Run Reports on Users and Entitlements - Hitachi ID Identity Manager

All data in Hitachi ID Identity Manager is in a normalized, relational database schema and can be accessed using standard analytical tools (Crystal Reports, Cognos, MS-Excel, SQL queries, etc).

The schema is well documented and is available to all product licensees and evaluators under NDA. The current release schema documentation is about 127 pages long, and includes detailed descriptions of every field, table, relation, value constraint, etc.

Identity Manager includes many built-in reports, which can be run interactively from the web portal or scheduled to run automatically (and periodically if so desired). Report output is HTML or CSV and can be delivered to the same web portal or via e-mail or filesystem. Built-in reports cover:

Identities -- users, accounts, attributes, orphan/dormant accounts, etc.
Entitlements -- roles, groups, accounts, etc.
History -- by user, role, group, etc.
Workflow -- activity in the queue, historical trends, request popularity, etc.
Role analytics -- users sharing entitlements, SoD violations and more.
Configuration data -- roles, groups, etc.
System data and troubleshooting -- event logs, unsatisfiable requests, entitlements with no/invalid owners, etc.

The same data is accessible to 3rd party reporting tools.

Watch a Movie

Reports -- users and accounts

Play movie

Content:

List of users, with and without identity attributes.
List of accounts on a given system.

Key concepts:

The simplest reports in any IAM system are lists of users and accounts.
Built-in Identity Manager reports can enumerate users, attributes, accounts, group memberships, roles and more.

Reports -- orphan and dormant accounts

Play movie

Content:

Shows accounts with no known owner.

Key concepts:

Built-in reports make it easy to find orphan and dormant accounts:
- Orphan users are user profiles with no login accounts.
- Orphan accounts have no known owner.
- Dormant accounts have had no recent login activity.
- Dormant profiles have all-dormant accounts.

Reports -- violations of segregation of duties rules

Play movie

Content:

Finds users who violate any segregation of duties (SoD) rule.
Finds users whose violation of an SoD rule has been approved.

Key concepts:

SoD reports are a detective control -- i.e,. they find already-existing violations.
There is also a preventive control, embedded in the change request workflow.
SoD violations may be approved, for example if they are a legitimate situation that the policy did not take into account.

Reports -- detailed change history

Play movie

Content:

Displays all changes made to users, accounts and groups as a result of workflow requests.

Key concepts:

Change requests are retained indefinitely.
Details including what changed, who requested the change and who authorized it are accessible via built-in reports.
Changes detected on target systems (i.e., not initiated by Identity Manager) are also available.