in your IdentityNow system, grant report admin user-level permissions to employees that you want to have view access to the Access History and Data Explore interfaces. For more information, see Report Admin User Level.
Exploring Data in Tables
The tables available in Data Explore represent your SailPoint Identity Platform data source. Tables are defined and maintained by SailPoint.
To explore your tables and see how they affect what can be displayed in visualizations:
In Data Explore, click Sources > Tables to see the list of tables available for your data source.
Use the tabs on the Show Table page to determine how your data is exposed and define the fields available in the Charts interface.
Detail - Provides detailed information about the table.
Columns - Lists table columns and provides selectable parameters that define the fields you see in the Charts page.
For example, if the Filterable and Is temporal parameters are both checked for a column, it will be available for filtering when choosing a query time period in the Charts interface. See Creating Charts for more information.
Metrics - Displays the metrics available to you when querying the table. Metrics define the value axis for a visualization, so you can see what type of data to expect in a visualization.
For example, the following images show the
COUNT(*)metric and how it is expressed in the Top 10 Departments chart. Because
COUNT(*)is the only metric available, you can only view departments by number count. If multiple metrics exist for a table, you can sort by multiple metrics in your chart. You cannot add or remove metrics.
Charts are generated from the results of a query, so you'll need to start by creating a query based on the subset or "slice" of data you're interested in.
Your query becomes a chart only after you build a visualization and save it. A chart is a saved query paired with a visualization.
To create a query and generate a visualization for it:
Click Sources > Tables to see the tables available for querying. See Exploring Data in Tables for more information.
Navigate to the query page. You can start a query in a couple ways:
Go to Sources > Tables, and click on a table entry in the list.
Both ways bring you to the same query / visualization page you use to create charts.
a. On the Data tab, adjust the Visualization Type and Query options. The available query options depend on the type of visualization you choose.
b. On the Visual Properties tab, adjust visualization properties like color and timestamp format.
d. Click Run Query to refresh the visualization after you change the type and query options.
When you have finished creating the visualization, click Save to enter a chart name and optionally add the chart to a dashboard.
If you don't add the chart to a dashboard at this time, it will be available on the Charts page (along with any other charts you have saved), for ad hoc analysis or to be included in a dashboard later. See Displaying Charts in Dashboards for more information.
Working with Charts
Click Charts to access the Charts page which displays a list of all the charts you have saved.
Here, you can work with charts as follows:
- Filter the chart list
- Click on a chart name to go to the query / visualization page
- Inspect and edit chart details
- Delete charts
Displaying Charts in Dashboards
You can create dashboards that include multiple charts to provide a more complete and personalized view of your data. The information in each chart automatically refreshes every time you access a dashboard that includes that chart.
To see a list of existing dashboards, click Dashboards in Data Explore.
A dashboard can only be edited by its creator, but you can save a copy of any dashboard with a different name and then make changes to the new dashboard.
Exploring Prebuilt Dashboards
Data Explore comes with prebuilt dashboards to provide you with a clear and comprehensive view of key governance data across your organization.
Your organization's configuration determines the data available for display and the available filters, so you might not see data in all of the charts in a prebuilt dashboard.
To explore prebuilt dashboards, click Dashboards, then click on either Employee Dashboard, Request Statistics, or Certification Statistics.
You can click on any chart in a dashboard to dive deeper into the individual chart's query and adjust the chart settings. See Creating Charts for more information.
The Employee dashboard provides a snapshot of your core identity data and allows you to dynamically filter by identity attributes.
For example, filter by Finance for department and San Francisco for location to see how many new identities have been added in the last quarter to the San Francisco office's Finance department or see the top roles held by identities in that department and location.
This dashboard includes the following charts:
- Number of identities
- New identities by quarter
- Accounts by source
- Employees by department by location
- Employees by location by title
- Employees by state
- Top job titles
- Top roles
- Launchpad apps
- Top access profiles
- Top entitlements
Request Statistics Dashboard
The Request Statistics dashboard provides a number of views into your request activity, such as application, entitlement, and role requests by popularity, location, and department.
For example, you can see your organization's most-requested applications to inform IT investment decisions or help determine which apps new hires will likely need to access.
This dashboard includes the following charts:
- Number of requests by department - 1 yr
- Number of requests by location - 1 yr
- Average request time by location
- Most requested entitlements
- Most requested roles
- Most requested applications
- Approved vs rejected by app
Certification Statistics Dashboard
The Certification Statistics dashboard uncovers data about your certifiers and certification activity, helping you improve and ensure adherence to governance policies. You can filter by certifier location, department, and job title to further focus your exploration.
For example, filter by the Accounting department to see your top certifiers' activity in that department, possible issues with certification timelines, and Accounting-wide certification activity.
- The Certification Statistics dashboard includes the following charts:
- Most revoked entitlements
- The number of decisions by department
- Top certifiers with analytics around their approval activity
- Late certifiers and their number of days late
Creating a New Dashboard
You can create your own dashboards to supplement the prebuilt dashboards that SailPoint provides.
You need at least one chart to create a dashboard. If you have not created any charts, do that first, or use existing charts from the list on the Charts page.
There are two ways to create a new dashboard: on the Dashboards page or when saving a new chart.
On the Dashboard page:
Provide the following information for your dashboard: a title, the charts to include, the owner, and any JSON and CSS to use to customize the dashboard.
Click Save to create the dashboard.
When saving a new chart:
When saving a new chart, select Add to new dashboard and enter a name for the dashboard.
Click Save & go to dashboard. Your new chart appears in your new dashboard.
Your new chart and dashboard also appear in the lists on the Charts page and Dashboards page, respectively.
Sharing and Exporting Data, Visualizations, and Dashboards
You can easily export and share your data, visualizations, or dashboards with others.
Table and chart data on the query / visualization page can be exported as a CSV or JSON file.
On a Dashboard page, click Edit dashboard > Share dashboard to copy the URL associated with the dashboard and share it with other authenticated users.