EmpowerID comes pre-loaded with a number of reports to help administrators and auditors manage identities and resources. Each report runs a stored procedure that populates a grid with data returned from the EmpowerID SQL database.

To find the reports, in the Navigation Sidebar of the web application, expand System Logs and select Reports.

The following table lists all available reports.

Report Name	Description	Columns Returned
Account Service Identities	Accounts used as service or app pool identities	Account Logon Name Type Display Name Computer Name Shared Credential
Accounts - High Security	All accounts that are members of any high security group	Disabled Last Logon Time Password Last Changed Days Old Password Never Expires Logon Name Domain or Directory Account Type Display Name Description EmpowerID Login Distinguished Name
Accounts - Shared Credentials	Accounts used as shared credentials	Disabled Last Logon Time Password Last Changed Days Old Password Never Expires Logon Name Domain or Directory Account Type Display Name Description EmpowerID Login Distinguished Name
Accounts Created in Last 30 Days	All accounts that were created in the last 30 days	Disabled Last Logon Time Created Date Logon Name Domain or Directory Account Type Display Name Description EmpowerID Login Distinguished Name
Accounts No Login 90 Days	Active Directory accounts that have not logged in during that last 90 days	Disabled Last Logon Time Created Date Logon Name Domain or Directory Account Type Display Name Description EmpowerID Login Distinguished Name
Accounts Password Never Expires	Active Directory accounts with the password set to never expire	Disabled Last Logon Time Password Last Changed Days Old Password Never Expires Created Date Logon Name Domain or Directory Account Type Display Name Description EmpowerID Login Distinguished Name
Accounts Passwords Older 120 Days	Active Directory accounts with passwords older than 120 days	Disabled Last Logon Time Password Last Changed Days Old Password Never Expires Logon Name Domain or Directory Account Type Display Name EmpowerID Login Distinguished Name
Accounts with an Invalid Manager	Accounts with a manager that is disabled or deleted	Disabled Expires On Logon Name Domain or Directory Manager Account Type Display Name Description EmpowerID Login Distinguished Name
Accounts with Deleted Owners	Accounts owned by deleted people	Disabled Logon Name Domain or Directory Account Type Display Name Description Person ID Distinguished Name
Accounts with Manager Expiring in 60 Days	Accounts whose managers expire within the next 60 days	Disabled Expires On Logon Name Domain or Directory Account Type Display Name Description EmpowerID Login Distinguished Name
Accounts Without Managers	Active Directory accounts without managers assigned	Disabled Logon Name Domain or Directory Account Type Display Name Description EmpowerID Login Distinguished Name
AD Accounts Expiring 60 Days	Active Directory accounts that expire within the next 60 days	Disabled Expires On Logon Name Domain or Directory Account Type Display Name Description EmpowerID Login Distinguished Name
AD Accounts that Never Logged	Active Directory accounts that have never logged in	Disabled Created Date Logon Name Domain or Directory Account Type Display Name Description EmpowerID Login Distinguished Name
Person Direct Assignments	Access assignments made directly to a person	Resource Type Access Level Resource Display Name Last Name First Name Person Login
All access assignments in the system	All access assignments in the system	Expires On Assignment Type Description Rbac Object Type Rbac Object Friendly Name Resource Type Access Level Resource Display Name Assignment Target Assignment Location
All High Security Groups	All groups flagged as high security groups in EmpowerID	Logon Name Domain or Directory Display Name Group Type Allow Access Requests Risk Score eMail Distinguished Name
Computer Local Admins	All users that are local computer administrators	RBAC Assigned Logon Name Account Domain Account Display Name Direct Member Group Direct Group Domain Local Admins Group Computer Last Certified EmpowerID Login Task ID Added in Account Store
Core Identities Created Last 30 Days	Core identities that were created in the last 30 days	Created Last Name First Name
