You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.

Reports

EmpowerID comes pre-loaded with a number of reports to help administrators and auditors manage identities and resources. Each report runs a stored procedure that populates a grid with data returned from the EmpowerID SQL database. 

To find the reports, in the Navigation Sidebar of the web application, expand System Logs and select Reports.

The following table lists all available reports.

Report NameDescriptionColumns Returned
Account Service IdentitiesAccounts used as service or app pool identitiesAccount Logon Name
Type
Display Name
Computer
Name
Shared Credential
Accounts - High SecurityAll accounts that are members of any high security group

Disabled
Last Logon Time
Password Last Changed
Days Old
Password Never Expires
Logon Name
Domain or Directory
Account Type
Display Name
Description
EmpowerID Login
Distinguished Name

Accounts - Shared CredentialsAccounts used as shared credentialsDisabled
Last Logon Time
Password Last Changed
Days Old
Password Never Expires
Logon Name
Domain or Directory
Account Type
Display Name
Description
EmpowerID Login
Distinguished Name
Accounts Created in Last 30 DaysAll accounts that were created in the last 30 daysDisabled
Last Logon Time
Created Date
Logon Name
Domain or Directory
Account Type
Display Name
Description
EmpowerID Login
Distinguished Name
Accounts No Login 90 DaysActive Directory accounts that have not logged in during that last 90 daysDisabled
Last Logon Time
Created Date
Logon Name
Domain or Directory
Account Type
Display Name
Description
EmpowerID Login
Distinguished Name
Accounts Password Never ExpiresActive Directory accounts with the password set to never expireDisabled
Last Logon Time
Password Last Changed
Days Old
Password Never Expires
Created Date
Logon Name
Domain or Directory
Account Type
Display Name
Description
EmpowerID Login
Distinguished Name
Accounts Passwords Older 120 DaysActive Directory accounts with passwords older than 120 daysDisabled
Last Logon Time
Password Last Changed
Days Old
Password Never Expires
Logon Name
Domain or Directory
Account Type
Display Name
EmpowerID Login
Distinguished Name
Accounts with an Invalid Manager Accounts with a manager that is disabled or deletedDisabled
Expires On
Logon Name
Domain or Directory
Manager
Account Type
Display Name
Description
EmpowerID Login
Distinguished Name
Accounts with Deleted OwnersAccounts owned by deleted peopleDisabled
Logon Name
Domain or Directory
Account Type
Display Name
Description
Person ID
Distinguished Name
Accounts with Manager Expiring in 60 DaysAccounts whose managers expire within the next 60 daysDisabled
Expires On
Logon Name
Domain or Directory
Account Type
Display Name
Description
EmpowerID Login
Distinguished Name
Accounts Without ManagersActive Directory accounts without managers assignedDisabled
Logon Name
Domain or Directory
Account Type
Display Name
Description
EmpowerID Login
Distinguished Name
AD Accounts Expiring 60 DaysActive Directory accounts that expire within the next 60 daysDisabled
Expires On
Logon Name
Domain or Directory
Account Type
Display Name
Description
EmpowerID Login
Distinguished Name
AD Accounts that Never LoggedActive Directory accounts that have never logged inDisabled
Created Date
Logon Name
Domain or Directory
Account Type
Display Name
Description
EmpowerID Login
Distinguished Name
Person Direct AssignmentsAccess assignments made directly to a person Resource Type
Access Level
Resource Display Name
Last Name
First Name
Person Login
All access assignments in the systemAll access assignments in the systemExpires On
Assignment Type Description
Rbac Object Type
Rbac Object Friendly Name
Resource Type
Access Level
Resource Display Name
Assignment Target
Assignment Location
All High Security GroupsAll groups flagged as high security groups in EmpowerIDLogon Name
Domain or Directory
Display Name
Group Type
Allow Access Requests
Risk Score
eMail
Distinguished Name
Computer Local AdminsAll users that are local computer administratorsRBAC Assigned
Logon Name
Account Domain
Account Display Name
Direct Member Group
Direct Group Domain
Local Admins Group
Computer
Last Certified
EmpowerID Login
Task ID
Added in Account Store
Core Identities Created Last 30 DaysCore identities that were created in the last 30 daysCreated 
Last Name
First Name
