Reports
EmpowerID comes pre-loaded with a number of reports to help administrators and auditors manage identities and resources. Each report runs a stored procedure that populates a grid with data returned from the EmpowerID SQL database.Â
To find the reports, in the Navigation Sidebar of the web application, expand System Logs and select Reports.
The following table lists all available reports.
Report Name | Description | Columns Returned |
---|---|---|
Account Service Identities | Accounts used as service or app pool identities | Account Logon Name Type Display Name Computer Name Shared Credential |
Accounts - High Security | All accounts that are members of any high security group | Disabled |
Accounts - Shared Credentials | Accounts used as shared credentials | Disabled Last Logon Time Password Last Changed Days Old Password Never Expires Logon Name Domain or Directory Account Type Display Name Description EmpowerID Login Distinguished Name |
Accounts Created in Last 30 Days | All accounts that were created in the last 30 days | Disabled Last Logon Time Created Date Logon Name Domain or Directory Account Type Display Name Description EmpowerID Login Distinguished Name |
Accounts No Login 90 Days | Active Directory accounts that have not logged in during that last 90 days | Disabled Last Logon Time Created Date Logon Name Domain or Directory Account Type Display Name Description EmpowerID Login Distinguished Name |
Accounts Password Never Expires | Active Directory accounts with the password set to never expire | Disabled Last Logon Time Password Last Changed Days Old Password Never Expires Created Date Logon Name Domain or Directory Account Type Display Name Description EmpowerID Login Distinguished Name |
Accounts Passwords Older 120 Days | Active Directory accounts with passwords older than 120 days | Disabled Last Logon Time Password Last Changed Days Old Password Never Expires Logon Name Domain or Directory Account Type Display Name EmpowerID Login Distinguished Name |
Accounts with an Invalid Manager | Accounts with a manager that is disabled or deleted | Disabled Expires On Logon Name Domain or Directory Manager Account Type Display Name Description EmpowerID Login Distinguished Name |
Accounts with Deleted Owners | Accounts owned by deleted people | Disabled Logon Name Domain or Directory Account Type Display Name Description Person ID Distinguished Name |
Accounts with Manager Expiring in 60 Days | Accounts whose managers expire within the next 60 days | Disabled Expires On Logon Name Domain or Directory Account Type Display Name Description EmpowerID Login Distinguished Name |
Accounts Without Managers | Active Directory accounts without managers assigned | Disabled Logon Name Domain or Directory Account Type Display Name Description EmpowerID Login Distinguished Name |
AD Accounts Expiring 60 Days | Active Directory accounts that expire within the next 60 days | Disabled Expires On Logon Name Domain or Directory Account Type Display Name Description EmpowerID Login Distinguished Name |
AD Accounts that Never Logged | Active Directory accounts that have never logged in | Disabled Created Date Logon Name Domain or Directory Account Type Display Name Description EmpowerID Login Distinguished Name |
Person Direct Assignments | Access assignments made directly to a person | Resource Type Access Level Resource Display Name Last Name First Name Person Login |
All access assignments in the system | All access assignments in the system | Expires On Assignment Type Description Rbac Object Type Rbac Object Friendly Name Resource Type Access Level Resource Display Name Assignment Target Assignment Location |
All High Security Groups | All groups flagged as high security groups in EmpowerID | Logon Name Domain or Directory Display Name Group Type Allow Access Requests Risk Score Distinguished Name |
Computer Local Admins | All users that are local computer administrators | RBAC Assigned Logon Name Account Domain Account Display Name Direct Member Group Direct Group Domain Local Admins Group Computer Last Certified EmpowerID Login Task ID Added in Account Store |
Core Identities Created Last 30 Days | Core identities that were created in the last 30 days | Created Last Name First Name |
Core Identities Without a Person | Core identities that have no associated EmpowerID Person object | Created Last Name First Name |
