Identity Manager risk analysis features let you report on user accounts whose profiles fall outside certain security constraints. Risk analysis reports scan the physical resource to gather data and show, by resource, details about disabled accounts, locked accounts, and accounts with no owners. They also provide details about expired passwords. Report details vary depending on the resource type.
Standard reports are available for AIX, HP, Solaris, NetWare NDS, and Windows Active Directory resources.
Risk analysis pages are controlled by a form and can be configured for your environment. You can find a list of forms under the RiskReportTask object on the idm\debug page (The Identity Manager Debug Page), and modify these by using the Identity Manager IDE. See Chapter 3, Identity Manager Forms, in Sun Identity Manager Deployment Referencefor more information about configuring forms.
In the Administrator interface, click Reports in the main menu.
Click Run Risk Analysis in the secondary menu.
In the New drop-down menu, select a report to create.
A Risk Analysis Report Settings page opens.
Complete the form.
You can limit the report to scan selected resources and, depending on the resource type, you can scan for accounts that meet these criteria:
Accounts that are disabled, expired, inactive, or locked
Accounts that have never been used
Accounts that do not have a fullname or password
Accounts that do not require a password
Accounts with passwords that have expired or have not changed for a specified number of days
Once defined, you can use the following steps to schedule risk analysis reports to run at specified intervals.
In the Administrator interface, click Server Tasks in the main menu.
Click Manage Schedule in the secondary menu.
The Scheduled Tasks page opens.
Select a risk analysis report to schedule.
The Create New Risk Analysis Task Schedule page opens.
Enter a name and schedule information, and then optionally adjust other risk analysis selections.
Click Save to save the schedule.