18 Using Reporting Features

This chapter includes the following sections:

Note:

  • Oracle Identity Manager Reports enables you to use Oracle BI Publisher as the reporting solution for Oracle Identity Management products.

  • Oracle Identity Manager Reports are classified based on the functional areas. For instance, Access Policy Reports, Attestation, Request and Approval Reports, Password Policy Reports and so on. It is no longer named Operational and Historical.

  • Oracle Identity Manager Reports provides a restricted-use license for Oracle BI Publisher and easy-to-use reporting packages for multiple Oracle Identity Management products.

  • For large-scale deployments, especially those taking advantage of the extensive auditing capabilities of Oracle Identity Manager, it is highly recommended that you deploy a dedicated enterprise-class reporting solution. A solution based on tools such as Oracle Business Intelligence Enterprise Edition can provide the flexibility, automation, and performance required for a large-scale organizations.

18.1 Reporting Features

The following are Oracle Identity Manager reporting features:

  • Select and view reports from a predefined list in the BI Publisher.

  • Filter report information.

  • View reports on-screen in the desired format.

  • Provide interactive reports.

18.2 Starting Oracle Identity Manager Reports

To start BI Publisher:

  1. Navigate to Start, Oracle BI Publisher Desktop, Oracle - BIPHome10134, and then click Start BI Publisher.

    The Oracle BI Publisher Home page appears.

  2. Enter the user name and password.

  3. Click Sign In.

18.3 Running Oracle Identity Manager Reports

To run a report:

Note:

BI Publisher cannot be accessed through Oracle Identity Manager UI. You must open BI publisher explicitly to access the Oracle Identity Manager 11g reports.
  1. Start Oracle Identity Manager Reports. See Section 18.2, "Starting Oracle Identity Manager Reports" for more information.

  2. Click the more... link under Shared Folders.

  3. Do one of the following to access the reports.

    • Click Oracle Identity Manager Reports.

    • Click the more... link under Oracle Identity Manager Reports.

    The resulting page displays Oracle Identity Manager Reports classified according to their functional areas.

  4. To view a report:

    1. Select the report by clicking its name.

    2. Click View.

    The Report Input Parameters page is displayed. This page displays the input parameters that must be provided to run a report. The report input parameters act as a filter criterion.

    In some cases, at least one or more parameter fields are required fields. Some reports do not require any input parameter. If this is not the case, then you must populate at least one of the fields to run a report.

    Note:

    If you leave the input parameter field blank, and then click View, all the information associated with the report is displayed.
  5. Enter the information required to identify what information the report contains.

  6. Click View to run the report.

    The report is displayed.

18.4 Supported Output Formats

BI Publisher supports multiple report output formats. All reports are generated in a native XML format which can be transformed into different other output formats. The following formats are supported:

  • HTML

  • PDF

  • RTF

  • MHTML

18.5 Reports for Oracle Identity Manager

All the reports containing Date type input parameters, have the following default date range in the date type input parameters:

Date Range is : Sysdate-30 To Sysdate.

If you want to run the reports for different date range, then please change the date type input parameters with your date ranges.

Oracle Identity Manager Reports are now classified based on the functional areas. For instance, Access Policy Reports, Attestation, Request and Approval Reports, Password Policy Reports, and so on. It is no longer named Operational and Historical.

Oracle Identity Manager Reports are classified into the following categories based on their functional areas:

18.5.1 Access Policy Reports

Oracle Identity Manager BI Publisher Reports provides the following access policy reports for Oracle Identity Manager:

18.5.1.1 Access Policy Details

It provides administrators or auditors the ability to view a current snapshot of all the policies defined in Oracle Identity Manager system, along with key information about each policy, and the number of instances in which each policy has been activated.

Input Parameters

The following table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description
Access Policy Name Name of the Access Policy

Fields

The following table lists the fields of the report:

Report Field Description
Description Description of the policy
Approval Required Approval required for the policy
Creation Date Date when the policy is created
Retrofit Access Policy Retrofit of the access policy
Created By Name of the person who created the policy
Priority Priority of the policy

Columns

The following table lists the columns of the report:

Report Column Description
Resource Name Name of the resource

18.5.1.2 Access Policy List by Role

It lists all policies defined in Oracle Identity Manager system by role. This report can be used for operational and compliance purposes.

Input Parameters

The following table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description
Role Name Name of the role

Fields

The following table lists the fields of the report:

Report Field Description
Description Description of the policy
Approval Required Approval required for the policy
Creation Date Date when the policy is created
Retrofit Access Policy Retrofit of the access policy
Created By Name of the person who created the policy
Priority Priority of the policy

Columns

The following table lists the columns of the report:

Report Column Description
Role Name Name of the role

18.5.2 Attestation, Request, and Approval Reports

Oracle Identity Manager BI Publisher Reports provides the following attestation, request, and approval reports for Oracle Identity Manager:

18.5.2.1 Approval Activity

This report provides the administrators the ability to view the approval activity including requests that are approved, rejected, or pending.Z

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description
Approver's First Name First name of the approver
Approver's Last Name Last name of the approver
Approver's User ID User ID of the approver
Organization Name of the organization

Fields

N/A

Columns

The following table lists the columns of the report:

