You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.

EmpowerID Reports

EmpowerID comes pre-loaded with a number of reports to help administrators and auditors manage identities and resources. Each report runs a stored procedure that populates a grid with data returned from the EmpowerID SQL database. 

To find the reports, in the Navigation Sidebar of the web application, expand System Logs and select Reports.

The following table lists all reports under the report page. EmpowerID also includes over 65 reports on the Azure reports page and then various reports, stats, and metrics on its various dashboards and analytics microservices. EmpowerID also offers report templates for customers using Microsoft PowerBI to get you started.

Report Name

Description

Columns Returned

Report Name

Description

Columns Returned

Access Assignments to Person Direct

Direct Access Assignments made directly to people

  • Resource Type

  • Access Level

  • Resource Display Name

  • Last Name

  • First Name

  • Person Login

Account Service Identities

Accounts used as service or app pool identities

  • Account Logon Name

  • Type

  • Service / App Pool

  • Computer

  • Name

  • Shared Credential

Accounts – Computer Local Admins

All users that are local computer administrators

  • RBAC Assigned

  • Computer

  • Logon Name

  • Account Domain

  • Account Display Name

  • Direct Member Group

  • Direct Group Domain

  • Local Admins Group

  • Last Certified

  • EmpowerID Login

  • Task ID

  • Added in Account Store

Accounts - High Security

All accounts that are members of any high security group

  • Disabled

  • Last Login

  • Password Last Changed

  • Days Old

  • Password Never Expires

  • Logon Name

  • Domain or Directory

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

Accounts – Local Computers Accounts

All local computer accounts

  • Disabled

  • Last Login

  • Password Never Expires

  • Logon Name

  • Computer

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

Accounts – Privileged Accounts

Accounts flagged as a privileged account usage type

  • Disabled

  • Last Login

  • Logon Name

  • Domain or Directory

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

Accounts - Shared Credentials

Accounts used as shared credentials

  • Disabled

  • Last Login

  • Password Last Changed

  • Days Old

  • Password Never Expires

  • Logon Name

  • Domain or Directory

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

Accounts Created in Last 30 Days

All accounts that were created in the last 30 days

  • Disabled

  • Last Login

  • Created Date

  • Logon Name

  • Domain or Directory

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

Accounts No Login 90 Days

AD Accounts that have not logged in during that last 90 days

  • Disabled

  • Last Login

  • Created Date

  • Expires On

  • Logon Name

  • Domain or Directory

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

Accounts Password Never Expires

Accounts with the password set to never expire

  • Disabled

  • Last Login

  • Logon Name

  • Password Last Changed

  • Days Old

  • Password Never Expires

  • Created Date

  • Domain or Directory

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

Accounts Passwords Older 120 Days

Accounts with passwords older than 120 days

  • Disabled

  • Last Login

  • Password Last Changed

  • Days Old

  • Password Never Expires

  • Expires On

  • Logon Name

  • Domain or Directory

  • Usage Type

  • Display Name

  • EmpowerID Login

  • Distinguished Name

Accounts with an Invalid Manager 

Accounts with a manager that is disabled or deleted

  • Disabled

  • Expires On

  • Logon Name

  • Domain or Directory

  • Manager

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

Accounts with Deleted Owners

Accounts owned by deleted people

  • Disabled

  • Logon Name

  • Domain or Directory

  • Usage Type

  • Display Name

  • Description

  • Person ID

  • Distinguished Name

Accounts with Manager Expiring in 60 Days

Accounts whose managers expire within the next 60 days

  • Disabled

  • Expires On

  • Logon Name

  • Domain or Directory

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

Accounts without a Responsible Party

Accounts without a responsible party – no PersonID and no OwnerAssigneeID

  • Expires On

  • Domain or Directory

  • Logon Name

  • Manager

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

Accounts Without Managers

Active Directory accounts without managers assigned

  • Disabled

  • Logon Name

  • Domain or Directory

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

AD Accounts Expiring 60 Days

Active Directory accounts that expire within the next 60 days

  • Disabled

  • Expires On

  • Logon Name

  • Domain or Directory

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

AD Accounts that Never Logged

Active Directory accounts that have never logged in

  • Disabled

  • Created Date

  • Logon Name

  • Domain or Directory

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

All access assignments in the system

All access assignments in the system

  • Task ID

  • Assignment Type Description

  • Rbac Object Type

  • Rbac Object Friendly Name

  • Resource Type

  • Access Level

  • Resource Display Name

  • Assignment Target

  • Assignment Location

  • Started

  • End Date

All High Security Groups

All groups flagged as high security groups in EmpowerID

  • Logon Name

  • Domain or Directory

  • Display Name

  • Group Type

  • Publish in IT Shop

  • Risk Score

  • Email

  • Distinguished Name

Audit Log Report

Log of all actions occurring in the system

  • In Workflow

  • Task ID

  • When (Ago)

  • Who Requested

  • Who Approved

  • Action

  • To Whom or What

  • Resource Type

  • When

  • Operation

Computers without a Responsible Party

All computers that do not have a valid owner or a responsible person

  • Display Name

  • DNS Host Name

  • Private Address

  • Public Address

  • Type

  • Instance Type

  • Operating System

  • Service Pack

  • Last Login

  • Last Verified Alive

  • DN

Core Identities Created Last 30 Days

Core identities that were created in the last 30 days

  • Created 

  • Last Name

  • First Name

Core Identities Without a Person 

Core identities that have no associated EmpowerID Person object

  • Created 

  • Last Name

  • First Name

Empty Groups

Groups that do not contain any members

  • Logon Name

  • Domain or Directory

  • Display Name

  • Group Type

  • Publish in IT Shop

  • Risk Score

  • Email

  • Distinguished Name

Enforcement Groups

Groups used by EmpowerID for permissions enforcement

  • Enforcement Type

  • EID Group

  • Resource Role Friendly Name

  • Assignment Point ID

  • EID Group Path

  • Access Level

  • Account Store

  • Last Enforcement Attempt (Ago)

  • Last Enforcement Success (Ago)

