Running Reports

As an audit administrator, identity domain administrator, or application administrator, you can run operational or historical reports that capture data about users, applications, and diagnostic log levels.

Understanding Reports

The following reports are available:
  • Audit Log: Capture system activity such as successful and failed logins, user creation, update, and deletion, etc.
  • Notification Delivery Status: View the email notification delivery status for events such as new users, self-initiated password changes, etc.
  • Successful Login Attempts: View users who have logged in successfully.
  • Unsuccessful Login Attempts: View users who have not logged in successfully.
  • Dormant Users: View users who have not logged in since a specified date.
  • Application Access: View how many times users logged in to both Identity Domain, and Oracle or custom applications in your identity domain.
  • Application Role Privileges: View application role grants and revocations for users and groups for applications that are configured in identity domains.
Note

Oracle Cloud maintains audit logs for reports for 90 days.
Audit Log Report

The audit log captures system activity such as successful and failed logins, user creation, update and deletion, and so on. Various different event types are captured, and you can search for specific types of event, or by date.

Example of an Audit Log

Screenshot of audit log report

Data

The audit log report shows:
  • The date and time of an event.
  • The logged in user or client who caused the event.
  • The event id.
  • A description of the event.
  • The target of the event.

More Details

For each row in the report, you can click > to expand details for that entry. The additional information for each row is:
  • The Execution Context Id
  • Client IP
  • SSO Comments
  • SSO Browser
  • Matched Sign-On Policy Rule
  • Authentication Level
  • User's device information, that is, the device fingerprint
  • Protected resource
  • SSO Policy Obligation

Filtering the Results

You can filter the audit log report to show:
  • Results from a specific date range. Audit log events are only kept for 90 days, so you cannot search from earlier than 90 days ago.
  • The logged in user or client. This is case-sensitive and you must enter the user name exactly as it appears on the system.
  • The description of the event. Start typing the name of the description, or choose from the list.
Audit Log Events

The following events are reported in the Audit Log:

  • Application access failed
  • Application accessed
  • Application activated
  • Application created
  • Application deactivated
  • Application deleted
  • Application granted
  • Application revoked
  • Application updated
  • Bypasscode created
  • Group deleted
  • IAM group created
  • MFA factor enrolled
  • Notification delivered
  • Notification not delivered
  • Password changed
  • Password policy created
  • Password policy updated
  • Password reset
  • Password reset by Admin
  • SSO policy created
  • SSO policy rule created
  • SSO policy rule updated
  • SSO policy updated
  • User activated
  • User added to group
  • User created
  • User deactivated
  • User deleted
  • User login
  • User login failed
  • User logout
  • User removed from group
  • User updated
Notification Delivery Status Report

Capture system activity such as successful and failed logins, user creation, update and deletion, and so on.

Data

The notification delivery status report shows:
  • The email address of the recipient.
  • The channel, for example, email.
  • The notification delivery status, for example, Delivered.
  • The date and time it was delivered.
  • The description associated with the notification.

Filtering the Results

You can filter the report to show:
  • Results from a specific channel.
  • The email address of the recipient.
  • The notification delivery status.
Successful Login Attempts Report

Use the successful login attempts report to view users who have logged in to IAM successfully.

Data

The successful login attempts report shows:
  • The user name or client.
    Note

    This just shows users who have logged into IAM using their IAM credentials (user name and password, or user name and second factor). User names of federated users logging in using an identity provider are not displayed.
  • The date and time of the successful login.
  • The provider.

Filtering the Results

You can filter the report to show:
  • Results from the last 30 days, the last 60 days, or the last 90 days.
  • Results from a specific date range.
Unsuccessful Login Attempts Report

Use the unsuccessful login attempts report to view users who have not logged in to IAM successfully.

Data

The unsuccessful login attempts report shows:
  • The overall number of successful and unsuccessful logins
  • The user name or client.
    Note

    This just shows users who have logged into IAM using their IAM credentials (user name and password, or user name and second factor). User names of federated users logging in using an identity provider are not displayed.
  • The date and time of the unsuccessful login.
  • Any comments about the unsuccessful login.

Filtering the Results

You can filter the report to show:
  • Results from the last 30 days, the last 60 days, or the last 90 days.
  • Results from a specific date range.
Dormant Users Report

View users who have not logged into IAM since a specified date.

Data

The dormant users report shows:
  • The user name or client.
    Note

    This just shows users who have logged into IAM using their IAM credentials (user name and password, or user name and second factor). User names of federated users logging in using an identity provider are not displayed.
  • The last successful login date.
  • The full name associated with the user name or client.
  • The primary email address for the account.

Filtering the Results

You can filter the report to show:
  • Results from a specific date range.
  • The user name or client. This is case-sensitive and you must enter it exactly as it appears on the system.
Application Access Report

Use the application access report to view how many times users logged in to both IAM, and Oracle and custom applications in your identity domain.

Data

The application access report shows:
  • The name of the user.
  • The email address used in the login.
  • Whether the action was a success or failure.
  • The name of the application.
  • The date and time of access or attempted access.

Filtering the Results

You can filter the report to show:
  • The name of the user.
  • The login email.
  • The name of the application.
  • Results from a specific date range.
Application Role Privileges Report

Use the application role privileges report to view application role grants and revokes for users and groups for applications that are configured in IAM.

Data

The application role privileges report shows:
  • The name of the admin who approved the application role privilege.
  • Name of the application where application role privilege has been granted or revoked.
  • The name of the application role.
  • Whether it is for a single user, or for a group.
  • The date and time of when the privilege was granted or revoked.

Filtering the Results

You can filter the report by:
  • Approver.
  • Application name.
  • The user or group.
  • The application role name.
  • Results from a specific date range.

Administrators

As an audit administrator, identity domain administrator, or application administrator, you can run operational or historical reports that capture data about users, and applications.

Identity domain administrator

This is a super-user account, and the identity domain administrator can access all reports.

Security administrator

The security administrator can access the dormant users report.

Application administrator

The application administrator can access:

  • The application access report
  • The application role privileges report

Audit administrator

The audit administrator can access:

  • Successful login attempts report
  • Unsuccessful login attempts report
  • Dormant users report
  • The Application Access report
  • The Application Role Privileges report

User administrator

The user administrator can access:

  • Successful login attempts report
  • Unsuccessful login attempts report

Using the Console

Running Reports
To run IAM reports, you must be assigned to the identity domain administrator role, the audit administrator role, or the application administrator role. See Adding or Removing a User Account from an Administrator Role for more information about assigning administrator roles to users.
  1. Open the navigation menu and click Identity & Security. Under Identity, click Domains.
  2. Select the identity domain you want to work in and click Reports.
The report is displayed on the screen. You can use filters to search for specific information, and you can download the results.
Filtering Report Data
You can filter the report results to focus on a particular date, or a specific user, or the type of even recorded. The filters available depend on the type of report.
  1. With the report open, user the filter fields to specify the results you want. You can see the filters for each report type in the description of that report.
  2. Click Run.
The filtered report is displayed on the screen.
Exporting Report Data
You can download report data for:
  • Audit log report
  • Successful and unsuccessful login reports
  • Application access and application role privileges reports

IAM supports CSV report generation.

  1. With the report open, apply any filters and click Run.
  2. Click Download.
  3. Choose a location for the download file, or have it open in Excel.

The report is created, and either saved at the chosen location, or opened in Excel.

.