Core Identities Without a Person	Core identities that have no associated EmpowerID Person object	Created Last Name First Name
Empty Groups	Groups that do not contain any members	Logon Name Domain or Directory Display Name Group Type Allow Access Requests Risk Score eMail Distinguished Name
Enforcement Groups	Groups used by EmpowerID for permissions enforcement	Enforcement Type EID Group Resource Role Friendly Name Assignment Point ID EID Group Path Access Level Account Store Last Enforcement Attempt (Ago) Last Enforcement Success (Ago)
Expired Accounts	Active Directory accounts that have expired in Active Directory	Disabled Expires On Logon Name Domain or Directory Account Type Display Name Description EmpowerID Login Distinguished Name
Expired Groups	Groups whose Valid Until dates have passed	Valid Until Logon Name Domain or Directory Display Name Group Type Allow Access Requests Risk Score eMail Distinguished Name
Fulfillment Report	Recertification fulfillment report including all fulfillment actions	Task ID Direct Report Certifier Decision Quality Check Approved FulfillmentStatus System Name Instance Entitlement Type Entitlement ProfileName ProfileDescription Context ContextDescription Description Assigned To Comments FulfillmentActor1 FulfillmentActor2 FulfillmentActor3 FulfillmentActor4 FulfillmentActor5 CertificationDate AuditorReviewDate FinalFulfillmentDate Audit Recertification Managers Audit Started Verified VerifiedDate
Group Membership High Security	All membership of high security groups	Is High Security Group RBAC Assigned Added in Account Store Logon Name Account Domain Account Display Name Group Group Domain Last Certified EmpowerID Login Task ID
Group Membership Not People	Group membership of accounts that are not people	Is High Security Group Logon Name Account Domain Account Display Name Group Group Domain Last Certified EmpowerID Login Task ID
Group Membership Not RBAC Assigned	All group membership of accounts that are not assigned by RBAC policy	Is High Security Group Logon Name Account Domain Account Display Name Group Group Domain Last Certified EmpowerID Login Task ID
Groups and their Native AD Managed By	Active Directory group managers	Managed Group Group Managed By Object Type of Manager Managed By Logon Name Group Logon Name
Groups Expiring 30 Days	Groups expiring within the next 30 days	Valid Until Logon Name Domain or Directory Account Type Display Name Group Type Allow Access Requests Risk Score eMail Distinguished Name
Groups O365 Type	Office 365 groups	Logon Name Domain or Directory Display Name Group Type Allow Access Requests Risk Score eMail Distinguished Name
High Security People	All people who have at least one high security group membership	Enabled Last Login Date Last Name First Name EmpowerID Login Business Role and Location Manager Department Title Telephone Email
Local Computer Accounts	Computer accounts on the local system	Disabled Last Logon Time Password Never Expires Logon Name Computer Account Type Display Name Description EmpowerID Login Distinguished Name
Locked Out Accounts	Active Directory accounts that were locked out as of the last inventory	Disabled Locked Out Time Logon Name Domain or Directory Account Type Display Name Description EmpowerID Login Distinguished Name
Mailboxes Owned by Deleted People	Mailboxes owned by people who have been terminated	eMail Display Name Logon Name Person ID Mailbox Type Path
Orphan Accounts	Accounts that do not belong to a person	Disabled Last Logon Time Created Date Logon Name Domain or Directory Account Type Display Name Description EmpowerID Login Distinguished Name
Password Manager Enrollments	Who has enrolled for password management	Last Enrolled (Ago) Last Name First Name Login Password Manager Policy Display Name Last Login (Ago) First Login Failed (Ago) Person Locked Out Until
People Created in Last 30 Days	People who were created within the last 30 days	Created Enabled Last Login Date Last Name First Name EmpowerID Login Business Role and Location Department Title Telephone Email
People Logged In Last 1 Day	People who have logged in during the past day	Enabled Last Login Date Last Name First Name EmpowerID Login Business Role and Location Department Title Telephone Email
People Not Enrolled	People who are not enrolled for password self service	Enabled Last Login Date Last Name First Name EmpowerID Login Business Role and Location Department Title Telephone Email