Report Column Description
Approver's First Name First name of the approver
Approver's Last Name Last name of the approver
Approver's User ID User ID of the approver
Organization Organization of the approver
Approval Accepted Count of the accepted approval
Approval Rejected Count of the rejected approval
Approvals Pending Count of the pending approval
Approval Requests Total Total number of approval requests

18.5.2.2 Attestation Process List

This report displays details of all the attestation process. The security model is implemented in this report.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description
Attestation Process Name Name of the attestation process
Attestation Process Owner Owner of the attestation process

Fields

N/A

Columns

The following table lists the columns of the report:

Report Column Description
Attestation Process Name Name of the attestation process
Owner User ID ID of the owner of attestation process
Date of Current Request Data on which the request was made
Date of Last Completion Data on which the request was completed
Certified Attestation process certified
Rejected Attestation process rejected
Declined Attestation process declined
Delegated Attestation process delegated
Total Sum of certified, rejected, and declined

18.5.2.3 Attestation Request Details

It lists details of selected Oracle Identity Manager attestation requests.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description
Attestation Process Name Name of the attestation process
Attestation Request ID ID of the attestation process
Request Initiation Date Range From Start date of the attestation request
Request Initiation Date Range To End date of the attestation request

Fields

The following table lists the fields of the report:

Report Field Description
Attestation Process Name Name of the attestation process
Attestation Request ID ID of the attestation request
Request Initiation Date Date on which the request is initiated
Completion Date on which the request is completed
Certified Attestation process certified
Rejected Attestation process rejected
Delegated Attestation process delegated
No Action Number of attestation processes on which no action is taken

Columns

The following table lists the columns of the report:

Report Column Description
First Name First name of the user who initiated the attestation request
Last Name Last name of the user who initiated the attestation request
User ID ID of the user who initiated the attestation request
Resource Name of the resource
Descriptive Data Date on which the request is completed
Reviewer's First Name First name of the reviewer
Reviewer's Last Name Last name of the reviewer
Reviewer's User ID ID of the reviewer
Action Action taken by the reviewer

18.5.2.4 Attestation Requests by Process

This report displays details of all the attestation process and the request for each process, where the logged in user is a member of the administrator or the owner role of the attestation process.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description
Attestation Process Name Name of the attestation process
Attestation Process Owner Owner of the attestation process

Fields

The following table lists the fields of the report:

Report Field Description
Attestation Owner Name of the attestation process owner
Total Number of Requests Total number of requests
Last Completion Date Date by which attestation should be completed
Current Request Initiation Date Date on which attestation is initiated

Columns

The following table lists the columns of the report:

Report Column Description
Request ID ID of the attestation request
Initiation Date Date on which attestation is initiated
Completion Date Date by which attestation should be completed
Certified Attestation process certified
Rejected Attestation process rejected
Declined Attestation process declined
Delegated Attestation process delegated
Total Attested Sum of certified records, rejected records and declined records

18.5.2.5 Attestation Requests by Reviewer

It displays list of attestation requests by reviewer. The report includes the number of requests associated with each reviewer and information about each request. In addition, it displays the time at which the request is created and completed.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description
Reviewer First Name First name of the reviewer
Reviewer Last Name Last name of the reviewer
Reviewer User ID User ID of the reviewer

Fields

The following table lists the fields of the report:

Report Field Description
Reviewer 's First Name First name of the reviewer
Reviewer 's Last Name Last name of the reviewer
Reviewer 's User ID User ID of the reviewer
Total Number of Requests Count of requests to review

Columns

The following table lists the columns of the report:

Report Column Description
Request ID ID of the attestation request
Process Name Name of the process
Initiation Date Date on which attestation is initiated
Completion Date Date by which attestation should be completed
Certified Attestation process certified
Rejected Attestation process rejected
Declined Attestation process declined
Delegated Attestation process delegated
Total Attested Count of requests to attest

18.5.2.6 Request Details

This report provides administrators the ability to view the details (requestor, current approver and so on) of all requests with the input current status. Additionally, this report displays the details of all users (user name, organization, manager details, user status and so on) that will be provisioned as a result of the request approval. This helps administrators in planning and prioritizing operational activities so that they may expedite the closure of pending requests.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description
Requestor User First Name First name of the requestor
Requestor User Last Name Last name of the requestor
Request User ID ID of the requestor
Request ID Request ID
Request Parent ID Parent ID of the request
Request Status Status of the request
Request Type Type of the request
Request Date From Start date of the request
Request Date To End date of the request
Beneficiary User First Name First name of the beneficiary
Beneficiary User Last Name Last name of the beneficiary
Beneficiary User ID ID of the beneficiary

Fields

The following table lists the fields of the report:

Report Field Description
Request ID Request ID
Request Type Type of the request
Requester User ID ID of the requester
Request Date Date on which request is initiated
Approver User ID ID of the approver
Current Status Status of the request
Parent Request ID ID of the parent Requester

Columns

The following table lists the columns of the report, if a beneficiary is present:

Report Column Description
First Name First name of the beneficiary
Last Name Last name of the beneficiary
User ID ID of the beneficiary
User Type Type of user
User Status Status of the beneficiary
Organization Organization of the beneficiary
Request Value Request value of the resource

