/
EmpowerID Reports

You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.

EmpowerID Reports

EmpowerID comes pre-loaded with a number of reports to help administrators and auditors manage identities and resources. Each report runs a stored procedure that populates a grid with data returned from the EmpowerID SQL database. 

To find the reports, in the Navigation Sidebar of the web application, expand System Logs and select Reports.

The following table lists all reports under the report page. EmpowerID also includes over 65 reports on the Azure reports page and then various reports, stats, and metrics on its various dashboards and analytics microservices. EmpowerID also offers report templates for customers using Microsoft PowerBI to get you started.

Report Name

Description

Columns Returned

Report Name

Description

Columns Returned

Access Assignments to Person Direct

Direct Access Assignments made directly to people

  • Resource Type

  • Access Level

  • Resource Display Name

  • Last Name

  • First Name

  • Person Login

Account Service Identities

Accounts used as service or app pool identities

  • Account Logon Name

  • Type

  • Service / App Pool

  • Computer

  • Name

  • Shared Credential

Accounts – Computer Local Admins

All users that are local computer administrators

  • RBAC Assigned

  • Computer

  • Logon Name

  • Account Domain

  • Account Display Name

  • Direct Member Group

  • Direct Group Domain

  • Local Admins Group

  • Last Certified

  • EmpowerID Login

  • Task ID

  • Added in Account Store

Accounts - High Security

All accounts that are members of any high security group

  • Disabled

  • Last Login

  • Password Last Changed

  • Days Old

  • Password Never Expires

  • Logon Name

  • Domain or Directory

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

Accounts – Local Computers Accounts

All local computer accounts

  • Disabled

  • Last Login

  • Password Never Expires

  • Logon Name

  • Computer

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

Accounts – Privileged Accounts

Accounts flagged as a privileged account usage type

  • Disabled

  • Last Login

  • Logon Name

  • Domain or Directory

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

Accounts - Shared Credentials

Accounts used as shared credentials

  • Disabled

  • Last Login

  • Password Last Changed

  • Days Old

  • Password Never Expires

  • Logon Name

  • Domain or Directory

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

Accounts Created in Last 30 Days

All accounts that were created in the last 30 days

  • Disabled

  • Last Login

  • Created Date

  • Logon Name

  • Domain or Directory

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

Accounts No Login 90 Days

AD Accounts that have not logged in during that last 90 days

  • Disabled

  • Last Login

  • Created Date

  • Expires On

  • Logon Name

  • Domain or Directory

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

Accounts Password Never Expires

Accounts with the password set to never expire

  • Disabled

  • Last Login

  • Logon Name

  • Password Last Changed

  • Days Old

  • Password Never Expires

  • Created Date

  • Domain or Directory

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

Accounts Passwords Older 120 Days

Accounts with passwords older than 120 days

  • Disabled

  • Last Login

  • Password Last Changed

  • Days Old

  • Password Never Expires

  • Expires On

  • Logon Name

  • Domain or Directory

  • Usage Type

  • Display Name

  • EmpowerID Login

  • Distinguished Name

Accounts with an Invalid Manager 

Accounts with a manager that is disabled or deleted

  • Disabled

  • Expires On

  • Logon Name

  • Domain or Directory

  • Manager

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

Accounts with Deleted Owners

Accounts owned by deleted people

  • Disabled

  • Logon Name

  • Domain or Directory

  • Usage Type

  • Display Name

  • Description

  • Person ID

  • Distinguished Name

Accounts with Manager Expiring in 60 Days

Accounts whose managers expire within the next 60 days

  • Disabled

  • Expires On

  • Logon Name

  • Domain or Directory

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

Accounts without a Responsible Party

Accounts without a responsible party – no PersonID and no OwnerAssigneeID

  • Expires On

  • Domain or Directory

  • Logon Name

  • Manager

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

Accounts Without Managers

Active Directory accounts without managers assigned

  • Disabled

  • Logon Name

  • Domain or Directory

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

AD Accounts Expiring 60 Days

Active Directory accounts that expire within the next 60 days

  • Disabled

  • Expires On

  • Logon Name

  • Domain or Directory

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

AD Accounts that Never Logged

Active Directory accounts that have never logged in

  • Disabled

  • Created Date

  • Logon Name

  • Domain or Directory

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

All access assignments in the system

All access assignments in the system

  • Task ID

  • Assignment Type Description

  • Rbac Object Type

  • Rbac Object Friendly Name

  • Resource Type

  • Access Level

  • Resource Display Name

  • Assignment Target

  • Assignment Location

  • Started

  • End Date

All High Security Groups

All groups flagged as high security groups in EmpowerID

  • Logon Name

  • Domain or Directory

  • Display Name

  • Group Type

  • Publish in IT Shop

  • Risk Score

  • Email

  • Distinguished Name

Audit Log Report

Log of all actions occurring in the system

  • In Workflow

  • Task ID

  • When (Ago)

