Auditing and reporting is provided by the Identity Reporting Module, a new feature for Identity Manager 4.0.2, as shown in the following diagram:
Figure 4-4 Identity Manager Auditing and Reporting
The Identity Reporting Module generates reports that show critical business information about various aspects of your Identity Manager configuration, including information collected from Identity Vaults and managed systems such as Active Directory or SAP. The Identity Reporting Module uses the following components to manage the data:.
Event Auditing Service: A service that captures log events associated with actions performed in the reporting module, such as the import, modification, deletion, or scheduling of a report. The Event Auditing Service (EAS) captures log events associated with actions performed within the Roles Based Provisioning Module (RBPM) and the Role Mapping Administrator (RMA).
Identity Information Warehouse: Repository for the following type of information:
Report management information (such as report definitions, report schedules, and completed reports), database views used for reporting, and configuration information.
Identity data collected by the Report Data Collector, Event-Driven Data Collector, and the Non-Managed Application Data Collector.
Auditing data, which includes events collected by the Event Auditing Service.
The Identity Information Warehouse stores its data in the Security Information and Event Management (SIEM) database.
Data Collection Service: A service that collects information from various sources within an organization. The Data Collection Service includes three subservices:
Report Data Collector: Uses a pull design model to retrieve data from one or more Identity Vault data sources. The collection runs on a periodic basis, as determined by a set of configuration parameters. To retrieve the data, the collector calls the Managed System Gateway driver.
Event-Driven Data Collector: Uses a push design model to gather event data captured by the Data Collection Service driver.
Non-Managed Application Data Collector:
Retrieves data from one or more non-managed applications by calling a REST end point written specifically for each application. Non-managed applications are applications within your enterprise that are not connected to the Identity Vault. For more information, see REST Services for Reporting
in the Identity Reporting Module Guide.
Data Collection Service Driver: A driver that captures changes to objects store in an Identity Vault, such as accounts, roles, resources, groups, and team memberships. The Data Collection Service driver registers itself with the Data Collection Service and pushes change events (such as data synchronization, add, modify, and delete events) to the Data Collection Service.
The information captured records changes to these objects:
User accounts and identities
Roles and role levels
Groups
NOTE:The reporting module does not support dynamic groups and only generates reports on static group data.
Group memberships
Provisioning Request Definitions
Separation of Duties definitions and violations
User entitlement associations
Resource definitions and resource parameters
Role and resource assignments
Identity Vault entitlements, entitlement types, and drivers
Managed System Gateway Driver: A driver that collects information from managed systems. To retrieve the managed system data, the driver queries the Identity Vault. The data retrieved includes the following:
List of all managed systems
List of all accounts for the managed systems
Entitlement types, values, and assignments, and user account profiles for the managed systems
Identity Reporting: The user interface for the reporting module makes it easy to schedule reports to run at off-peak times to optimize performance. For more information about the Identity Reporting Module, see the Identity Reporting Module Guide.
Reports:
Identity Manager contains predefined reports to display the information in the Identity Information Warehouse in useful and consumable ways. You can also create custom reports. For more information about the reports, see Using Identity Manager 4.0.2 Reports. For information about custom reports, see Creating Custom Report Definitions
in the Identity Reporting Module Guide.
Non-Managed Application REST End Point: A non-managed application is an application that is not connected to an Identity Vault, but nonetheless includes data that you want to report on. By defining a REST end point for an application, you make it possible for the reporting module to collect data from this application.
Integration API: The Identity Reporting Module provides a set of REST APIs that allow to implement a REST end point for a non-managed application, as well as write a custom reporting application.