Out of the box reports

Hitachi ID Identity Manager provides over 150 built-in reports, including:

  • Users: list selected users or those with specific attributes or entitlements.
  • Targets: list selected target systems or those accessible by some users.
  • Orphans: list login IDs on target systems not attached to active user profiles or with too-old last-login dates.
  • Workflow:
    • Authorizers: list available authorizers and their attached resources.
    • Roles: list roles and their component templates.
    • Templates: list templates, their dependencies and role membership.
    • Requests: list current and closed change requests in the system.
  • Inventory: list physical objects under management and their locations.

Graphical dashboards

Identity Manager includes a number of dashboards, for example to monitor its operation and the workflow request queue. These are available via navigation or can be pinned to a user's landing page. This is illustrated in Figure [link] and Figure [link].

    Screen shot: Workflow current state

    Screen shot: Workflow trend

Policy violations and data quality

Identity Manager includes reports to identify policy violations, such as:

  1. SoD violations (generally or for specific rules or users).
  2. RBAC violations -- i.e., users whose entitlements do not match assigned roles, through surplus or deficit.
  3. Access which has not been certified recently or at all.
  4. Access which is not even configured to be certified (out of scope of defined rounds).
  5. Users whose entitlements, in aggregate, contribute to a high risk score.

Identity Manager includes built-in data quality analytics, including:

  1. Inconsistent account attributes (differ between systems for the same user).
  2. Attribute violations (e.g., mandatory but empty, too short, too long, does not satisfy RegEx rules, etc.).
  3. Orphan and dormant accounts and profiles.
  4. Users with no managers and managers with no subordinates.
  5. Accounts and groups that disappeared from managed systems.
  6. Resources whose authorizers are not set, whose identities have disappeared or who are inactive.
  7. Certification processes assigned to invalid users.
  8. Users whose actual entitlements do not match their assigned roles.
  9. Users who should but do not have login accounts on key systems.

Robust analytics infrastructure

All data in Identity Manager is in a normalized, relational database schema and can be accessed using standard analytical tools (Crystal Reports, Cognos, MS-Excel, SQL queries, etc).

The schema is well documented and is available to all product licensees and evaluators under NDA. The current release schema documentation is about 127 pages long and includes detailed descriptions of every field, table, relation, value constraint, etc.

Hitachi ID Systems customer can add custom reports right to the Identity Manager web UI, so that they can be run interactively, scheduled, have output delivered via e-mail, etc. These reports are written using short Python scripts that mostly contain a SQL SELECT statement which interacts with the Identity Manager back-end database, but can also pull data from other sources (e.g., web services, other SQL databases, LDAP directories, etc.).

Data available through Hitachi ID Password Manager includes:

  • A list of login IDs per user.
  • A list of user IDs per system.
  • Identity attributes and group memberships for each user.
  • Linkage between (possibly nonstandard) user IDs and people (user profiles).
  • Full detail of transaction history.
  • Status of the user enrollment process.

Password Manager includes many built-in reports, available through its web portal:

  • Lists of users and accounts, by system or globally.
  • Metrics regarding enrollment progress.
  • System utilization data.
  • Lists of target systems, with or without login accounts on each.
  • Lists of events, by type, user, administrator, resource, time and various other criteria.
  • Lists of enrolled users or users with incomplete profiles.
  • Statistical analysis of user, help desk analyst and server transactions in a time period.