EmpowerID Reports

EmpowerID comes pre-loaded with a number of reports to help administrators and auditors manage identities and resources. Each report runs a stored procedure that populates a grid with data returned from the EmpowerID SQL database.

To find the reports, in the Navigation Sidebar of the web application, expand System Logs and select Reports.

The following table lists all reports under the report page. EmpowerID also includes over 65 reports on the Azure reports page and then various reports, stats, and metrics on its various dashboards and analytics microservices. EmpowerID also offers report templates for customers using Microsoft PowerBI to get you started.

Report Name	Description	Columns Returned

Report Name	Description	Columns Returned
Access Assignments to Person Direct	Direct Access Assignments made directly to people	Resource Type Access Level Resource Display Name Last Name First Name Person Login
Account Service Identities	Accounts used as service or app pool identities	Account Logon Name Type Service / App Pool Computer Name Shared Credential
Accounts – Computer Local Admins	All users that are local computer administrators	RBAC Assigned Computer Logon Name Account Domain Account Display Name Direct Member Group Direct Group Domain Local Admins Group Last Certified EmpowerID Login Task ID Added in Account Store
Accounts - High Security	All accounts that are members of any high security group	Disabled Last Login Password Last Changed Days Old Password Never Expires Logon Name Domain or Directory Usage Type Display Name Description EmpowerID Login Distinguished Name
Accounts – Local Computers Accounts	All local computer accounts	Disabled Last Login Password Never Expires Logon Name Computer Usage Type Display Name Description EmpowerID Login Distinguished Name
Accounts – Privileged Accounts	Accounts flagged as a privileged account usage type	Disabled Last Login Logon Name Domain or Directory Usage Type Display Name Description EmpowerID Login Distinguished Name
Accounts - Shared Credentials	Accounts used as shared credentials	Disabled Last Login Password Last Changed Days Old Password Never Expires Logon Name Domain or Directory Usage Type Display Name Description EmpowerID Login Distinguished Name
Accounts Created in Last 30 Days	All accounts that were created in the last 30 days	Disabled Last Login Created Date Logon Name Domain or Directory Usage Type Display Name Description EmpowerID Login Distinguished Name
Accounts No Login 90 Days	AD Accounts that have not logged in during that last 90 days	Disabled Last Login Created Date Expires On Logon Name Domain or Directory Usage Type Display Name Description EmpowerID Login Distinguished Name
Accounts Password Never Expires	Accounts with the password set to never expire	Disabled Last Login Logon Name Password Last Changed Days Old Password Never Expires Created Date Domain or Directory Usage Type Display Name Description EmpowerID Login Distinguished Name
Accounts Passwords Older 120 Days	Accounts with passwords older than 120 days	Disabled Last Login Password Last Changed Days Old Password Never Expires Expires On Logon Name Domain or Directory Usage Type Display Name EmpowerID Login Distinguished Name
Accounts with an Invalid Manager	Accounts with a manager that is disabled or deleted	Disabled Expires On Logon Name Domain or Directory Manager Usage Type Display Name Description EmpowerID Login Distinguished Name
Accounts with Deleted Owners	Accounts owned by deleted people	Disabled Logon Name Domain or Directory Usage Type Display Name Description Person ID Distinguished Name
Accounts with Manager Expiring in 60 Days	Accounts whose managers expire within the next 60 days	Disabled Expires On Logon Name Domain or Directory Usage Type Display Name Description EmpowerID Login Distinguished Name
Accounts without a Responsible Party	Accounts without a responsible party – no PersonID and no OwnerAssigneeID	Expires On Domain or Directory Logon Name Manager Usage Type Display Name Description EmpowerID Login Distinguished Name
Accounts Without Managers	Active Directory accounts without managers assigned	Disabled Logon Name Domain or Directory Usage Type Display Name Description EmpowerID Login Distinguished Name
AD Accounts Expiring 60 Days	Active Directory accounts that expire within the next 60 days	Disabled Expires On Logon Name Domain or Directory Usage Type Display Name Description EmpowerID Login Distinguished Name
AD Accounts that Never Logged	Active Directory accounts that have never logged in	Disabled Created Date Logon Name Domain or Directory Usage Type Display Name Description EmpowerID Login Distinguished Name
All access assignments in the system	All access assignments in the system	Task ID Assignment Type Description Rbac Object Type Rbac Object Friendly Name Resource Type Access Level Resource Display Name Assignment Target Assignment Location Started End Date
All High Security Groups	All groups flagged as high security groups in EmpowerID	Logon Name Domain or Directory Display Name Group Type Publish in IT Shop Risk Score Email Distinguished Name
