Reports

Account Service Identities

Accounts used as service or app pool identities

Account Logon Name
Type
Display Name
Computer
Name
Shared Credential

Accounts - High Security

All accounts that are members of any high security group

Disabled
Last Logon Time
Password Last Changed
Days Old
Password Never Expires
Logon Name
Domain or Directory
Account Type
Display Name
Description
EmpowerID Login
Distinguished Name

Accounts - Shared Credentials

Accounts used as shared credentials

Disabled
Last Logon Time
Password Last Changed
Days Old
Password Never Expires
Logon Name
Domain or Directory
Account Type
Display Name
Description
EmpowerID Login
Distinguished Name

Accounts Created in Last 30 Days

All accounts that were created in the last 30 days

Disabled
Last Logon Time
Created Date
Logon Name
Domain or Directory
Account Type
Display Name
Description
EmpowerID Login
Distinguished Name

Accounts No Login 90 Days

Active Directory accounts that have not logged in during that last 90 days

Disabled
Last Logon Time
Created Date
Logon Name
Domain or Directory
Account Type
Display Name
Description
EmpowerID Login
Distinguished Name

Accounts Password Never Expires

Active Directory accounts with the password set to never expire

Disabled
Last Logon Time
Password Last Changed
Days Old
Password Never Expires
Created Date
Logon Name
Domain or Directory
Account Type
Display Name
Description
EmpowerID Login
Distinguished Name

Accounts Passwords Older 120 Days

Active Directory accounts with passwords older than 120 days

Disabled
Last Logon Time
Password Last Changed
Days Old
Password Never Expires
Logon Name
Domain or Directory
Account Type
Display Name
EmpowerID Login
Distinguished Name

Accounts with an Invalid Manager 

Accounts with a manager that is disabled or deleted

Disabled
Expires On
Logon Name
Domain or Directory
Manager
Account Type
Display Name
Description
EmpowerID Login
Distinguished Name

Accounts with Deleted Owners

Accounts owned by deleted people

Disabled
Logon Name
Domain or Directory
Account Type
Display Name
Description
Person ID
Distinguished Name

Accounts with Manager Expiring in 60 Days

Accounts whose managers expire within the next 60 days

Disabled
Expires On
Logon Name
Domain or Directory
Account Type
Display Name
Description
EmpowerID Login
Distinguished Name

Accounts Without Managers

Active Directory accounts without managers assigned

Disabled
Logon Name
Domain or Directory
Account Type
Display Name
Description
EmpowerID Login
Distinguished Name

AD Accounts Expiring 60 Days

Active Directory accounts that expire within the next 60 days

Disabled
Expires On
Logon Name
Domain or Directory
Account Type
Display Name
Description
EmpowerID Login
Distinguished Name

AD Accounts that Never Logged

Active Directory accounts that have never logged in

Disabled
Created Date
Logon Name
Domain or Directory
Account Type
Display Name
Description
EmpowerID Login
Distinguished Name

Person Direct Assignments

Access assignments made directly to a person 

Resource Type
Access Level
Resource Display Name
Last Name
First Name
Person Login

All access assignments in the system

All access assignments in the system

Expires On
Assignment Type Description
Rbac Object Type
Rbac Object Friendly Name
Resource Type
Access Level
Resource Display Name
Assignment Target
Assignment Location

All High Security Groups

All groups flagged as high security groups in EmpowerID

Logon Name
Domain or Directory
Display Name
Group Type
Allow Access Requests
Risk Score
eMail
Distinguished Name

Computer Local Admins

All users that are local computer administrators

RBAC Assigned
Logon Name
Account Domain
Account Display Name
Direct Member Group
Direct Group Domain
Local Admins Group
Computer
Last Certified
EmpowerID Login
Task ID
Added in Account Store

Core Identities Created Last 30 Days

Core identities that were created in the last 30 days

Created 
Last Name
First Name

Core Identities Without a Person 

Core identities that have no associated EmpowerID Person object

Created 
Last Name
First Name

Empty Groups

Groups that do not contain any members

Logon Name
Domain or Directory
Display Name
Group Type
Allow Access Requests
Risk Score
eMail
Distinguished Name

