The Identity Reporting Module generates reports that show critical business information about various aspects of your Identity Manager configuration, including information collected from Identity Vaults and managed systems such as Active Directory or SAP. The Reporting Module provides a set of predefined report definitions you can use to generate reports. In addition, it gives you the option to import custom reports defined in a third-party tool. The user interface for the Reporting Module makes it easy to schedule reports to run at off-peak times to optimize performance.
NOTE:For details about the predefined reports, see Using Identity Manager Reports.
The core of the Reporting Module is the Identity Information Warehouse, an intelligent repository of information about the actual state and the desired state of the Identity Vault and the managed systems within an organization. By querying the warehouse, you can retrieve all the information you need to ensure that your organization is in full compliance with relevant business laws and regulations. The warehouse gives you a 360-degree view of your business entitlements, providing the knowledge you need to see the past and present state of authorizations and permissions granted to identities in your organization. With this knowledge, you can answer even the most sophisticated Governance Risk and Compliance (GRC) queries.
The Identity Information Warehouse uses the following drivers to collect data about an organization:
Data Collection Service Driver
Managed System Gateway Driver
The Data Collection Service Driver uses a push model to collect data about changes made to user accounts, roles, resources, group memberships, and other objects in the vault. The Managed System Gateway Driver can pull information from any managed system that has been enabled for data collection in Identity Manager 4.5, as long as it supports entitlements. In addition to maintaining data about identities that are under the full control of the Identity Manager engine, the Identity Information Warehouse collects data about identities that the engine does not manage.
The Reporting Module provides several open integration points. For example, if you want to collect data about third-party applications that are not connected to Identity Manager, you can implement a custom REST endpoint to collect data from these applications. In addition, you can customize the data that is pushed to the Identity Vault. To do this, you add a filter to the Data Collection Service Driver to add custom objects or attributes, causing these additional pieces of information to be stored in the warehouse. When this data is available, you can write custom reports to see this information.
The Reporting Module is tightly integrated with the Event Auditing Service (EAS). The EAS is a software component that captures log events associated with actions performed in several NetIQ products, including the Reporting Module, the Roles Based Provisioning Module (RBPM), the Catalog Administrator, NMAS, Identity Manager, and the Identity Vault. These events are stored in a separate schema within the warehouse. You have the option to forward these events to Sentinel. If you choose to forward events, you can then use Sentinel to create a holistic view all of the activity within your enterprise. Sentinel lets you assimilate logs and other security information from heterogeneous input sources, giving you visibility and accountability into the various activities within the enterprise.