The following table lists the columns of the report, if a beneficiary is not present:

Report Column Description
Request Name Name of the request
Request Value Value of the request

18.5.2.7 Request Summary

This report provides administrators the ability to view the current status of all requests raised in the specified time interval. This helps administrators in planning and prioritizing operational activities so that they may expedite the closure of pending requests.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description
Request Type Type of request
Request Date From Start date of the request
Request Date To End date of the request
Organization Details of the organization

Fields

N/A

Columns

The following table lists the columns of the report:

Report Column Description
Request ID Request ID
Parent Request ID ID of the parent Requester
Request Type Type of request
Request Status Status of request
Requestor User ID ID of the requestor
Beneficiary User ID ID of the beneficiary
Request Details Details of the request
Approver User ID ID of the approver
Request Date Date of request

18.5.2.8 Task Assignment History

It lists the history of all task assignments.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description
Resource Name Name of the resource
First Name First name of the user
Last Name Last name of the user
User ID ID of the user

Fields

The following table lists the fields of the report:

Report Field Description
Resource Type Type of resource

Columns

The following table lists the columns of the report:

Report Column Description
User ID ID of the beneficiary
Assignee First Name First name of the assignee
Assignee Last Name Last name of the assignee
Assignee User ID ID of the assignee
Assignee Role Name Role name of the assignee
Assignee User Name User name of the assignee
Employee Type Type of employee

18.5.3 Role and Organization Reports

Oracle Identity Manager BI Publisher Reports provides the following role and organization reports for Oracle Identity Manager:

18.5.3.1 Role Membership History

This report displays membership history of all the roles. The report will not show indirect memberships.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description
Role Name Name of the role
Role Category Category of the role
Employee Type Type of the employee: Full-Time, Part-Time, Temp, Intern, Consultant, Contractor
Employee Status Status of the employee: Active, Disabled, Deleted, Disabled Until Start Date
Membership Status Status of membership: Revoked, Active
Effective From Role membership effective from date
Effective To Role membership effective to date

Fields

The following table lists the fields of the report:

Report Field Description
Created By Name of the person who created the role
Creation Date Date on which the role was created

Columns

The following table lists the columns of the report:

Report Column Description
First Name First name of the user
Last Name Last name of the user
User ID ID of the user
Employee Type Type of employee
Employee Status Status of the employee
Membership Status Membership date of the user
Effective From Membership start date of the user
Effective To Membership end date of the user
Manager's First Name First name of the manager
Manager's Last Name Last name of the manager
Manager's User ID ID of the manager

18.5.3.2 Role Membership Profile

This report shows number of users present for number of roles and the details of users belonging to count number of roles.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description
Organization Organization of the user

Fields

The following table lists the fields of the report:

Report Field Description
Membership in Number of Roles Number of members in number of roles
Number of Users Number of users in the role

Columns

The following table lists the columns of the report:

Report Column Description
First Name First name of the user
Last Name Last name of the user
User ID ID of the user
Employee Type Type of the employee: Full-Time, Part-Time, Temp, Intern, Consultant, Contractor

18.5.3.3 Role Membership

This report displays membership details of all roles.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description
Role Name Name of the role
Role Category Category of the role
Organization Name of the organization
Employee Type Type of the employee: Full-Time, Part-Time, Temp, Intern, Consultant, Contractor
Employee Status Status of the employee: Active, Disabled, Deleted, Disabled Until Start Date

Fields

The following table lists the fields of the report:

Report Field Description
Created By Name of the person who created the user
Creation Date Date on which the user is created

Columns

The following table lists the columns of the report:

Report Column Description
First Name First name of the user
Last Name Last name of the user
User ID ID of the user
Organization Organization of user
Employee Status Status of the user
Employee Type Type of the employee: Full-Time, Part-Time, Temp, Intern, Consultant, Contractor
Member Since Joining date of the user
Manager's First Name First name of the manager
Manager's Last Name Last name of the manager
Manager's User ID ID of the manager

18.5.3.4 Organization Details

It lists the hierarchical organization structure and details about users in the organization.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description
Organization Name Name of the organization

Fields

The following table lists the fields of the report:

Report Field Description
Parent Organization Name Name of the parent organization

Columns

The following table lists the columns of the report:

Report Column Description
Role Name of Administrator User roles
First Name First name of the user in the organization
Last Name Last name of the user in the organization
User ID ID of the user
User Status Status of the user
User Type Type of user
Start Date Joining date of the user
End Date Leaving date of the user

18.5.3.5 User Membership History

This report lists the logged in users with their membership history.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description
Last Name First name of the user
First Name Last name of the user
User ID ID of the user
Organization Organization of the user
Employee Status Status of the employee: Active, Disabled, Deleted, Disabled Until Start Date
Employee Type Type of the employee: Full-Time, Part-Time, Temp, Intern, Consultant, Contractor

Fields

The following table lists the fields of the report:

Report Field Description
User ID ID of the user
User First Name First name of the user
User Last Name Last name of the user
Organization Organization of the user
Employee Status Status of the employee: Active, Disabled, Deleted, Disabled Until Start Date
Employee Type Type of the employee: Full-Time, Part-Time, Temp, Intern, Consultant, Contractor

