Audit Reports and Monitoring
Nearly everything that happens in IdentityNow is tracked in audit reports that you can download, send to auditors, and search for events or patterns. You can view audit data in Search, on the Admin Dashboard, and throughout IdentityNow. You can additionally configure IdentityNow to send notifications when certain components of your site have problems.
Audit data in IdentityNow is stored for 1 year, plus the current month. If you need to access older data, up to 5 years old, fill out the Audit History Request Form and submit it with a support ticket.
Audit Reports in Search
All IdentityNow audit activity can be found in Search. You can download default audit reports or modify your search query to download a custom report.
You can download the following default audit reports from Search:
- All Events - All activity that IdentityNow tracks in audit events.
- Access Request Activity - All activity related to access requests.
- Authentication Activity - Events related to any kind of authentication, including into IdentityNow and into apps.
- Password Changes - All password updates, including for apps, sources, and IdentityNow.
- Provisioning Activity - View a basic audit report of provisioning events.
- All Source Activity (Non-Provisioning) - All activity on all sources, not including provisioning activity.
You can learn more about these reports, the queries they use, and how to download them in Downloading Reports from the Search Interface.
Reporting in Suggested Searches
You can find suggested search queries in IdentityNow, like:
Suggested Search | Description |
All IdentityNow Admins | All org administrators in your IdentityNow site. |
Identities with Errors | All identities in your system that have errors. |
Identity Activity |
All activity performed by or on any identity in your site. To return activity from only one identity, change both instances of * to the name of the identity. |
Inactive Identities with Active Accounts | All identities in your system that don't have access to IdentityNow, but can access to one or more source accounts. |
Source Activity |
All activity performed by or on any source in your site. To narrow this query to return activity from only one source, change the * to the name of the source you want to search for. |
Download the results of these queries using the same steps found in Downloading Reports from the Search Interface.
Admin Dashboard
The Admin Dashboard contains at-a-glance information about configured data and recent activity in your site. You can view the following information on the Admin Dashboard, depending on what you have configured in your SailPoint SaaS platform.
This panel displays the total number of sources, VA clusters, identities, and applications available in your tenant.
You can view following information displays in this panel:
- Sources - The number of sources in your tenant.
- Clusters - The number of virtual appliance clusters set up in your tenant.
- Identities - The number of identities in your system.
- Applications - The number of enabled applications in your site.
Warnings will display on a tile if an item is unhealthy or in an error state. The tile will also list the number of errors associated with the component.
For VA clusters, the following warnings may also display:
- A yellow warning displays if a cluster is in a warning state.
- A red warning displays if a cluster is in an error or failed state.
- A red warning displays if multiple clusters are in warning and error states.
System Activity
View a subset of important events that have happened in your system over the last 7 days. The 5 most recent events are displayed by default. Select View All to view a complete list of events.
These events may follow a different format than is displayed in Search. The times listed here reflect your browser's current settings.
Org Details
View basic metadata about your site. You can find out which features are active and the number of identities permitted for your organization in Global > System Settings > System Features.
To Do Tasks
Review a list of the manual provisioning tasks that are assigned to users in your org. Select View All for a complete list of incomplete manual provisioning tasks.
Password Resets
View a list of the password resets IdentityNow has performed in the last 7 days.
You can also view an estimate of the financial savings generated for your organization by IdentityNow password resets.
You can modify the amount saved per reset based on your company's internal metrics. The Savings value automatically recalculates based on the number of password resets displayed in the panel.
Certification Campaigns
View graphs that represent the progress of certification campaigns in your site.
Refer to Certification Campaign Status Information and Reports for more information.
Provisioning
View a summary of the provisioning activity in IdentityNow over the last 7 days.
Reporting Overview
This table contains an overview of various data tracked in IdentityNow, and where you can find it.
For more information about the status of IdentityNow and its services, visit status.sailpoint.com.