Expired Accounts

Active Directory accounts that have expired in Active Directory

  • Disabled

  • Expires On

  • Logon Name

  • Domain or Directory

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

Expired Groups

Groups whose Valid Until dates have passed

  • Valid Until

  • Logon Name

  • Domain or Directory

  • Display Name

  • Group Type

  • Publish in IT Shop

  • Risk Score

  • Email

  • Distinguished Name

Fulfillment Report

Recertification fulfillment report including all fulfillment actions

  • Task ID

  • Direct Report

  • Certifier

  • Decision

  • Time Constraint

  • Quality Check Approved

  • Fulfillment Status

  • System Name

  • Instance

  • Entitlement Type

  • Entitlement

  • Profile Name

  • Profile Description

  • Context

  • Context Description

  • Description

  • Assigned To

  • Comments

  • FulfillmentActor1

  • FulfillmentActor2

  • FulfillmentActor3

  • FulfillmentActor4

  • FulfillmentActor5

  • Certification Date

  • Auditor Review Date

  • Final Fulfillment Date

  • Audit

  • Recertification Managers

  • Audit Started

  • Verified

  • Verified Date

Group Membership High Security

All membership of high security groups

  • Logon Name

  • Account Domain

  • Account Display Name

  • Group

  • Group Domain

  • Is High Security Group

  • RBAC Assigned

  • Added in Account Store

  • Last Certified

  • EmpowerID Login

  • Task ID

Group Membership Not People

Group membership of accounts that are not people

  • Is High Security Group

  • Logon Name

  • Account Domain

  • Account Display Name

  • Group

  • Group Domain

  • Last Certified

  • EmpowerID Login

  • Task ID

Group Membership Not RBAC Assigned

All group membership of accounts that are not assigned by RBAC policy

  • Is High Security Group

  • Logon Name

  • Account Domain

  • Account Display Name

  • Group

  • Group Domain

  • Last Certified

  • EmpowerID Login

  • Task ID

Groups – Local Computer Groups

All local computer groups

  • Logon Name

  • Computer

  • Description

  • Publish in IT Shop

  • Is High Security Group

Groups – Possible Stale Disabled Members

Possibly stale because all members are disabled or expired

  • Valid Until

  • Logon Name

  • Domain or Directory

  • Display Name

  • Group Type

  • Publish in IT Shop

  • Risk Score

  • Email

  • Distinguished Name

Groups and their Native AD Managed By

Active Directory group managers

  • Managed Group

  • Group Managed By

  • Object Type of Manager

  • Managed By Logon Name

  • Group Logon Name

Groups Expiring 30 Days

Groups expiring within the next 30 days

  • Valid Until 

  • Logon Name

  • Domain or Directory

  • Display Name

  • Group Type

  • Publish in IT Shop

  • Risk Score

  • Email

  • Distinguished Name

Groups O365 Type

Office 365 groups

  • Logon Name

  • Domain or Directory

  • Display Name

  • Group Type

  • Publish in IT Shop

  • Risk Score

  • Email

  • Distinguished Name

Groups without a Responsible Party

All sensitive groups that do not have a valid owner or responsible party

  • Group Name

  • Domain or Directory

  • Display Name

  • Group Type

  • Publish in IT Shop

  • Distinguished Name

High Security People

All people who have at least one high security group membership

  • Enabled

  • Last Login Date