Core Identities Without a Person Core identities that have no associated EmpowerID Person objectCreated 
Last Name
First Name
Empty GroupsGroups that do not contain any membersLogon Name
Domain or Directory
Display Name
Group Type
Allow Access Requests
Risk Score
eMail
Distinguished Name
Enforcement GroupsGroups used by EmpowerID for permissions enforcementEnforcement Type
EID Group
Resource Role Friendly Name
Assignment Point ID
EID Group Path
Access Level
Account Store
Last Enforcement Attempt (Ago)
Last Enforcement Success (Ago)
Expired AccountsActive Directory accounts that have expired in Active DirectoryDisabled
Expires On
Logon Name
Domain or Directory
Account Type
Display Name
Description
EmpowerID Login
Distinguished Name
Expired GroupsGroups whose Valid Until dates have passedValid Until
Logon Name
Domain or Directory
Display Name
Group Type
Allow Access Requests
Risk Score
eMail
Distinguished Name
Fulfillment ReportRecertification fulfillment report including all fulfillment actionsTask ID
Direct Report
Certifier
Decision
Quality Check Approved
FulfillmentStatus
System Name
Instance
Entitlement Type
Entitlement
ProfileName
ProfileDescription
Context
ContextDescription
Description
Assigned To
Comments
FulfillmentActor1
FulfillmentActor2
FulfillmentActor3
FulfillmentActor4
FulfillmentActor5
CertificationDate
AuditorReviewDate
FinalFulfillmentDate
Audit
Recertification Managers
Audit Started
Verified
VerifiedDate
Group Membership High SecurityAll membership of high security groupsIs High Security Group
RBAC Assigned
Added in Account Store
Logon Name
Account Domain
Account Display Name
Group
Group Domain
Last Certified
EmpowerID Login
Task ID
Group Membership Not PeopleGroup membership of accounts that are not peopleIs High Security Group
Logon Name
Account Domain
Account Display Name
Group
Group Domain
Last Certified
EmpowerID Login
Task ID
Group Membership Not RBAC AssignedAll group membership of accounts that are not assigned by RBAC policyIs High Security Group
Logon Name
Account Domain
Account Display Name
Group
Group Domain
Last Certified
EmpowerID Login
Task ID
Groups and their Native AD Managed ByActive Directory group managersManaged Group
Group Managed By
Object Type of Manager
Managed By Logon Name
Group Logon Name
Groups Expiring 30 DaysGroups expiring within the next 30 daysValid Until 
Logon Name
Domain or Directory
Account Type
Display Name
Group Type
Allow Access Requests
Risk Score
eMail
Distinguished Name
Groups O365 TypeOffice 365 groupsLogon Name
Domain or Directory
Display Name
Group Type
Allow Access Requests
Risk Score
eMail
Distinguished Name
High Security PeopleAll people who have at least one high security group membershipEnabled
Last Login Date
Last Name
First Name
EmpowerID Login
Business Role and Location
Manager
Department
Title
Telephone
Email
Local Computer AccountsComputer accounts on the local systemDisabled
Last Logon Time
Password Never Expires
Logon Name
Computer
Account Type
Display Name
Description
EmpowerID Login
Distinguished Name
Locked Out AccountsActive Directory accounts that were locked out as of the last inventoryDisabled
Locked Out Time
Logon Name
Domain or Directory
Account Type
Display Name
Description
EmpowerID Login
Distinguished Name
Mailboxes Owned by Deleted PeopleMailboxes owned by people who have been terminatedeMail
Display Name
Logon Name
Person ID
Mailbox Type
Path
Orphan AccountsAccounts that do not belong to a personDisabled
Last Logon Time
Created Date
Logon Name
Domain or Directory
Account Type
Display Name
Description
EmpowerID Login
Distinguished Name
Password Manager EnrollmentsWho has enrolled for password management Last Enrolled (Ago)
Last Name
First Name
Login
Password Manager Policy
Display Name
Last Login (Ago)
First Login Failed (Ago)
Person Locked Out Until
People Created in Last 30 DaysPeople who were created within the last 30 daysCreated
Enabled
Last Login Date
Last Name
First Name
EmpowerID Login
Business Role and Location
Department
Title
Telephone
Email
People Logged In Last 1 DayPeople who have logged in during the past dayEnabled
Last Login Date
Last Name
First Name
EmpowerID Login
Business Role and Location
Department
Title
Telephone
Email
People Not EnrolledPeople who are not enrolled for password self serviceEnabled
Last Login Date
Last Name
First Name
EmpowerID Login