Audit Log Report	Log of all actions occurring in the system	In Workflow Task ID When (Ago) Who Requested Who Approved Action To Whom or What Resource Type When Operation
Computers without a Responsible Party	All computers that do not have a valid owner or a responsible person	Display Name DNS Host Name Private Address Public Address Type Instance Type Operating System Service Pack Last Login Last Verified Alive DN
Core Identities Created Last 30 Days	Core identities that were created in the last 30 days	Created Last Name First Name
Core Identities Without a Person	Core identities that have no associated EmpowerID Person object	Created Last Name First Name
Empty Groups	Groups that do not contain any members	Logon Name Domain or Directory Display Name Group Type Publish in IT Shop Risk Score Email Distinguished Name
Enforcement Groups	Groups used by EmpowerID for permissions enforcement	Enforcement Type EID Group Resource Role Friendly Name Assignment Point ID EID Group Path Access Level Account Store Last Enforcement Attempt (Ago) Last Enforcement Success (Ago)
Expired Accounts	Active Directory accounts that have expired in Active Directory	Disabled Expires On Logon Name Domain or Directory Usage Type Display Name Description EmpowerID Login Distinguished Name
Expired Groups	Groups whose Valid Until dates have passed	Valid Until Logon Name Domain or Directory Display Name Group Type Publish in IT Shop Risk Score Email Distinguished Name
Fulfillment Report	Recertification fulfillment report including all fulfillment actions	Task ID Direct Report Certifier Decision Time Constraint Quality Check Approved Fulfillment Status System Name Instance Entitlement Type Entitlement Profile Name Profile Description Context Context Description Description Assigned To Comments FulfillmentActor1 FulfillmentActor2 FulfillmentActor3 FulfillmentActor4 FulfillmentActor5 Certification Date Auditor Review Date Final Fulfillment Date Audit Recertification Managers Audit Started Verified Verified Date
Group Membership High Security	All membership of high security groups	Logon Name Account Domain Account Display Name Group Group Domain Is High Security Group RBAC Assigned Added in Account Store Last Certified EmpowerID Login Task ID
Group Membership Not People	Group membership of accounts that are not people	Is High Security Group Logon Name Account Domain Account Display Name Group Group Domain Last Certified EmpowerID Login Task ID
Group Membership Not RBAC Assigned	All group membership of accounts that are not assigned by RBAC policy	Is High Security Group Logon Name Account Domain Account Display Name Group Group Domain Last Certified EmpowerID Login Task ID
Groups – Local Computer Groups	All local computer groups	Logon Name Computer Description Publish in IT Shop Is High Security Group
Groups – Possible Stale Disabled Members	Possibly stale because all members are disabled or expired	Valid Until Logon Name Domain or Directory Display Name Group Type Publish in IT Shop Risk Score Email Distinguished Name
Groups and their Native AD Managed By	Active Directory group managers	Managed Group Group Managed By Object Type of Manager Managed By Logon Name Group Logon Name
Groups Expiring 30 Days	Groups expiring within the next 30 days	Valid Until Logon Name Domain or Directory Display Name Group Type Publish in IT Shop Risk Score Email Distinguished Name
Groups O365 Type	Office 365 groups	Logon Name Domain or Directory Display Name Group Type Publish in IT Shop Risk Score Email Distinguished Name
Groups without a Responsible Party	All sensitive groups that do not have a valid owner or responsible party	Group Name Domain or Directory Display Name Group Type Publish in IT Shop Distinguished Name
High Security People	All people who have at least one high security group membership	Enabled Last Login Date Last Name First Name EmpowerID Login Business Role and Location Manager Department Title Telephone Email
Locked Out Accounts	Active Directory accounts that were locked out as of the last inventory	Disabled Locked Out Time Logon Name Domain or Directory Usage Type Display Name Description EmpowerID Login Distinguished Name
Mailboxes Owned by Deleted People	Mailboxes owned by people who have been terminated	Email Display Name Logon Name Person ID Mailbox Type Path
Management Roles without a Responsible Party	All management roles that do not have a valid owner or responsible party	Management Role Type Description Management Role Definition High Security High Security (Inherited) Publish in IT Shop Risk Score
Orphan Accounts	Accounts that do not belong to a person	Disabled Last Login Created Date Logon Name Domain or Directory Usage Type Display Name Description EmpowerID Login Distinguished Name
Password Manager Enrollments	Who has enrolled for password management	Last Enrolled (Ago) Last Name First Name Login Password Manager Policy Display Name Last Login (Ago) First Login Failed (Ago) Person Locked Out Until