Enforcement Groups

Groups used by EmpowerID for permissions enforcement

Enforcement Type
EID Group
Resource Role Friendly Name
Assignment Point ID
EID Group Path
Access Level
Account Store
Last Enforcement Attempt (Ago)
Last Enforcement Success (Ago)

Expired Accounts

Active Directory accounts that have expired in Active Directory

Disabled
Expires On
Logon Name
Domain or Directory
Account Type
Display Name
Description
EmpowerID Login
Distinguished Name

Expired Groups

Groups whose Valid Until dates have passed

Valid Until
Logon Name
Domain or Directory
Display Name
Group Type
Allow Access Requests
Risk Score
eMail
Distinguished Name

Fulfillment Report

Recertification fulfillment report including all fulfillment actions

Task ID
Direct Report
Certifier
Decision
Quality Check Approved
FulfillmentStatus
System Name
Instance
Entitlement Type
Entitlement
ProfileName
ProfileDescription
Context
ContextDescription
Description
Assigned To
Comments
FulfillmentActor1
FulfillmentActor2
FulfillmentActor3
FulfillmentActor4
FulfillmentActor5
CertificationDate
AuditorReviewDate
FinalFulfillmentDate
Audit
Recertification Managers
Audit Started
Verified
VerifiedDate

Group Membership High Security

All membership of high security groups

Is High Security Group
RBAC Assigned
Added in Account Store
Logon Name
Account Domain
Account Display Name
Group
Group Domain
Last Certified
EmpowerID Login
Task ID

Group Membership Not People

Group membership of accounts that are not people

Is High Security Group
Logon Name
Account Domain
Account Display Name
Group
Group Domain
Last Certified
EmpowerID Login
Task ID

Group Membership Not RBAC Assigned

All group membership of accounts that are not assigned by RBAC policy

Is High Security Group
Logon Name
Account Domain
Account Display Name
Group
Group Domain
Last Certified
EmpowerID Login
Task ID

Groups and their Native AD Managed By

Active Directory group managers

Managed Group
Group Managed By
Object Type of Manager
Managed By Logon Name
Group Logon Name

Groups Expiring 30 Days

Groups expiring within the next 30 days

Valid Until 
Logon Name
Domain or Directory
Account Type
Display Name
Group Type
Allow Access Requests
Risk Score
eMail
Distinguished Name

Groups O365 Type

Office 365 groups

Logon Name
Domain or Directory
Display Name
Group Type
Allow Access Requests
Risk Score
eMail
Distinguished Name

High Security People

All people who have at least one high security group membership

Enabled
Last Login Date
Last Name
First Name
EmpowerID Login
Business Role and Location
Manager
Department
Title
Telephone
Email

Local Computer Accounts

Computer accounts on the local system

Disabled
Last Logon Time
Password Never Expires
Logon Name
Computer
Account Type
Display Name
Description
EmpowerID Login
Distinguished Name

Locked Out Accounts

Active Directory accounts that were locked out as of the last inventory

Disabled
Locked Out Time
Logon Name
Domain or Directory
Account Type
Display Name
Description
EmpowerID Login
Distinguished Name

Mailboxes Owned by Deleted People

Mailboxes owned by people who have been terminated

eMail
Display Name
Logon Name
Person ID
Mailbox Type
Path

Orphan Accounts

Accounts that do not belong to a person

Disabled
Last Logon Time
Created Date
Logon Name
Domain or Directory
Account Type
Display Name
Description
EmpowerID Login
Distinguished Name

Password Manager Enrollments

Who has enrolled for password management 

Last Enrolled (Ago)
Last Name
First Name
Login
Password Manager Policy
Display Name
Last Login (Ago)
First Login Failed (Ago)
Person Locked Out Until

People Created in Last 30 Days

People who were created within the last 30 days

CreatedEnabledLast Login DateLast NameFirst NameEmpowerID LoginBusiness Role and LocationDepartmentTitleTelephoneEmail