The Identity Reporting Module generates reports that show critical business information about various aspects of your Identity Manager configuration, including information collected from Identity Vaults and managed systems such as Active Directory or SAP. The reporting module provides a set of predefined report definitions you can use to generate reports. In addition, it gives you the option to import custom reports defined in a third-party tool. The user interface for the reporting module makes it easy to schedule reports to run at off-peak times to optimize performance.
NOTE:For details on the predefined reports, see Using Identity Manager Reports.
The core of the reporting module is the Identity Information Warehouse. The warehouse is an intelligent repository of information about the actual state and the desired state of the Identity Vault and the managed systems within an organization. By querying the warehouse, you can retrieve all of the information you need to ensure that your organization is in full compliance with relevant business laws and regulations. The warehouse gives you a 360-degree view of your business entitlements, providing the knowledge you need to see the past and present state of authorizations and permissions granted to identities in your organization. With this knowledge, you can answer even the most sophisticated Governance Risk and Compliance (GRC) queries.
The Identity Information Warehouse uses two new drivers to collect data about an organization:
Data Collection Service Driver
Managed System Gateway Driver
The Data Collection Service Driver uses a push model to collect data about changes made to user accounts, roles, resources, group memberships, and other objects in the vault. The Managed System Gateway Driver can pull information from any managed system that has been enabled for data collection in Identity Manager 4.0.1, as long as it supports entitlements. In addition to maintaining data about identities that are under the full control of the Identity Manager engine, the Identity Information Warehouse collects data about identities that are not managed by the engine.
The reporting module provides several open integration points. For example, if you want to collect data about third-party applications that are not connected to Identity Manager, you can implement a custom REST endpoint to collect data from these applications. In addition, you can customize the data that is pushed to the Identity Vault. To do this, you add a filter to the Data Collection Service Driver to add custom objects or attributes, causing these additional pieces of information to be stored in the warehouse. When this data is available, you can write custom reports to see this information.
The Identity Reporting Module is tightly integrated with Event Auditing Service (EAS). EAS is a software component that captures log events associated with actions performed in several Novell products, including the reporting module, the Roles Based Provisioning Module (RBPM), the Role Mapping Administrator (RMA), NMAS, Identity Manager, and the Identity Vault. These events are stored in a separate schema within the warehouse. You have the option to forward these events to Sentinel. If you choose to forward events, you can then use Sentinel to create a holistic view of all of the activity within your enterprise. Sentinel lets you assimilate logs and other security information from heterogeneous input sources, giving you visibility and accountability into the various activities within the enterprise.
You can access the user interface for the reporting module directly or launch it from the Work Dashboard within the User Application.
NOTE:If you want to be able to launch it from the Work Dashboard, you need to have your Configuration Administration specify the URL for the reporting module on the tab. The Configuration Administrator needs to specify the URL in the field within the Provisioning UI Display Settings page. In addition, you need to have the navigation permission. The Report Administrator is given this permission by default.
Standard Edition Identity Manager 4.0.1 Standard Edition provides a subset of the reporting features available with Advanced Edition. The restrictions that apply to Standard Edition are listed below:
The Managed System Gateway Driver is disabled in Standard Edition.
Reports generated with Standard Edition show Identity Vault data only, and do not show data about managed (connected) systems.
Standard Edition does not provide the ability to collect historical state data for reporting. With Standard Edition, you can only see current state data.
Several new reports have been added in release 4.0.1. Three of these reports are not available with Standard Edition:
Access Requests by Recipient
Access Requests by Requester
Access Requests by Resource
Some of the reports provided with the product are only meaningful if you have purchased the Advanced Edition. The reason for this is that some of the reports report on data that is not available in Standard Edition, such as roles, resources, and workflow processes. For more information, see Using Identity Manager Reports.