  • Last Name

  • First Name

  • EmpowerID Login

  • Business Role and Location

  • Manager

  • Department

  • Title

  • Telephone

  • Email

Locked Out Accounts

Active Directory accounts that were locked out as of the last inventory

  • Disabled

  • Locked Out Time

  • Logon Name

  • Domain or Directory

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

Mailboxes Owned by Deleted People

Mailboxes owned by people who have been terminated

  • Email

  • Display Name

  • Logon Name

  • Person ID

  • Mailbox Type

  • Path

Management Roles without a Responsible Party

All management roles that do not have a valid owner or responsible party

  • Management Role

  • Type

  • Description

  • Management Role Definition

  • High Security

  • High Security (Inherited)

  • Publish in IT Shop

  • Risk Score

Orphan Accounts

Accounts that do not belong to a person

  • Disabled

  • Last Login

  • Created Date

  • Logon Name

  • Domain or Directory

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

Password Manager Enrollments

Who has enrolled for password management 

  • Last Enrolled (Ago)

  • Last Name

  • First Name

  • Login

  • Password Manager Policy Display Name

  • Last Login (Ago)

  • First Login Failed (Ago)

  • Person Locked Out Until

People Created in Last 30 Days

People who were created within the last 30 days

  • Created

  • Enabled

  • Last Login Date

  • Last Name

  • First Name

  • EmpowerID Login

  • Business Role and Location

  • Department

  • Title

  • Telephone

  • Email

People Logged In Last 1 Day

People who have logged in during the past day

  • Enabled

  • Last Login Date

  • Last Name

  • First Name

  • EmpowerID Login

  • Business Role and Location

  • Department

  • Title

  • Telephone

  • Email

People Not Enrolled

People who are not enrolled for password self service

  • Enabled

  • Last Name

  • First Name

  • EmpowerID Login

  • Business Role and Location

  • Department

  • Title

  • Telephone

  • Email

People Not Logged In 30 Days

People who have not logged in within the past 30 days

  • Enabled

  • Last Login Date

  • Last Name

  • First Name

  • EmpowerID Login

  • Business Role and Location

  • Department

  • Title

  • Telephone

  • Email

People That Have Ever Logged In

All people who have logged in to the system

  • Enabled

  • Last Login Date

  • Last Name

  • First Name

  • EmpowerID Login

  • Business Role and Location

  • Department

  • Title

  • Telephone

  • Email

People with Invalid Managers

People whose managers are terminated or disabled

  • Enabled

  • Last Login Date

  • Last Name

  • First Name

  • EmpowerID Login

  • Business Role and Location

  • Manager

  • Department

  • Title

  • Telephone

  • Email

People without Accounts

People who do not own any user accounts

  • Enabled

  • Last Name

  • First Name

  • EmpowerID Login

  • Business Role and Location

  • Department

  • Title

  • Telephone

  • Email

Person Duplicate Email

People with the same email address

  • Enabled

  • Last Name

  • First Name

  • EmpowerID Login

  • Business Role and Location

  • Email

Person Duplicate Phone Number

People with the same phone number

Enabled
Last Name
First Name
EmpowerID Login
Business Role and Location
Mobile Phone
Email