Columns

The following table lists the columns of the report:

Report Column Description
User Role Name of the user role
Membership Status Status of membership
Effective From Date from which the membership is effective

18.5.4 Password Reports

Oracle Identity Manager BI Publisher Reports provides the following password reports for Oracle Identity Manager:

18.5.4.1 Password Expiration Summary

This report shows the list of all active users whose Oracle Identity Manager passwords are about to expire within a specified period.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description
Last Name Last name of the user
First Name First name of the user
User ID ID of the user
Organization Organization of the user
Expiration Date Range From Start date of the expiration date
Expiration Date Range To End date of the expiration date

Fields

N/A

Columns

The following table lists the columns of the report:

Report Field Description
First Name First name of the user
Last Name Last name of the user
User ID ID of the user
Employee Type Type of the employee: Full-Time, Part-Time, Temp, Intern, Consultant, Contractor
Employee Status Status of the employee: Active, Disabled, Deleted, Disabled Until Start Date
Organization Organization of the user
Password Expiration Date Date on which the password expires

18.5.4.2 Password Reset Summary

This report provides the ability to view the aggregated metrics around password change attempts done by users themselves or on behalf of them. The metrics include all password change attempts, successful or failure outcome of password change attempt, users locked due to multiple concurrent unsuccessful password change attempts.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description
Aggregation Frequency The frequency of the report generated
Date Range From Start date of the report generated
Date Range To End date of the report generated
Organization Name of the organization

Fields

The following table lists the fields of the report:

Report Field Description
Aggregation Frequency The frequency of the report generated

Columns

The following table lists the columns of the report:

Report Column Description
Time Period Date and time of reset attempts performed
Reset Attempts Number of reset attempts
Failed Reset Attempts Number of failed reset attempts
Locked Users due to Failed Reset Attempts Number of users locked due to a failed reset attempt
Resets by non-beneficiary Number of resets by non-beneficiary

18.5.4.3 Resource Password Expiration

It lists users whose resource passwords will expire in a specified time period.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description
Resource Name Name of the resource
First Name First name of the user
Last Name Last name of the user
User ID ID of the user
User Status Status of the user
Password Expiration Date From The password expiry starting date
Password Expiration Date To The password expiry ending date

Fields

The following table lists the fields of the report:

Report Field Description
Resource Type Type of resource

Columns

The following table lists the columns of the report:

Report Field Description
First Name First name of the user
Last Name Last name of the user
User ID ID of the user
Organization Organization of the user
User Status Status of the user: Active, Disabled, Deleted, Disabled Until Start Date
User Type Type of the user: Full-Time, Part-Time, Temp, Intern, Consultant, Contractor
Password Expiration Date Date on which the password expires

18.5.5 Resource and Entitlement Reports

Oracle Identity Manager BI Publisher Reports provides the following resource and entitlement reports for Oracle Identity Manager:

18.5.5.1 Account Activity In Resource

It lists all account activities in each resource. It also provides information on how each user is associated with a specific activity of that resource.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description
Resource Name Name of the resource
Date Range From Date from which reports are displayed
Date Range To Date to which reports are displayed

Fields

The following table lists the fields of the report:

Report Field Description
Resource Name Name of the resource
Activity Type The type of activity
Resource Authorizer User Role(s) Name of the role which authorize the role
Resource Administrator User Role(s) Name of the role which authorize the resource

Columns

The following table lists the columns of the report:

Report Column Description
First Name First name of the user
Last Name Last name of the user
User ID ID of the user
User Status Status of the user: Active, Disabled, Deleted, Disabled Until Start Date
Organization Organization of the user
Manager's User ID ID of the manager
Timestamp Date when the report is created

18.5.5.2 Delegated Admins and Permissions by Resource

This report displays the list of user roles with write and delete access that are administrators of the resource.

Input Parameters

The table lists the report parameters used to specify a criterion for subsetting data:

Report Parameter Description
Resource Name Name of the resource

Fields

N/A

Columns

The following table lists the columns of the report:

Report Column Description
Administrator Role Name Name of the Administrator role
Administrator Role Information Information about the Administrator role
Read Access Indicates whether the resource has read access
Write Access Indicates whether the resource has write access
Delete Access Indicates whether the resource has delete access
Authorizer Role Authorizer role name
Name Priority Priority of the resource
Created By Name of the person who created the resource
Creation Date Resource creation date

18.5.5.3 Delegated Admins by Resource

The report displays the list of user roles that are the administrators or authorizers of the resource and members of those roles.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description
Resource Name Name of the resource
Resource Type Type of resource
Resource Audit Objective Objective to carry out the audit for the resource

Fields

The following table lists the fields of the report:

Report Field Description
Resource Type Type of resource
Target Indicates whether the resource is a target for organization or user
Write Access Indicates whether the resource has write access
Delete Access Indicates whether the resource has delete access
Creation By Resource creation source
Creation Date Date on which resource is created

Columns

The following table lists the columns of the report:

Report Column Description
First Name First name of the user
Last Name Last name of the user
User ID ID of the user
Organization Organization of the user
User Status Status of the user
Member Since Joining date of the user
Manager's First Name First name of the manager
Manager's Last Name Last name of the manager
Manager's User ID ID of the manager