  • Who Requested

  • Who Approved

  • Action

  • To Whom or What

  • Resource Type

  • When

  • Operation

Computers without a Responsible Party

All computers that do not have a valid owner or a responsible person

  • Display Name

  • DNS Host Name

  • Private Address

  • Public Address

  • Type

  • Instance Type

  • Operating System

  • Service Pack

  • Last Login

  • Last Verified Alive

  • DN

Core Identities Created Last 30 Days

Core identities that were created in the last 30 days

  • Created 

  • Last Name

  • First Name

Core Identities Without a Person 

Core identities that have no associated EmpowerID Person object

  • Created 

  • Last Name

  • First Name

Empty Groups

Groups that do not contain any members

  • Logon Name

  • Domain or Directory

  • Display Name

  • Group Type

  • Publish in IT Shop

  • Risk Score

  • Email

  • Distinguished Name

Enforcement Groups

Groups used by EmpowerID for permissions enforcement

  • Enforcement Type

  • EID Group

  • Resource Role Friendly Name

  • Assignment Point ID

  • EID Group Path

  • Access Level

  • Account Store

  • Last Enforcement Attempt (Ago)

  • Last Enforcement Success (Ago)

Expired Accounts

Active Directory accounts that have expired in Active Directory

  • Disabled

  • Expires On

  • Logon Name

  • Domain or Directory

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

Expired Groups

Groups whose Valid Until dates have passed

  • Valid Until

  • Logon Name

  • Domain or Directory

  • Display Name

  • Group Type

  • Publish in IT Shop

  • Risk Score

  • Email

  • Distinguished Name

Fulfillment Report

Recertification fulfillment report including all fulfillment actions

  • Task ID

  • Direct Report

  • Certifier

  • Decision

  • Time Constraint

  • Quality Check Approved

  • Fulfillment Status

  • System Name

  • Instance

  • Entitlement Type

  • Entitlement

  • Profile Name

  • Profile Description

  • Context

  • Context Description

  • Description

  • Assigned To

  • Comments

  • FulfillmentActor1

  • FulfillmentActor2

  • FulfillmentActor3

  • FulfillmentActor4

  • FulfillmentActor5

  • Certification Date

  • Auditor Review Date

  • Final Fulfillment Date

  • Audit

  • Recertification Managers

  • Audit Started

  • Verified

  • Verified Date

Group Membership High Security

All membership of high security groups

  • Logon Name

  • Account Domain

  • Account Display Name

  • Group

  • Group Domain

  • Is High Security Group

  • RBAC Assigned

  • Added in Account Store

  • Last Certified

  • EmpowerID Login

  • Task ID

Group Membership Not People

Group membership of accounts that are not people

  • Is High Security Group

  • Logon Name

  • Account Domain

  • Account Display Name

  • Group

  • Group Domain

  • Last Certified

  • EmpowerID Login

  • Task ID

Group Membership Not RBAC Assigned

All group membership of accounts that are not assigned by RBAC policy

  • Is High Security Group

  • Logon Name

  • Account Domain

  • Account Display Name

  • Group

  • Group Domain

  • Last Certified

  • EmpowerID Login

  • Task ID

Groups – Local Computer Groups

All local computer groups

  • Logon Name

  • Computer

  • Description

  • Publish in IT Shop

  • Is High Security Group

Groups – Possible Stale Disabled Members

Possibly stale because all members are disabled or expired

  • Valid Until

  • Logon Name

  • Domain or Directory

  • Display Name

  • Group Type

  • Publish in IT Shop

  • Risk Score

  • Email

  • Distinguished Name

Groups and their Native AD Managed By

Active Directory group managers

  • Managed Group

  • Group Managed By

  • Object Type of Manager

  • Managed By Logon Name

  • Group Logon Name

Groups Expiring 30 Days

Groups expiring within the next 30 days

  • Valid Until 

  • Logon Name

  • Domain or Directory

  • Display Name

  • Group Type

  • Publish in IT Shop

  • Risk Score

  • Email

  • Distinguished Name

Groups O365 Type

Office 365 groups

  • Logon Name

  • Domain or Directory

  • Display Name

  • Group Type

  • Publish in IT Shop

  • Risk Score

  • Email

  • Distinguished Name

Groups without a Responsible Party

All sensitive groups that do not have a valid owner or responsible party

  • Group Name

  • Domain or Directory

  • Display Name

  • Group Type

  • Publish in IT Shop

  • Distinguished Name

High Security People

All people who have at least one high security group membership