Person Logged In 30 Days

People who have logged in during the last 30 days

  • Enabled

  • Last Login Date

  • Last Name

  • First Name

  • EmpowerID Login

  • Business Role and Location

  • Department

  • Title

  • Telephone

  • Email

Person Verified Addresses

Verified Person Communication Channels – verified emails, SMS, and voice call numbers

  • Enabled

  • Person Display Name

  • Login

  • Type

  • Communication Address

Possible Stale Groups

Groups that have not had a change in membership for the last 180 days

  • Valid Until

  • Logon Name

  • Domain or Directory

  • Display Name

  • Group Type

  • Publish in IT Shop

  • Risk Score

  • Email

  • Distinguished Name

Recertification Revokes All

All items revoked during recertification

  • Description

  • Policy Type

  • Revoke Status

  • Item to Review

  • Date

  • Reviewer

  • Reviewer Login

  • Audit and Recertification Policy

  • Task ID

Recertification Revokes Completed

All recertification revokes that are flagged as completed

  • Description

  • Policy Type

  • Revoke Status

  • Item to Review

  • Date

  • Reviewer

  • Reviewer Login

  • Audit and Recertification Policy

  • Task ID

Recertification Revokes Failed

All recertification revokes that are flagged as failed

  • Description

  • Policy Type

  • Revoke Status

  • Item to Review

  • Date

  • Reviewer

  • Reviewer Login

  • Audit and Recertification Policy

  • Task ID

Recertification Revokes Ignored

All recertification revokes that are flagged as ignored

  • Description

  • Policy Type

  • Revoke Status

  • Item to Review

  • Date

  • Reviewer

  • Reviewer Login

  • Audit and Recertification Policy

  • Task ID

Recertification Revokes In Progress

All recertification revokes that are currently in progress

  • Description

  • Policy Type

  • Revoke Status

  • Item to Review

  • Date

  • Reviewer

  • Reviewer Login

  • Audit and Recertification Policy

  • Task ID

SAP Role and Profile Membership Changes

Change history for SAP roles and profiles

  • When (Ago)

  • Change Type

  • User Account

  • Role or Profile

  • Is High Security Group

  • Account Display Name

  • Account Store

  • Person ID

  • Task ID

Status by Location

Recertification status by location

  • Location

  • Total #

  • # Open

  • # Completed

  • % Open

  • % Closed

  • % Complete

  • Manager

Top 100 High Security Groups

The 100 high security groups with the most members

  • Logon Name

  • Domain or Directory

  • Display Name

  • Group Type

  • Publish in IT Shop

  • Distinguished Name

Top 100 Riskiest Groups

The 100 groups with the highest risk scores

  • Logon Name

  • Domain or Directory

  • Display Name

  • Group Type

  • Publish in IT Shop

  • Risk Score

  • Email

  • Distinguished Name

Top 100 Riskiest People

The 100 people with the highest risk scores

  • Risk Score

  • Enabled

  • Last Login Date

  • Last Name

  • First Name

  • EmpowerID Login

  • Business Role and Location

  • Manager

  • Department

  • Title

  • Telephone

  • Email

Your Access Assignments

All of your access assignments

  • Assignment Type Description

  • Rbac Object Type

  • Rbac Object Friendly Name

  • Resource Type

  • Access Level

  • Resource Display Name

  • Assignment Target

  • Assignment Location

Your Expiring Access Assignments

All of your access assignments that are due to expire

  • Expires On

  • Assignment Type Description

  • Rbac Object Type

  • Rbac Object Friendly Name

  • Resource Type

  • Access Level

  • Resource Display Name

  • Assignment Target

  • Assignment Location

Your Reports Access

All access assignments of your direct reports

  • Expires On

  • Assignment Type Description

  • Rbac Object Type

  • Rbac Object Friendly Name

  • Resource Type

  • Access Level

  • Resource Display Name

  • Assignment Target

  • Assignment Location

Your Reports Expiring Assignments

All access assignments for your direct reports that are due to expire

  • Expires On

  • Assignment Type Description

  • Rbac Object Type

  • Rbac Object Friendly Name

  • Resource Type

  • Access Level

  • Resource Display Name

  • Assignment Target

  • Assignment Location