18.5.5.4 Entitlement Access List

This report provides administrators or auditors the ability to query all existing users, who have a specified entitlement. This report can be used for operational and compliance purposes.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description
Entitlement Code Code of the entitlement
Resource Name Name of the resource
Organization Organization of the user
Role Name Name of the role
User Status Status of the user: Active, Disabled, Deleted, Disabled Until Start Date
User Type Type of user
Provisioning Date From Date from which the resource is provisioned to the user
Provisioning Date To Date to which the resource is provisioned to the user

Fields

The following table lists the fields of the report:

Report Field Description
Entitlement Code Code of the entitlement
Entitlement Name Name of the entitlement
Entitlement status Status of the entitlement.
Resource Name Name of the resource
Resource Type Type of resource

Columns

The following table lists the columns of the report:

Report Column Description
User Id ID of the user
First Name First name of the user
Last Name Last name of the user
User Status User Status
User Type Type of the user
Organization Organization of the user
Valid To Date Entitlement valid from date
Valid From Date Entitlement valid to date

18.5.5.5 Entitlement Access List History

This report provides administrators or auditors the ability to query all existing users provisioned to a entitlement over its lifecycle. This is a lifetime report showing entire history of resource's access list or entitlements.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description
Entitlement Code Code of the entitlement
Resource Name Name of the resource
Organization Organization of the user
Role Name Name of the role
User Status Status of the user: Active, Disabled, Deleted, Disabled Until Start Date
User Type Type of user
Effective From Date Entitlement effective from date
Effective To Date Entitlement effective to date

Fields

The following table lists the fields of the report:

Report Field Description
Entitlement Code Code of the entitlement
Entitlement Name Name of the entitlement
Resource Name Name of the resource
Resource Type Type of resource

Columns

The following table lists the columns of the report:

Report Column Description
User Id ID of the user
First Name First name of the user
Last Name Last name of the user
User Status Status of the user
User Type Type of user
Effective From Entitlement effective from date
Effective To Entitlement effective to date

18.5.5.6 Financially Significant Resource Details

This report provides Administrators to get a list of financially significant resources to prioritize various administrative and cleanup activities. It also helps Compliance or Privacy and Security officers assessing effectiveness of preventive and detective controls in financial significant resources and Auditors to understand the IT resources that host financial data.

Input Parameters

The table lists the report parameters used to specify a criterion for subsetting data:

Report Parameter Description
Resource Name Name of the resource

Fields

The following table lists the fields of the report:

Report Field Description
Resource Type Type of resource

Columns

The following table lists the columns of the report:

Report Column Description
User Roles Lists the resource administrator user roles

18.5.5.7 Fine Grained Entitlement Exceptions By Resource

This report enables administrators, signing officers, internal and external auditors to analyze discrepancies in various process forms and related child tables of various resources and mitigate material weaknesses in the resources through remediation activities.

Input Parameters

The table lists the report parameters used to specify a criterion for subsetting data:

Report Parameter Description
Resource Name Name of the resource
First Name First name of the user
Last Name Last name of the user
User ID ID of the user
Employee Type Type of the employee such as fulltime, part time
Organization Name Name of the organization
Role Name Name of the role

Fields

The following table lists the fields of the report:

Report Field Description
Resource Name Name of the resource
User ID ID of the user

Columns

The following table lists the columns of the report:

Report Column Description
Form Name Name of the form
Form Type Type of the form

Note:

Before running this report, you must populate data for account audit and reconciliation exceptions.

To populate the data for account audit and reconciliation exceptions:

  1. Set the value of the system property, XL.EnableExceptionReports, to True.

  2. Provision an user to any target.

  3. Modify any of the user's attribute in the target and reconcile the user.

  4. Find data in UPA_UD_FORMFIELDS and UPA_UD_FORMS tables.

  5. Go to Oracle Identity Manger server and run RefreshMaterializedViewScheduler Task.

  6. Log in to BIP and view the report.

18.5.5.8 Orphaned Account Summary

It lists the rogue accounts for the input resource for which a user existed in the target system, but the associated user to whom the account is provisioned never existed in Oracle Identity Manager.

Input Parameters

The table lists the report parameters used to specify a criterion for subsetting data:

Report Parameter Description
Resource Name Name of the resource
Reconciliation Date Range From Start date of reconciliation
Reconciliation Date Range To End date of reconciliation

Fields

N/A

Columns

The following table lists the columns of the report:

Report Column Description
Resource Name of the resource
Account Information Information of the orphaned account
Reconciliation Date Date of reconciliation

18.5.5.9 Resource Access List History

This report provides administrators or auditors the ability to query all existing users provisioned to a resource over its lifecycle. This is a lifetime report showing entire history of resource's access list or entitlements.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description
Resource Name Name of the resource
First Name First name of the user
Last Name Last name of the user
User ID ID of the user
Organization Organization of the user
User Status Status of the user
User Type Type of the user
Snapshot Date From Effective start date of resource access to the user
Snapshot Date To Effective end date of resource access to the user
Changes Date From Resource changed from date to user
Changes Date To Resource changed to date to user

Fields

The following table lists the fields of the report:

Report Field Description
Resource Type Type of resource

Columns

The following table lists the columns of the report:

