(Optional) Install this component only if you plan to implement the reporting functionality
Identity Reporting gives you a complete view of your users’ entitlements, providing the knowledge you need to see the past and present state of authorizations and permissions granted to identities in your organization. Identity Manager provides predefined reports that you can use to monitor the status of an Identity Manager environment, including information collected from Identity Vaults and connected systems. To use the reports provided with Identity Manager, you install Identity Reporting, which is included with Identity Manager. Identity Reporting also includes a report packaging tool that facilitates the process of creating custom reports. The user interface for Identity Reporting makes it easy to schedule reports to run at off-peak times for optimized performance. For more information about Identity Reporting, see the Administrator Guide to NetIQ Identity Reporting.
NOTE:You must install Identity Applications before you install Identity Reporting in an Advanced Edition.
An Identity Reporting installation comprises of the following components:
Browser-based application that generates reports by making calls to the reporting service. The reporting service retrieves the data needed to generate reports from the Identity Reporting repository (Identity Information Warehouse), which contains all report management information (such as report definitions and schedules), database views, and configuration information required for reporting.
The authentication service is provided by the OSP component. For more information, see Authentication Service.
NOTE:OSP is automatically installed with Identity Reporting. However, in an Advanced Edition installation, Identity Reporting can use the same authentication service that is installed with Identity Applications. When using the same authentication service, you must specify the authentication settings during the Identity Reporting configuration.
The self-service password management service provides access to self-service password management. For more information, see Self-Service Password Reset.
The Identity Reporting database (Identity Information Warehouse) stores information about the actual and desired states of the Identity Vault and the connected systems within your organization. You can generate reports from this information to view the relationship between objects, such as users and roles. The database can reside locally on the Identity Reporting server or on a remote computer. Identity Manager uses data sources to connect to the database. Identity Reporting requires a Java Database Connectivity driver (JDBC type 4 driver) to communicate with the database. A JDBC driver enables an Identity Reporting server to communicate with the data source. The supported databases for Identity Reporting are PostgreSQL, Oracle, and Microsoft SQL.
For PostgreSQL database, this driver is bundled with the Identity Manager installation program.
For Oracle database, you can download the driver from the Oracle web site.
For Microsoft SQL Server database, download the driver from the Microsoft web site.
NOTE:You must have the Identity Manager Server installed before installing the Identity Reporting components.
The application server provides the runtime framework in which the identity reporting components execute. The following WAR files apply to the URL for a component of identity reporting:
IDMRPT for the Identity Reporting application/interface
idmdcs for Identity Manager Data Collection Service
When a user interacts with IDMRPT or idmdcs applications, these applications query the reporting service and fetch the information for the user. The reporting service exposes the REST APIs where IDMRPT and idmdcs contains the information that provides the user interface.
For more information on Web Application Server, see Web Application Server.
The Identity Reporting components require the following drivers:
Queries the Identity Vault to collect the following type of information from managed systems:
List of all managed systems
List of all accounts for the managed systems
Entitlement types, values, and assignments, and user account profiles for the managed systems
The Data Collection Service uses the Data Collection Services driver to capture changes to objects stored in an Identity Vault, such as accounts, roles, resources, groups, and team memberships. The driver registers itself with the service and pushes change events (such as data synchronization, add, modify, and delete events) to the service.
The service includes three subservices:
Report Data Collector: Uses a pull design model to retrieve data from one or more Identity Vault data sources. The collection runs on a periodic basis, as determined by a set of configuration parameters. To retrieve the data, the collector calls the Managed System Gateway driver.
Event-Driven Data Collector: Uses a push design model to gather event data captured by the Data Collection Service driver.
Non-Managed Application Data Collector: Retrieves data from one or more non-managed applications by calling a REST end point written specifically for each application. Non-managed applications are applications within your enterprise that are not connected to the Identity Vault.
The Identity Reporting installation option of the installation process deploys the Managed System Gateway driver and the Data Collection Service driver to the Identity Vault.
Sentinel Log Management for Identity Governance and Administration (IGA) is a Security Information and Event Management (SIEM) system that receives information from many sources throughout an enterprise, standardizes it, prioritizes it and presents it to you to make threat, risk and policy related decisions. Sentinel Log Management for (IGA) captures log events associated with actions performed in several NetIQ products, including Identity Reporting, Identity Applications, and the Identity Vault. These events are stored in the public schema within the Identity Reporting repository (Identity Information Warehouse).
Identity Manager provides a separate installation program (SentinelLogManagementForIGA8.2.2.0.tar.gz) for Sentinel Log Management for IGA.