/
EmpowerID Reports

You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.

EmpowerID Reports

EmpowerID is equipped with numerous pre-built reports to assist administrators and auditors in managing identities and resources. These reports execute stored procedures that populate a grid with data retrieved from the EmpowerID SQL database.

To locate the reports, open the web application's Navigation Sidebar, expand the System Logs section, and click on Reports.

The report page contains a list of all available reports. Additionally, EmpowerID offers over 65 reports on the Azure reports page and various other reports, statistics, and metrics through its dashboards and analytics microservices. For customers using Microsoft PowerBI, EmpowerID provides report templates to help you get started.

Report Name

Description

Columns Returned

Report Name

Description

Columns Returned

Access Assignments to Person Direct

Direct Access Assignments made directly to people

  • Resource Type

  • Access Level

  • Resource Display Name

  • Last Name

  • First Name

  • Person Login

Account Service Identities

Accounts used as service or app pool identities

  • Account Logon Name

  • Type

  • Service / App Pool

  • Computer

  • Name

  • Shared Credential

Accounts – Computer Local Admins

All users that are local computer administrators

  • RBAC Assigned

  • Computer

  • Logon Name

  • Account Domain

  • Account Display Name

  • Direct Member Group

  • Direct Group Domain

  • Local Admins Group

  • Last Certified

  • EmpowerID Login

  • Task ID

  • Added in Account Store

Accounts - High Security

All accounts that are members of any high security group

  • Disabled

  • Last Login

  • Password Last Changed

  • Days Old

  • Password Never Expires

  • Logon Name

  • Domain or Directory

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

Accounts – Local Computers Accounts

All local computer accounts

  • Disabled

  • Last Login

  • Password Never Expires

  • Logon Name

  • Computer

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

Accounts – Privileged Accounts

Accounts flagged as a privileged account usage type

  • Disabled

  • Last Login

  • Logon Name

  • Domain or Directory

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

Accounts - Shared Credentials

Accounts used as shared credentials

  • Disabled

  • Last Login

  • Password Last Changed

  • Days Old

  • Password Never Expires

  • Logon Name

  • Domain or Directory

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

Accounts Created in Last 30 Days

All accounts that were created in the last 30 days

  • Disabled

  • Last Login

  • Created Date

  • Logon Name

  • Domain or Directory

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

Accounts No Login 90 Days

AD Accounts that have not logged in during that last 90 days

  • Disabled

  • Last Login

  • Created Date

  • Expires On

  • Logon Name

  • Domain or Directory

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

Accounts Password Never Expires

Accounts with the password set to never expire

  • Disabled

  • Last Login

  • Logon Name

  • Password Last Changed

  • Days Old

  • Password Never Expires

  • Created Date

  • Domain or Directory

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

Accounts Passwords Older 120 Days

Accounts with passwords older than 120 days

  • Disabled

  • Last Login

  • Password Last Changed

  • Days Old

  • Password Never Expires

  • Expires On

  • Logon Name

  • Domain or Directory

  • Usage Type

  • Display Name

  • EmpowerID Login

  • Distinguished Name

Accounts with an Invalid Manager 

Accounts with a manager that is disabled or deleted

  • Disabled

  • Expires On

  • Logon Name

  • Domain or Directory

  • Manager

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

Accounts with Deleted Owners

Accounts owned by deleted people

  • Disabled

  • Logon Name

  • Domain or Directory

  • Usage Type

  • Display Name

  • Description

  • Person ID

  • Distinguished Name

Accounts with Manager Expiring in 60 Days

Accounts whose managers expire within the next 60 days

  • Disabled

  • Expires On

  • Logon Name

  • Domain or Directory

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

Accounts without a Responsible Party

Accounts without a responsible party – no PersonID and no OwnerAssigneeID

  • Expires On

  • Domain or Directory

  • Logon Name

  • Manager

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

Accounts Without Managers

Active Directory accounts without managers assigned

  • Disabled

  • Logon Name

  • Domain or Directory

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

AD Accounts Expiring 60 Days

Active Directory accounts that expire within the next 60 days

  • Disabled

  • Expires On

  • Logon Name

  • Domain or Directory

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

AD Accounts that Never Logged

Active Directory accounts that have never logged in

  • Disabled

  • Created Date

  • Logon Name

  • Domain or Directory

  • Usage Type

  • Display Name

  • Description

  • EmpowerID Login

  • Distinguished Name

All access assignments in the system

All access assignments in the system

  • Task ID

  • Assignment Type Description

  • Rbac Object Type

  • Rbac Object Friendly Name

  • Resource Type

  • Access Level

  • Resource Display Name

  • Assignment Target

  • Assignment Location

  • Started

  • End Date

All High Security Groups

All groups flagged as high security groups in EmpowerID

  • Logon Name

  • Domain or Directory

  • Display Name

  • Group Type

  • Publish in IT Shop

  • Risk Score

  • Email

  • Distinguished Name

Audit Log Report

Log of all actions occurring in the system

  • In Workflow

  • Task ID

  • When (Ago)

  • Who Requested

  • Who Approved

  • Action

  • To Whom or What

  • Resource Type

  • When

  • Operation

Computers without a Responsible Party

All computers that do not have a valid owner or a responsible person

  • Display Name

  • DNS Host Name

  • Private Address

  • Public Address

  • Type

  • Instance Type

  • Operating System

  • Service Pack

  • Last Login

  • Last Verified Alive

  • DN

Core Identities Created Last 30 Days

Core identities that were created in the last 30 days

  • Created 

  • Last Name

  • First Name

Core Identities Without a Person 

Core identities that have no associated EmpowerID Person object

  • Created 

  • Last Name

  • First Name

Empty Groups

Groups that do not contain any members

  • Logon Name

  • Domain or Directory

  • Display Name

  • Group Type

  • Publish in IT Shop

  • Risk Score

  • Email

  • Distinguished Name

Enforcement Groups

Groups used by EmpowerID for permissions enforcement

  • Enforcement Type

  • EID Group

  • Resource Role Friendly Name

  • Assignment Point ID

  • EID Group Path

  • Access Level

  • Account Store

  • Last Enforcement Attempt (Ago)

  • Last Enforcement Success (Ago)

Expired Accounts

Active Directory accounts that have expired in Active Directory

  • Disabled

  • Expires On

  • Logon Name

  • Domain or Directory

  • Usage Type

  • Display Name

  • Description