Tracked Activity | Description | Location and Details |
All Audit Data | All activity that IdentityNow tracks in audit events. |
This audit data is available in Search in a default report. You can also use the search query: type:* |
Access Requests | All activity related to access requests. |
This audit data is available in Search in a default report. You can also use the search query: type:"ACCESS_REQUEST" |
Active Jobs | In-progress background tasks, such as the ACCOUNT_AGGREGATION, REFRESH_IDENTITIES, or SYNCHRONIZE_IDENTITIES jobs. | From the Admin dashboard, go to Dashboard > Monitor and refer to the Active Jobs table. |
Applications | Audit events related to app configuration. |
This audit data is available in Search. Use the search query: technicalName:"APP_*" |
Authentication |
Audit events related to any kind of authentication. |
This audit data is available in Search in a default report. You can also use the search query: type:AUTH |
Certifications |
Audit events related to any kind of certification activity. |
This audit data is available in Search. Use the search query: type:CERTIFICATION |
Reports about a specific certification or general information about the campaigns in your site. |
Refer to Certification Campaign Status Information and Reports for more information. |
|
Identities and Users | Download a list of identities. |
You can download a complete list of the identities in your system in two ways.
|
Find activity for a single identity. |
You can view the activity for a single identity in two ways:
|
|
Find events that impact a user's IdentityNow experience, or configuration events for an identity. |
This audit data is available in Search. Use the search query: type:"USER_MANAGEMENT" OR type:"IDENTITY_MANAGEMENT" |
|
Find identities without managers. |
You can download a complete list of identities without managers in two ways:
|
|
Refer to Resolving Uncorrelated Accounts for more information. |
||
Notices about identities in error states. |
If identity processing puts 5% or more of your identities into an error state, your System Components Status will display an error. Errors also display in the identity list and on the identity itself. Refer to Configuring System Health Notifications for more information. |
|
Identity Processing |
Track the progress of identity processing. |
Refer to Processing Identity Data for more information. |
Non-Employee Activity |
Download a report of all activity related to non-employee sources. |
Use the search query: type:NON_EMPLOYEE Results display on the Events tab. |
Provisioning |
Download a basic audit report of provisioning events. |
This audit data is available in Search in a default report. You can also use the search query: type:PROVISIONING Results display on the Events tab. |
View a detailed report of all provisioning activity. |
This audit data is available in Search. Use the search query: * Results display on the Account Activity tab. |
|
View a basic summary of recent provisioning activity. |
The Admin Dashboard displays a summary of recent provisioning activity. |
|
Password Changes |
All password updates, including for apps, sources, and IdentityNow. |
This audit data is available in Search in a default report. You can also use the search query: type:"PASSWORD_ACTIVITY" |
Search |
Download a set of search results for any search category. |
Refer to Downloading Reports from the Search Interface for more information. |
Source Activity | View a detailed report of all activity on all sources, excluding provisioning activity. |
This audit data is available in Search in a default report. You can also use the search query: type:"SOURCE_MANAGEMENT" |
View a detailed report of all activity related to a single source. |
This audit data is available in Search. Select the suggested search called Source Activity to find this data. You can also use the search query: actor.name:<source name> OR target.name:<source name> OR attributes.sourceName:<source name> where <source name> is the name of the source you're monitoring. |
|
View the status of a source or virtual appliance. |
Refer to Monitoring VA Health for more information. |
|
View information about aggregations. |
Source aggregation information displays throughout IdentityNow.
|
|
Notices about source errors. |
Source errors display in your System Components Status, source list, and on the source itself. Refer to Configuring System Notifications for information on receiving notifications if a source enters an error state. |
|
Task Manager |
Find a list of tasks assigned to users that aren't completed. |
The Admin Dashboard displays a partial list of incomplete tasks. To view a full list, select View All. To download a report of these tasks, select CSV. The Global > Reports page displays. Select the appropriate format under Generate and then Download. This report displays a maximum of 5,000 tasks. If there are fewer than 5,000 tasks, the report might also show completed tasks that are less than 90 days old. |
Send daily notifications to users when they have a new task in their Task Manager. |
Refer to the Pending Task Daily Digest Email Template for more information. |
|
Virtual Appliances |
Find the status of a virtual appliance or source. |
Refer to Monitoring VA Health for more information. |
Determine which sources are connected to a specific virtual appliance. |
Refer to Reviewing Sources Connected to VAs for more information. |
|
Notices about virtual appliance errors. |
If IdentityNow is unable to communicate with a VA, an error will display in your System Components Status. |