Report Column Description
First Name First name of the user
Last Name Last name of the user
User ID ID of the user
Organization Organization of the user
Resource Descriptive data Description of the resource
User Status Status of the user
Resource Status Status of the resource
Effective From Effective start date
Effective To Effective end date

18.5.5.10 Resource Access List

This report provides administrators or auditors the ability to query all existing users provisioned to a specified resource. This report can be used for operational and compliance purposes.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description
Resource Name Name of the resource
First Name First name of the user
Last Name Last name of the user
User ID ID of the user
Organization Organization of the user
User Status Status of the user
User Type Type of the user
Provisioning Date From Resource provision start date
Provisioning Date To Resource provision end date

Fields

The following table lists the fields of the report:

Report Field Description
Resource Type Type of resource

Columns

The following table lists the columns of the report:

Report Parameter Description
First Name First name of the user
Last Name Last name of the user
User ID ID of the user
User Type Type of the user
User Status Status of the user
Organization Organization of the user
Provisioning Date Date on which the resource is provisioned

18.5.5.11 Resource Account Summary

This report lists the number of users for each status within each resource.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description
Resource Name Name of the resource
Resource Type Type of resource
Account Status Status of the account

Fields

The following table lists the fields of the report:

Report Field Description
Resource Type Type of resource
Total Number of Users Total number of users associated with the account

Columns

The following table lists the columns of the report:

Report Column Description
Account Status Status of the account
Number of Users Number of users with that account status

18.5.5.12 Resource Activity Summary

It lists the history of all provisioning and approval activities for a resource.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description
Resource Name Name of the resource
Date Range From Start date
Date Range To End date

Fields

The following table lists the fields of the report:

Report Field Description
Resource Type Type of resource

Columns

The following table lists the columns of the report:

Report Column Description
Accounts Provisioned Number of accounts provisioned
Accounts De-Provisioned Number of accounts de-provisioned
Approval Requests Number of approval requests
Approval Accepted Number of approved requests
Approval Rejected Number of rejected requests

18.5.5.13 Rogue Accounts By Resource

This report includes all rogue accounts for the input resource. This report also includes the corresponding attestation data to analyze if the rogue accounts represent outstanding or accepted exceptions in the system. This enables administrators, signing officers, internal and external auditors to identify material weaknesses in the resources and plan their mitigation through remediation activities.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description
Resource Name Name of the resource
First Name First name of the user
Last Name Last name of the user
User ID ID of the user
Organization Name Organization of the user
User Status Status of the user
User Type Type of the user

Fields

The following table lists the fields of the report:

Report Field Description
Resource Type Type of resource

Columns

The following table lists the columns of the report:

Report Column Description
First Name First name of the user
Last Name Last name of the user
User ID ID of the user
Organization Organization of the user
User Status Status of the user
User Type Type of the user
Exception Type Type of exception
Exception Approved in Attestation Indicates whether the exception is approved or not
Reviewer First Name First name of the reviewer
Reviewer Last Name Last name of the reviewer
Reviewer User ID User ID of the reviewer

18.5.5.14 User Resource Access History

This report provides administrators or auditors the ability to view user's resource access history over user's lifecycle. This report can be used for compliance and forensic auditing purposes. This is not a user access profile snapshot report. This is a lifetime report showing entire history of user's entitlements.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description
First Name First name of the user
Last Name Last name of the user
User ID ID of the user
Organization Organization of the user
Status Status of the user
Employee Type Type of employee

Fields

The following table lists the fields of the report:

Report Field Description
User ID ID of the user
User First Name First name of the user
User Last Name Last name of the user
Manager User ID ID of the reporting Manager
Manager First Name First name of the reporting Manager
Manager Last Name Last name of the reporting Manager
Organization Organization of the user
Employee Status Status of employee
Employee Type Type of employee
Identity Creation Date User creation date

Columns

The following table lists the columns of the report:

Report Column Description
Resource Name Name of the resource
Resource Descriptive Data Description of the resource
Provisioned Date Date on which the resource is provisioned
Provisioned By Name of the person who provisioned the resource
Effective From Effective start date of resource access to the user
Effective To Effective end date of resource access to the user

18.5.5.15 User Resource Access

This report provides administrators or auditors the ability to query all existing users provisioned to a specified resource. This report can be used for operational and compliance purposes.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description
First Name First name of the user
Last Name Last name of the user
User ID ID of the user
Organization Organization of the user
Employee Status Status of employee
Employee Type Type of employee

Fields

The following table lists the fields of the report:

Report Field Description
User ID ID of the user
User First Name First name of the user
User Last Name Last name of the user
Manager User ID ID of the reporting Manager
Manager First Name First name of the reporting Manager
Manager Last Name Last name of the reporting Manager
Organization Organization of the user
Employee Status Status of employee
Employee Type Type of employee
Identity Creation Date User creation date

Columns

The following table lists the columns of the report:

Report Column Description
Resource Name Name of the resource
Resource Descriptive Data Description of the resource
Resource Status Status of the resource
Provisioned Date Date on which the resource is provisioned