Empty Groups | Groups that do not contain any members | Logon Name Domain or Directory Display Name Group Type Allow Access Requests Risk Score Distinguished Name |
Enforcement Groups | Groups used by EmpowerID for permissions enforcement | Enforcement Type EID Group Resource Role Friendly Name Assignment Point ID EID Group Path Access Level Account Store Last Enforcement Attempt (Ago) Last Enforcement Success (Ago) |
Expired Accounts | Active Directory accounts that have expired in Active Directory | Disabled Expires On Logon Name Domain or Directory Account Type Display Name Description EmpowerID Login Distinguished Name |
Expired Groups | Groups whose Valid Until dates have passed | Valid Until Logon Name Domain or Directory Display Name Group Type Allow Access Requests Risk Score Distinguished Name |
Fulfillment Report | Recertification fulfillment report including all fulfillment actions | Task ID Direct Report Certifier Decision Quality Check Approved FulfillmentStatus System Name Instance Entitlement Type Entitlement ProfileName ProfileDescription Context ContextDescription Description Assigned To Comments FulfillmentActor1 FulfillmentActor2 FulfillmentActor3 FulfillmentActor4 FulfillmentActor5 CertificationDate AuditorReviewDate FinalFulfillmentDate Audit Recertification Managers Audit Started Verified VerifiedDate |
Group Membership High Security | All membership of high security groups | Is High Security Group RBAC Assigned Added in Account Store Logon Name Account Domain Account Display Name Group Group Domain Last Certified EmpowerID Login Task ID |
Group Membership Not People | Group membership of accounts that are not people | Is High Security Group Logon Name Account Domain Account Display Name Group Group Domain Last Certified EmpowerID Login Task ID |
Group Membership Not RBAC Assigned | All group membership of accounts that are not assigned by RBAC policy | Is High Security Group Logon Name Account Domain Account Display Name Group Group Domain Last Certified EmpowerID Login Task ID |
Groups and their Native AD Managed By | Active Directory group managers | Managed Group Group Managed By Object Type of Manager Managed By Logon Name Group Logon Name |
Groups Expiring 30 Days | Groups expiring within the next 30 days | Valid Until Logon Name Domain or Directory Account Type Display Name Group Type Allow Access Requests Risk Score Distinguished Name |
Groups O365 Type | Office 365 groups | Logon Name Domain or Directory Display Name Group Type Allow Access Requests Risk Score Distinguished Name |
High Security People | All people who have at least one high security group membership | Enabled Last Login Date Last Name First Name EmpowerID Login Business Role and Location Manager Department Title Telephone |
Local Computer Accounts | Computer accounts on the local system | Disabled Last Logon Time Password Never Expires Logon Name Computer Account Type Display Name Description EmpowerID Login Distinguished Name |
Locked Out Accounts | Active Directory accounts that were locked out as of the last inventory | Disabled Locked Out Time Logon Name Domain or Directory Account Type Display Name Description EmpowerID Login Distinguished Name |
Mailboxes Owned by Deleted People | Mailboxes owned by people who have been terminated | eMail Display Name Logon Name Person ID Mailbox Type Path |
Orphan Accounts | Accounts that do not belong to a person | Disabled Last Logon Time Created Date Logon Name Domain or Directory Account Type Display Name Description EmpowerID Login Distinguished Name |
Password Manager Enrollments | Who has enrolled for password management | Last Enrolled (Ago) Last Name First Name Login Password Manager Policy Display Name Last Login (Ago) First Login Failed (Ago) Person Locked Out Until |
People Created in Last 30 Days | People who were created within the last 30 days | Created Enabled Last Login Date Last Name First Name EmpowerID Login Business Role and Location Department Title Telephone |
People Logged In Last 1 Day | People who have logged in during the past day | Enabled Last Login Date Last Name First Name EmpowerID Login Business Role and Location Department Title Telephone |
People Not Enrolled | People who are not enrolled for password self service | Enabled Last Login Date Last Name First Name EmpowerID Login Business Role and Location Department Title Telephone |