People Created in Last 30 Days	People who were created within the last 30 days	Created Enabled Last Login Date Last Name First Name EmpowerID Login Business Role and Location Department Title Telephone Email
People Logged In Last 1 Day	People who have logged in during the past day	Enabled Last Login Date Last Name First Name EmpowerID Login Business Role and Location Department Title Telephone Email
People Not Enrolled	People who are not enrolled for password self service	Enabled Last Name First Name EmpowerID Login Business Role and Location Department Title Telephone Email
People Not Logged In 30 Days	People who have not logged in within the past 30 days	Enabled Last Login Date Last Name First Name EmpowerID Login Business Role and Location Department Title Telephone Email
People That Have Ever Logged In	All people who have logged in to the system	Enabled Last Login Date Last Name First Name EmpowerID Login Business Role and Location Department Title Telephone Email
People with Invalid Managers	People whose managers are terminated or disabled	Enabled Last Login Date Last Name First Name EmpowerID Login Business Role and Location Manager Department Title Telephone Email
People without Accounts	People who do not own any user accounts	Enabled Last Name First Name EmpowerID Login Business Role and Location Department Title Telephone Email
Person Duplicate Email	People with the same email address	Enabled Last Name First Name EmpowerID Login Business Role and Location Email
Person Duplicate Phone Number	People with the same phone number	Enabled Last Name First Name EmpowerID Login Business Role and Location Mobile Phone Email
Person Logged In 30 Days	People who have logged in during the last 30 days	Enabled Last Login Date Last Name First Name EmpowerID Login Business Role and Location Department Title Telephone Email
Person Verified Addresses	Verified Person Communication Channels – verified emails, SMS, and voice call numbers	Enabled Person Display Name Login Type Communication Address
Possible Stale Groups	Groups that have not had a change in membership for the last 180 days	Valid Until Logon Name Domain or Directory Display Name Group Type Publish in IT Shop Risk Score Email Distinguished Name
Recertification Revokes All	All items revoked during recertification	Description Policy Type Revoke Status Item to Review Date Reviewer Reviewer Login Audit and Recertification Policy Task ID
Recertification Revokes Completed	All recertification revokes that are flagged as completed	Description Policy Type Revoke Status Item to Review Date Reviewer Reviewer Login Audit and Recertification Policy Task ID
Recertification Revokes Failed	All recertification revokes that are flagged as failed	Description Policy Type Revoke Status Item to Review Date Reviewer Reviewer Login Audit and Recertification Policy Task ID
Recertification Revokes Ignored	All recertification revokes that are flagged as ignored	Description Policy Type Revoke Status Item to Review Date Reviewer Reviewer Login Audit and Recertification Policy Task ID
Recertification Revokes In Progress	All recertification revokes that are currently in progress	Description Policy Type Revoke Status Item to Review Date Reviewer Reviewer Login Audit and Recertification Policy Task ID
SAP Role and Profile Membership Changes	Change history for SAP roles and profiles	When (Ago) Change Type User Account Role or Profile Is High Security Group Account Display Name Account Store Person ID Task ID
Status by Location	Recertification status by location	Location Total # # Open # Completed % Open % Closed % Complete Manager
Top 100 High Security Groups	The 100 high security groups with the most members	Logon Name Domain or Directory Display Name Group Type Publish in IT Shop Distinguished Name
Top 100 Riskiest Groups	The 100 groups with the highest risk scores	Logon Name Domain or Directory Display Name Group Type Publish in IT Shop Risk Score Email Distinguished Name
Top 100 Riskiest People	The 100 people with the highest risk scores	Risk Score Enabled Last Login Date Last Name First Name EmpowerID Login Business Role and Location Manager Department Title Telephone Email
Your Access Assignments	All of your access assignments	Assignment Type Description Rbac Object Type Rbac Object Friendly Name Resource Type Access Level Resource Display Name Assignment Target Assignment Location
Your Expiring Access Assignments	All of your access assignments that are due to expire	Expires On Assignment Type Description Rbac Object Type Rbac Object Friendly Name Resource Type Access Level Resource Display Name Assignment Target Assignment Location
Your Reports Access	All access assignments of your direct reports	Expires On Assignment Type Description Rbac Object Type Rbac Object Friendly Name Resource Type Access Level Resource Display Name Assignment Target Assignment Location
Your Reports Expiring Assignments	All access assignments for your direct reports that are due to expire	Expires On Assignment Type Description Rbac Object Type Rbac Object Friendly Name Resource Type Access Level Resource Display Name Assignment Target Assignment Location