Business Role and Location
Department
Title
Telephone
Email
People Not Logged In 30 DaysPeople who have not logged in within the past 30 daysEnabled
Last Login Date
Last Name
First Name
EmpowerID Login
Business Role and Location
Department
Title
Telephone
Email
People with Invalid ManagersPeople whose managers are terminated or disabledEnabled
Last Login Date
Last Name
First Name
EmpowerID Login
Business Role and Location
Manager
Department
Title
Telephone
Email
People without AccountsPeople who do not own any user acccountsEnabled
Last Name
First Name
EmpowerID Login
Business Role and Location
Department
Title
Telephone
Email
Person Duplicate EmailPeople with the same email addressEnabled
Last Name
First Name
EmpowerID Login
Business Role and Location
Email
Person Duplicate Phone NumberPeople with the same phone numberEnabled
Last Name
First Name
EmpowerID Login
Business Role and Location
Mobile Phone
Email
Person Logged In 30 DaysPeople who have logged in within the past 30 daysEnabled
Last Login Date
Last Name
First Name
EmpowerID Login
Business Role and Location
Department
Title
Telephone
Email
Person Verified AddressesVerified email addresses, SMS, and voice call numbers for peopleEnabled
Person Display Name
Type
Communication Address
Privileged AccountsAccounts flagged as privileged account usage typeDisabled
Last Logon Time
Logon Name
Domain or Directory
Account Type
Display Name
Description
EmpowerID Login
Distinguished Name
Recertification Revokes AllAll items revoked during recertificationDescription
Policy Type
Revoke Status
Item to Review
Date
Reviewer
Reviewer Login
Audit and Recertification Policy
Task ID
Recertification Revokes CompletedAll recertification revokes that are flagged as completedDescription
Policy Type
Revoke Status
Item to Review
Date
Reviewer
Reviewer Login
Audit and Recertification Policy
Task ID
Recertification Revokes FailedAll recertification revokes that are flagged as failedDescription
Policy Type
Revoke Status
Item to Review
Date
Reviewer
Reviewer Login
Audit and Recertification Policy
Task ID
Recertification Revokes IgnoredAll recertification revokes that are flagged as ignoredDescription
Policy Type
Revoke Status
Item to Review
Date
Reviewer
Reviewer Login
Audit and Recertification Policy
Task ID
Recertification Revokes In ProgressAll recertification revokes that are currently in progressDescription
Policy Type
Revoke Status
Item to Review
Date
Reviewer
Reviewer Login
Audit and Recertification Policy
Task ID
SAP Role and Profile Membership ChangesChange history for SAP roles and profilesWhen (Ago)
Change Type
User Account
Role or Profile
Is High Security Group
Account Display Name
Account Store
Person ID
Task ID
Status by LocationRecertification status by locationLocation
Total #
# Open
# Completed
% Open
% Closed
% Complete
Manager
Top 100 High Security GroupsThe 100 high security groups with the most membersLogon Name
Domain or Directory
Display Name
Group Type
Allow Access Requests
Distinguished Name
Top 100 Riskiest GroupsThe 100 groups with the highest risk scoresLogon Name
Domain or Directory
Display Name
Group Type
Allow Access Requests
Risk Score
eMail
Distinguished Name
Top 100 Riskiest PeopleThe 100 people with the highest risk scoresRisk Score
Enabled
Last Login Date
Last Name
First Name
EmpowerID Login
Business Role and Location
Manager
Department
Title
Telephone
Email
Your Access AssignmentsAll of your access assignmentsExpires On
Assignment Type Description
Rbac Object Type
Rbac Object Friendly Name
Resource Type
Access Level
Resource Display Name
Assignment Target
Assignment Location
Your Expiring Access AssignmentsAll of your access assignments that are due to expireExpires On
Assignment Type Description
Rbac Object Type
Rbac Object Friendly Name
Resource Type
Access Level
Resource Display Name
Assignment Target
Assignment Location
Your Reports AccessAll access assignments of your direct reportsExpires On
Assignment Type Description
Rbac Object Type
Rbac Object Friendly Name
Resource Type
Access Level
Resource Display Name
Assignment Target
Assignment Location
Your Reports Expiring AssignmentsAll access assignments for your direct reports that are due to expireExpires On
Assignment Type Description
Rbac Object Type
Rbac Object Friendly Name
Resource Type
Access Level
Resource Display Name
Assignment Target
Assignment Location