Out of the box reports

Hitachi ID Bravura Identity provides over 180+ built-in reports, including:

  • Users: list selected users or those with specific attributes or entitlements.
  • Targets: list selected target systems or those accessible by some users.
  • Orphans: list login IDs on target systems not attached to active user profiles or with too-old last-login dates.
  • Workflow:
    • Authorizers: list available authorizers and their attached resources.
    • Roles: list roles and their component templates.
    • Templates: list templates, their dependencies and role membership.
    • Requests: list current and closed change requests in the system.
  • Inventory: list physical objects under management and their locations.

Graphical dashboards

Bravura Identity includes a number of dashboards, for example to monitor its operation and the workflow request queue. These are available via navigation or can be pinned to a user's landing page. This is illustrated in Figure [link] and Figure [link].

Screen shot: Workflow current state

Screen shot: Workflow current state

Screen shot: Workflow trend

Screen shot: Workflow trend

Policy violations and data quality

Bravura Identity includes reports to identify policy violations, such as:

  1. SoD violations (generally or for specific rules or users) and approved SoD exceptions.
  2. RBAC violations -- i.e., users whose entitlements do not match assigned roles, through surplus or deficit.
  3. Access which has not been certified recently or at all.
  4. Access which is not even configured to be certified (out of scope of defined rounds).
  5. Users whose entitlements, in aggregate, contribute to a high risk score.

Bravura Identity includes built-in data quality analytics:

  1. Inconsistent account attributes (differ between systems for the same user).
  2. Attribute violations (e.g., mandatory but empty, too short, too long, does not satisfy RegEx rules, etc.).
  3. Orphan and dormant accounts and profiles.
  4. Users with no managers and managers with no subordinates.
  5. Accounts and groups that disappeared from managed systems.
  6. Resources whose authorizers are not set, whose identities have disappeared or who are inactive.
  7. Certification processes assigned to invalid users.
  8. Users whose actual entitlements do not match their assigned roles.
  9. Users who should but do not have login accounts on key systems.

Robust analytics infrastructure

All data in Bravura Identity is in a normalized, relational database schema and can be accessed using standard analytical tools (Crystal Reports, Cognos, MS-Excel, SQL queries, etc).

The schema is well documented and is available to all product licensees and evaluators under NDA. The current release schema documentation is about 127 pages long and includes detailed descriptions of every field, table, relation, value constraint, etc.

Hitachi ID Systems customer can add custom reports to the Bravura Identity web UI, so that they can be run interactively, scheduled, have output delivered via e-mail, etc. These reports are written using short Python scripts that mostly contain a SQL SELECT statement which interacts with the Bravura Identity back-end database, but can also pull data from other sources (e.g., web services, other SQL databases, LDAP directories, etc.).

Hitachi ID Bravura Pass includes various built-in reports:

  • User Reports
    • Matching user ID (string).
    • Matching user names (string).
    • By disabled only? Y/N.
    • List accounts? Y/N.
    • Matching target identifiers (string).
    • Matching target names (string).
    • Target type (drop down list).

  • Target System Reports
    • Matching target identifiers (string).
    • Matching target names (string).
    • Target types (drop down list).
    • List accounts Y/N.
    • Matching user ID (string).
    • Matching user names (string).

  • Event Reports
    • Matching session IDs (string).
    • Matching user IDs (string).
    • Matching target identifiers (string).
    • Matching target names (string).
    • Target type (drop down list).
    • Event type (drop down list 46 different selectable, all).
    • Event list (number).
    • Requested by (string).
    • Earliest date/time.
    • Latest date/time.

  • Synchronization Reports
    • Matching user IDs (string).
    • Matching target identifiers (string).
    • Matching target names (string).
    • Target type (drop down list).
    • Currently queued or failed events.