18.5.5.16 User Resource Entitlement

This report provides administrators or auditors the ability to query all existing entitlements provisioned to specific users. This report can be used for operational and compliance purposes.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description
User ID ID of the user
First Name First name of the user
Last Name Last name of the user
Email Email of the user
Resource Name Name of the resource
Organization Organization of the user
Role Name Name of the role
User Status Status of the user
User Type Type of the user

Fields

The following table lists the fields of the report:

Report Field Description
User ID ID of the user
First Name First name of the user
Middle Name Middle name of the user
Last Name Last name of the user
Email Email of the user
Organization Organization of the user
User Status Status of the user
User Type Type of the user
Manager First Name First name of the manager
Manager Last Name Last name of the manager
Start Date Entitlement of resource start date
End Date Entitlement of resource end date

Columns

The following table lists the columns of the report:

Report Column Description
Entitlement Code Code of the entitlement
Entitlement Name Name of the entitlement
Entitlement Status Status of the entitlement
Resource Type of the resource
Provisioning Start Date from which the resource is provisioned to the user
Valid From Date Entitlement of resource valid start date

18.5.5.17 User Resource Entitlement History

This report provides administrators or auditors the ability to view user's resource entitlement history over user's lifecycle. This report can be used for compliance and forensic auditing purposes. This is not a user access profile snapshot report. This is a lifetime report showing entire history of user's entitlements.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description
User ID ID of the user
First Name First name of the user
Last Name Last name of the user
Email Email of the user
Resource Name Name of the resource
Organization Organization of the user
Role Name Name of the role
User Status Status of the user
User Type Type of the user
Effective From Date Resource entitlement effective start date
Effective To Date Resource entitlement effective end date

Fields

The following table lists the fields of the report:

Report Field Description
User ID ID of the user
First Name First name of the user
Last Name Last name of the user
User Status Status of the user
User Type Type of the user
Organization Organization of the user
Email Email of the user
Start Date Start date of resource entitlement
End Date End date of resource entitlement
Identity Creation Date Date of identity creation
Manager First Name First name of the manager
Manager Last Name Last name of the manager

Columns

The following table lists the columns of the report:

Report Column Description
Entitlement Code Code of the entitlement
Entitlement Name Name of the entitlement
Resource Type of the resource
Effective From Date Resource entitlement effective start date
Effective To Date Resource entitlement effective end date

18.5.6 User Reports

Oracle Identity Manager BI Publisher Reports provides the following user reports for Oracle Identity Manager:

18.5.6.1 User Profile History

This report shows all the users and their details based on the input parameters.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description
First Name First name of the user
Last Name Last name of the user
User ID ID of the user
Organization Organization of the user
Role Name Role of the user
Manager User ID ID of the Manager to whom the user reports
Employee Status Status of the user
Employee Type Type of employee
Changes Date Range From Effective start date of the changes
Changes Date Range To Effective end date of the changes
Snapshot Date Range From Effective start date of resource access to the user
Snapshot Date Range To Effective end date of resource access to the user

Fields

The following table lists the fields of the report:

Report Field Description
User ID ID of the user
User First Name First name of the user
User Last Name Last name of the user
Manager User ID ID of the reporting Manager
Manager First Name First name of the reporting Manager
Manager Last Name Last name of the reporting Manager
Organization Organization of the user
Employee Status Status of employee
Employee Type Type of employee
Identity Creation Date User creation date

Columns

The following table lists the columns of the report:

Report Column Description
Profile Parameter Name of user profile
Value Value of user profile
Date Effective From Effective from date
Time Effective From Effective from time

18.5.6.2 User Summary

It lists all Oracle Identity Manager users created in a specified time period. In addition, it provides information on whether the users were created manually or through trusted reconciliation.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description
First Name First name of the user
Last Name Last name of the user
User ID ID of the user
Employee Status Status of the user
Employee Type Type of employee
Creation Date From Start date of user summary
Creation Date To End date of user summary

Fields

N/A

Columns

The following table lists the columns of the report:

Report Column Description
First Name First name of the user
Last Name Last name of the user
User ID ID of the user
Organization Organization of the user
Employee Status Status of the user
Employee Type Type of employee
Manager ID ID of the Manager to whom the user reports
Source User creation source
Creation Date Date at which the user is created

18.5.6.3 Users Deleted

This report shows all the deleted users and their details based on input parameters.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description
First Name First name of the user
Last Name Last name of the user
User ID ID of the user
Organization Organization of the user
Employee Type Type of employee
Deletion Date From Start date of summary of deleted users
Deletion Date To End date of summary of deleted users

Fields

N/A

Columns

The following table lists the columns of the report:

Report Column Description
First Name First name of the user
Last Name Last name of the user
User ID ID of the user
Organization Organization of the user
Employee Type Type of employee
Manager ID ID of the Manager to whom the user reports
Source User creation source
Deletion Date Date at which the user is deleted

18.5.6.4 Users Disabled

This report provides the ability to view the details of users whose accounts are disabled. The account may be disabled for various reasons. For example, rejection in attestation, unsuccessful login or password reset attempts failure and so on.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description
First Name First name of the user
Last Name Last name of the user
User ID ID of the user
Organization Organization of the user
Employee Type Type of employee
Disabled Date From Start date of user disabled
Disabled Date To End date of user disabled

Fields

N/A

Columns

The following table lists the columns of the report:

Report Column Description
First Name First name of the user
Last Name Last name of the user
User ID ID of the user
Organization Organization of the user
Employee Status Current status of the employee
Employee Type Type of employee
Manager ID ID of the Manager to whom the user reports
Source User creation source
Disabled Date Date at which the user is disabled

18.5.6.5 Users Unlocked

This report provides the ability to view the details of users whose disabled accounts are unlocked by administrators. Delegated administrators of the organizations to whom the user belongs may enable the accounts.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description
First Name First name of the user
Last Name Last name of the user
User ID ID of the user
Organization Organization of the user
Employee Type Type of employee
Unlocked Date From Start date of user unlocked
Unlocked Date To End date of user unlocked

Fields

N/A

Columns

The following table lists the columns of the report:

Report Column Description
First Name First name of the user
Last Name Last name of the user
User ID ID of the user
Organization Organization of the user
Employee Status Status of the user
Employee Type Type of employee
Manager ID ID of the Manager to whom the user reports
Source User creation source
Unlocked Date Date at which the user is unlocked

18.5.7 Best Practices for Running Oracle Identity Manager Reports

As a best practice, you must consider the following points before running Oracle Identity Manager BI publisher reports:

  • Do not run Oracle Identity Manager reports with null value in date range parameters. You must run Oracle Identity Manager reports always with date range values in data range parameters, otherwise report will not display anything.

  • Invoke the reports with the set of values as input parameters to provide the selectivity, thus improving the performance.

18.6 Exception Reports

In Oracle Identity Manager, exception refers to the difference between accounts that a user is entitled to and the accounts that are actually assigned to a user. The user is assigned these accounts as a result of access policies, provisioning of resources, approval requests, and reconciliation events. Any difference of these accounts assigned to a user in the target system and the ones assigned to the user in Oracle Identity Manager comprises an exception.

To populate the data for account audit and reconciliation exceptions report:

  1. Set the value of the XL.EnableExceptionReports system property to True. See "Administering System Properties" in the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Manager for information about system properties.

  2. Verify that the Object Initial Reconciliation Date field of the resource object is earlier than the sysdate.

The following exception reports have been introduced in this release:

  • Rogue Accounts By Resource

    This report returns a list of all the rogue accounts existing in a resource. The following exceptions are reported:

    • An account that exists in the target system, but is not provisioned to the corresponding user in Oracle Identity Manager

    • An account that exists in the target system, but has been deprovisioned for the corresponding user in Oracle Identity Manager

  • Orphaned Account Summary Report: An account that exists in the target system, but the corresponding user to whom the account is provisioned has been deleted in Oracle Identity Manager. For the given input resource, it lists the rogue accounts that exist in the target system, but the corresponding users to whom the accounts are provisioned has never existed in Oracle Identity Manager.

  • Fine Grained Entitlement Exceptions By Resource

    This report returns a list of all the accounts in a resource for which the process form data being reconciled is different from the expected values. It means that this report returns any account existing in the target system that is also provisioned to the corresponding user in Oracle Identity Manager, but for which the process data does not match.

    Note:

    • After completion of initial target reconciliation, all account-related activities performed directly on a target resource are tracked as exception activity. Account-related activities include account creation, account modification, and entitlement assignment/revocation. The exception reports should be used only if the organization policies enforce that all account-related activities in target resources would always be initiated in Oracle Identity Manager. In addition, remember that exception detection and recording are an extension of account data reconciliation and, therefore, may result in a drop in performance during reconciliation.

    • All the exception reports depend on reconciliation data. Therefore, these reports will not display any data if the corresponding reconciliation events are archived.

18.7 Creating Reports Using Third-Party Software

Oracle Identity Manager supports the creation of reports by using third-party tools such as Crystal Reports. You can use a third-party tool to create the reports listed in Section 18.5, "Reports for Oracle Identity Manager".

Note:

To learn how to create reports by using third-party software, see the third-party software documentation.

18.8 Required Scheduled Tasks for BI Publisher Reports

Table 18-1 lists the scheduled tasks required for Oracle Identity Manager BI Publisher reports:

Table 18-1 Scheduled Tasks for BI Publisher Reports

Report Name Scheduled Task Name Description

Fine Grained Entitlement Exceptions By Resource

RefreshMaterializedView

To refresh the Materialized View used in this report with the latest data

User Profile History

IssueAuditTask

To populate the audit tables with the latest data

User Unlocked

IssueAuditTask

To populate the audit tables with the latest data

User Membership History

IssueAuditTask

To populate the audit tables with the latest data

Role Membership History

IssueAuditTask

To populate the audit tables with the latest data

Resource Access List History

IssueAuditTask

To populate the audit tables with the latest data

User Resource Access History

IssueAuditTask

To populate the audit tables with the latest data

Resource Activity Summary

IssueAuditTask

To populate the audit tables with the latest data

Password Reset Summary

IssueAuditTask

To populate the audit tables with the latest data

Entitlement Reports

Entitlement List

To populate the Entitlement List table with the marked entitlements

 

Entitlement Assignment

To populate the Entitlement Assignment tables with the assigned entitlements

 

Entitlement Updates

To populate the latest data into the Entitlement Assignment tables, if any entitlement has assigned to any user periodically or later