You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.
EmpowerID Reports
EmpowerID is equipped with numerous pre-built reports to assist administrators and auditors in managing identities and resources. These reports execute stored procedures that populate a grid with data retrieved from the EmpowerID SQL database.
To locate the reports, open the web application's Navigation Sidebar, expand the System Logs section, and click on Reports.
The report page contains a list of all available reports. Additionally, EmpowerID offers over 65 reports on the Azure reports page and various other reports, statistics, and metrics through its dashboards and analytics microservices. For customers using Microsoft PowerBI, EmpowerID provides report templates to help you get started.
Report Name | Description | Columns Returned |
---|---|---|
Access Assignments to Person Direct | Direct Access Assignments made directly to people |
|
Account Service Identities | Accounts used as service or app pool identities |
|
Accounts – Computer Local Admins | All users that are local computer administrators |
|
Accounts - High Security | All accounts that are members of any high security group |
|
Accounts – Local Computers Accounts | All local computer accounts |
|
Accounts – Privileged Accounts | Accounts flagged as a privileged account usage type |
|
Accounts - Shared Credentials | Accounts used as shared credentials |
|
Accounts Created in Last 30 Days | All accounts that were created in the last 30 days |
|
Accounts No Login 90 Days | AD Accounts that have not logged in during that last 90 days |
|
Accounts Password Never Expires | Accounts with the password set to never expire |
|
Accounts Passwords Older 120 Days | Accounts with passwords older than 120 days |
|
Accounts with an Invalid Manager | Accounts with a manager that is disabled or deleted |
|
Accounts with Deleted Owners | Accounts owned by deleted people |
|
Accounts with Manager Expiring in 60 Days | Accounts whose managers expire within the next 60 days |
|
Accounts without a Responsible Party | Accounts without a responsible party – no PersonID and no OwnerAssigneeID |
|
Accounts Without Managers | Active Directory accounts without managers assigned |
|
AD Accounts Expiring 60 Days | Active Directory accounts that expire within the next 60 days |
|
AD Accounts that Never Logged | Active Directory accounts that have never logged in |
|
All access assignments in the system | All access assignments in the system |
|
All High Security Groups | All groups flagged as high security groups in EmpowerID |
|
Audit Log Report | Log of all actions occurring in the system |
|
Computers without a Responsible Party | All computers that do not have a valid owner or a responsible person |
|
Core Identities Created Last 30 Days | Core identities that were created in the last 30 days |
|
Core Identities Without a Person | Core identities that have no associated EmpowerID Person object |
|
Empty Groups | Groups that do not contain any members |
|
Enforcement Groups | Groups used by EmpowerID for permissions enforcement |
|
Expired Accounts | Active Directory accounts that have expired in Active Directory |
|
Expired Groups | Groups whose Valid Until dates have passed |
|
Fulfillment Report | Recertification fulfillment report including all fulfillment actions |
|
Group Membership High Security | All membership of high security groups |
|
Group Membership Not People | Group membership of accounts that are not people |
|
Group Membership Not RBAC Assigned | All group membership of accounts that are not assigned by RBAC policy |
|
Groups – Local Computer Groups | All local computer groups |
|
Groups – Possible Stale Disabled Members | Possibly stale because all members are disabled or expired |
|
Groups and their Native AD Managed By | Active Directory group managers |
|
Groups Expiring 30 Days | Groups expiring within the next 30 days |
|
Groups O365 Type | Office 365 groups |
|
Groups without a Responsible Party | All sensitive groups that do not have a valid owner or responsible party |
|
High Security People | All people who have at least one high security group membership |
|
Locked Out Accounts | Active Directory accounts that were locked out as of the last inventory |
|
Mailboxes Owned by Deleted People | Mailboxes owned by people who have been terminated |
|
Management Roles without a Responsible Party | All management roles that do not have a valid owner or responsible party |
|
Orphan Accounts | Accounts that do not belong to a person |
|
Password Manager Enrollments | Who has enrolled for password management |
|
People Created in Last 30 Days | People who were created within the last 30 days |
|
People Logged In Last 1 Day | People who have logged in during the past day |
|
People Not Enrolled | People who are not enrolled for password self service |
|
People Not Logged In 30 Days | People who have not logged in within the past 30 days |
|
People That Have Ever Logged In | All people who have logged in to the system |
|
People with Invalid Managers | People whose managers are terminated or disabled |
|
People without Accounts | People who do not own any user accounts |
|
Person Duplicate Email | People with the same email address |
|
Person Duplicate Phone Number | People with the same phone number | Enabled |
Person Logged In 30 Days | People who have logged in during the last 30 days |
|
Person Verified Addresses | Verified Person Communication Channels – verified emails, SMS, and voice call numbers |
|
Possible Stale Groups | Groups that have not had a change in membership for the last 180 days |
|
Recertification Revokes All | All items revoked during recertification |
|
Recertification Revokes Completed | All recertification revokes that are flagged as completed |
|
Recertification Revokes Failed | All recertification revokes that are flagged as failed |
|
Recertification Revokes Ignored | All recertification revokes that are flagged as ignored |
|
Recertification Revokes In Progress | All recertification revokes that are currently in progress |
|
SAP Role and Profile Membership Changes | Change history for SAP roles and profiles |
|
Status by Location | Recertification status by location |
|
Top 100 High Security Groups | The 100 high security groups with the most members |
|
Top 100 Riskiest Groups | The 100 groups with the highest risk scores |
|
Top 100 Riskiest People | The 100 people with the highest risk scores |
|
Your Access Assignments | All of your access assignments |
|
Your Expiring Access Assignments | All of your access assignments that are due to expire |
|
Your Reports Access | All access assignments of your direct reports |
|
Your Reports Expiring Assignments | All access assignments for your direct reports that are due to expire |
|