People Not Logged In 30 Days | People who have not logged in within the past 30 days | Enabled Last Login Date Last Name First Name EmpowerID Login Business Role and Location Department Title Telephone |
People with Invalid Managers | People whose managers are terminated or disabled | Enabled Last Login Date Last Name First Name EmpowerID Login Business Role and Location Manager Department Title Telephone |
People without Accounts | People who do not own any user acccounts | Enabled Last Name First Name EmpowerID Login Business Role and Location Department Title Telephone |
Person Duplicate Email | People with the same email address | Enabled Last Name First Name EmpowerID Login Business Role and Location |
Person Duplicate Phone Number | People with the same phone number | Enabled Last Name First Name EmpowerID Login Business Role and Location Mobile Phone |
Person Logged In 30 Days | People who have logged in within the past 30 days | Enabled Last Login Date Last Name First Name EmpowerID Login Business Role and Location Department Title Telephone |
Person Verified Addresses | Verified email addresses, SMS, and voice call numbers for people | Enabled Person Display Name Type Communication Address |
Privileged Accounts | Accounts flagged as privileged account usage type | Disabled Last Logon Time Logon Name Domain or Directory Account Type Display Name Description EmpowerID Login Distinguished Name |
Recertification Revokes All | All items revoked during recertification | Description Policy Type Revoke Status Item to Review Date Reviewer Reviewer Login Audit and Recertification Policy Task ID |
Recertification Revokes Completed | All recertification revokes that are flagged as completed | Description Policy Type Revoke Status Item to Review Date Reviewer Reviewer Login Audit and Recertification Policy Task ID |
Recertification Revokes Failed | All recertification revokes that are flagged as failed | Description Policy Type Revoke Status Item to Review Date Reviewer Reviewer Login Audit and Recertification Policy Task ID |
Recertification Revokes Ignored | All recertification revokes that are flagged as ignored | Description Policy Type Revoke Status Item to Review Date Reviewer Reviewer Login Audit and Recertification Policy Task ID |
Recertification Revokes In Progress | All recertification revokes that are currently in progress | Description Policy Type Revoke Status Item to Review Date Reviewer Reviewer Login Audit and Recertification Policy Task ID |
SAP Role and Profile Membership Changes | Change history for SAP roles and profiles | When (Ago) Change Type User Account Role or Profile Is High Security Group Account Display Name Account Store Person ID Task ID |
Status by Location | Recertification status by location | Location Total # # Open # Completed % Open % Closed % Complete Manager |
Top 100 High Security Groups | The 100 high security groups with the most members | Logon Name Domain or Directory Display Name Group Type Allow Access Requests Distinguished Name |
Top 100 Riskiest Groups | The 100 groups with the highest risk scores | Logon Name Domain or Directory Display Name Group Type Allow Access Requests Risk Score Distinguished Name |
Top 100 Riskiest People | The 100 people with the highest risk scores | Risk Score Enabled Last Login Date Last Name First Name EmpowerID Login Business Role and Location Manager Department Title Telephone |
Your Access Assignments | All of your access assignments | Expires On Assignment Type Description Rbac Object Type Rbac Object Friendly Name Resource Type Access Level Resource Display Name Assignment Target Assignment Location |
Your Expiring Access Assignments | All of your access assignments that are due to expire | Expires On Assignment Type Description Rbac Object Type Rbac Object Friendly Name Resource Type Access Level Resource Display Name Assignment Target Assignment Location |
Your Reports Access | All access assignments of your direct reports | Expires On Assignment Type Description Rbac Object Type Rbac Object Friendly Name Resource Type Access Level Resource Display Name Assignment Target Assignment Location |
Your Reports Expiring Assignments | All access assignments for your direct reports that are due to expire | Expires On Assignment Type Description Rbac Object Type Rbac Object Friendly Name Resource Type Access Level Resource Display Name Assignment Target Assignment Location |