People Not Logged In 30 Days	People who have not logged in within the past 30 days	Enabled Last Login Date Last Name First Name EmpowerID Login Business Role and Location Department Title Telephone Email
People with Invalid Managers	People whose managers are terminated or disabled	Enabled Last Login Date Last Name First Name EmpowerID Login Business Role and Location Manager Department Title Telephone Email
People without Accounts	People who do not own any user acccounts	Enabled Last Name First Name EmpowerID Login Business Role and Location Department Title Telephone Email
Person Duplicate Email	People with the same email address	Enabled Last Name First Name EmpowerID Login Business Role and Location Email
Person Duplicate Phone Number	People with the same phone number	Enabled Last Name First Name EmpowerID Login Business Role and Location Mobile Phone Email
Person Logged In 30 Days	People who have logged in within the past 30 days	Enabled Last Login Date Last Name First Name EmpowerID Login Business Role and Location Department Title Telephone Email
Person Verified Addresses	Verified email addresses, SMS, and voice call numbers for people	Enabled Person Display Name Type Communication Address
Privileged Accounts	Accounts flagged as privileged account usage type	Disabled Last Logon Time Logon Name Domain or Directory Account Type Display Name Description EmpowerID Login Distinguished Name
Recertification Revokes All	All items revoked during recertification	Description Policy Type Revoke Status Item to Review Date Reviewer Reviewer Login Audit and Recertification Policy Task ID
Recertification Revokes Completed	All recertification revokes that are flagged as completed	Description Policy Type Revoke Status Item to Review Date Reviewer Reviewer Login Audit and Recertification Policy Task ID
Recertification Revokes Failed	All recertification revokes that are flagged as failed	Description Policy Type Revoke Status Item to Review Date Reviewer Reviewer Login Audit and Recertification Policy Task ID
Recertification Revokes Ignored	All recertification revokes that are flagged as ignored	Description Policy Type Revoke Status Item to Review Date Reviewer Reviewer Login Audit and Recertification Policy Task ID
Recertification Revokes In Progress	All recertification revokes that are currently in progress	Description Policy Type Revoke Status Item to Review Date Reviewer Reviewer Login Audit and Recertification Policy Task ID
SAP Role and Profile Membership Changes	Change history for SAP roles and profiles	When (Ago) Change Type User Account Role or Profile Is High Security Group Account Display Name Account Store Person ID Task ID
Status by Location	Recertification status by location	Location Total # # Open # Completed % Open % Closed % Complete Manager
Top 100 High Security Groups	The 100 high security groups with the most members	Logon Name Domain or Directory Display Name Group Type Allow Access Requests Distinguished Name
Top 100 Riskiest Groups	The 100 groups with the highest risk scores	Logon Name Domain or Directory Display Name Group Type Allow Access Requests Risk Score eMail Distinguished Name
Top 100 Riskiest People	The 100 people with the highest risk scores	Risk Score Enabled Last Login Date Last Name First Name EmpowerID Login Business Role and Location Manager Department Title Telephone Email
Your Access Assignments	All of your access assignments	Expires On Assignment Type Description Rbac Object Type Rbac Object Friendly Name Resource Type Access Level Resource Display Name Assignment Target Assignment Location
Your Expiring Access Assignments	All of your access assignments that are due to expire	Expires On Assignment Type Description Rbac Object Type Rbac Object Friendly Name Resource Type Access Level Resource Display Name Assignment Target Assignment Location
Your Reports Access	All access assignments of your direct reports	Expires On Assignment Type Description Rbac Object Type Rbac Object Friendly Name Resource Type Access Level Resource Display Name Assignment Target Assignment Location
Your Reports Expiring Assignments	All access assignments for your direct reports that are due to expire	Expires On Assignment Type Description Rbac Object Type Rbac Object Friendly Name Resource Type Access Level Resource Display Name Assignment Target Assignment Location

Browser not supported