7 Run Oracle Identity Cloud Service Reports

Learn about the types of reports available and how to view Oracle Identity Cloud Service reporting data.

Topics:

• Typical Workflow for Running Oracle Identity Cloud Service Reports
• Understand the Types of Reports
• Organize Report Data
• Filter Report Data
• Run Reports
• Export Report Data

Typical Workflow for Running Oracle Identity Cloud Service Reports

With the reporting feature in Oracle Identity Cloud Service, you can run user, application, and diagnostic data reports.

Task	Description	Additional Information
Understand the types of reports.	Learn about the types of reports that you can run. Understand the data reported in each report type, and discover what you can filter the data in a report to focus on the data you want.	Understand the Types of Reports
Run reports.	From the Reports page, you can run reports.	Run Reports
Organize the report data.	To improve efficiency, filter and sort the data for each report type.	Organize Report Data
Filter report data.	Apply filters to the report data.	Filter Report Data
Export report data	Export data as a CSV file.	Export Report Data

You can run user, application, and diagnostic data reports by using:

• The Identity Cloud Service console

• SCIM-based APIs

In the following sections, you learn how to run reports by using the Identity Cloud Service console.

For more information about how to use SCIM APIs, see REST API for Oracle Identity Cloud Service.

Understand the Types of Reports

As an audit administrator, identity domain administrator, or application administrator, you can run operational or historical reports that capture data about Oracle Identity Cloud Service users, applications, and diagnostic log levels.

The following reports are available.

• Audit Log: Capture system activity such as successful and failed logins, user creation, update and deletion, etc.
• Notification Delivery Status: View the email notification delivery status for events such as new users, self-initiated password changes, etc.
• Successful Login Attempts: View users who have logged in to Oracle Identity Cloud Service successfully.
• Unsuccessful Login Attempts: View users who have not logged in to Oracle Identity Cloud Service successfully.
• Dormant Users: View users who have not logged into Oracle Identity Cloud Service since a specified date.
• Application Access Report: View how many times users logged in to both Oracle Identity Cloud Service, and Oracle and custom applications in your identity domain.
• Application Role Privileges Reports: View application role grants and revocations for users and groups for applications that are configured in Oracle Identity Cloud Service.
• Diagnostic Data: View logging data captured in Oracle Identity Cloud Service.

You can access the Auditing Users, Groups, and Applications and Performing Self-Service Diagnostics infographics to see how to run user, application, and diagnostic data reports in Oracle Identity Cloud Service.

Administrators

Check which administrators can access different report types.

You must have the correct administator role for the type of report you want to view, run, or download.

Identity domain administrator

This is a super-user account, and the identity domain administrator can access all reports.

Security administrator

The security administrator can access the dormant users report.

Application administrator

The application administrator can access:

• The application access report
• The application role privileges report

Audit administrator

The audit administrator can access:

• Successful login attempts report
• Unsuccessful login attempts report
• Dorman users report
• The Application Access report
• The Application Role Privileges report

User administrator

The user administrator can access:

• Successful login attempts report
• Unsuccessful login attempts report

Audit Log Report

The audit log captures system activity such as successful and failed logins, user creation, update and deletion, and so on. A number of different event types are captured, and you can search for specific types of event, or by date.

Example of an Audit Log

Data

The audit log report shows:

• The date and time of an event.
• The logged in user or client who caused the event.
• The event id.
• A description of the event.
• The target of the event.

Additional details

For each row in the report, you can click on > to expand details for that entry. The additional information for each row is:

• The Execution Context Id
• Client IP
• SSO Comments
• SSO Browser
• Matched Sign-On Policy Rule
• Authentication Level
• User's device information, that is, the device fingerprint
• Protected resource
• SSO Policy Obligation

Filtering the results

You can filter the audit log report to show:

• Results from a specific date range. Audit log events are only kept for 90 days, so you cannot search from earlier than 90 days ago.
• The logged in user or client. This is case sensitive and you must enter the user name exactly as it appears on the system.
• The description of the event. Start typing the name of the description, or choose from the list.

Audit Log Events

The following events are reported in the Audit Log:

• Application access failed
• Application accessed
• Application activated
• Application created
• Application deactivated
• Application deleted
• Application granted
• Application revoked
• Application updated
• Bypasscode created
• Group deleted
• IDCS group created
• MFA factor enrolled
• Notification delivered
• Notification not delivered
• Password changed
• Password policy created
• Password policy updated
• Password reset
• Password reset by Admin
• SSO policy created
• SSO policy rule cfreated
• SSO policy rule updated
• SSO policy updated
• User activated
• User added to group
• User created
• User deactivated
• User deleted
• User login
• User login failed
• User logout
• User removed from group
• User updated

Notification Delivery Status Report

Capture system activity such as successful and failed logins, user creation, update and deletion, and so on.

Data

The notification delivery status report shows:

• The email address of the recipient.
• The channel, for example, email.
• The notification delivery status, for example, Delivered.
• The date and time it was delivered.
• The description associated with the notification.

Filtering the results

You can filter the report to show:

• Results from a specific channel.
• The email address of the recipient.
• The notification delivery status.

Successful Login Attempts Report

You can use the successful login attempts report to view users who have logged in to Oracle Identity Cloud Service successfully.

Data

The successful login attempts report shows:

• The user name or client.

  Note:

  This will just show users who have logged into Oracle Identity Cloud Service using their Oracle Identity Cloud Service credentials (user name and password, or user name and second factor). User names of federated users logging in via an identity provider are not displayed.
• The date and time of the successful login.
• The provider.

Filtering the results

You can filter the report to show:

• Results from the last 30 days, the last 60 days, or the last 90 days.
• Results from a specific date range.

Unsuccessful Login Attempts Report

You can use the unsuccessful login attempts report to view users who have not logged in to Oracle Identity Cloud Service successfully.

Data

The unsuccessful login attempts report shows:

• The overall number of successful and unsuccessful logins
• The user name or client.

  Note:

  This will just show users who have logged into Oracle Identity Cloud Service using their Oracle Identity Cloud Service credentials (user name and password, or user name and second factor). User names of federated users logging in via an identity provider are not displayed.
• The date and time of the unsuccessful login.
• Any comments about the unsucessful login.

Filtering the results

You can filter the report to show:

• Results from the last 30 days, the last 60 days, or the last 90 days.
• Results from a specific date range.

Dormant Users Report

View users who have not logged into Oracle Identity Cloud Service since a specified date.

Data

The dormant users report shows:

• The user name or client.

  Note:

  This will just show users who have logged into Oracle Identity Cloud Service using their Oracle Identity Cloud Service credentials (user name and password, or user name and second factor). User names of federated users logging in via an identity provider are not displayed.
• The last successful login date.
• The full name associated with the user name or client.
• The primary email address for the account.

Filtering the results

You can filter the report to show:

• Results from a specific date range.
• The user name or client. This is case sensitive and you must enter it exactly as it appears on the system.

Application Access Report

You can use the application access report to view how many times users logged in to both Oracle Identity Cloud Service, and Oracle and custom applications in your identity domain.

Data

The application access report shows:

• The name of the user.
• The email address used in the login.
• Whether the action was a success or failure.
• The name of the application.
• The date and time of access or attempted access.

Filtering the results

You can filter the report to show:

• The name of the user.
• The login email.
• The name of the application.
• Results from a specific date range.

Application Role Privileges Report

You can use the application role privileges report to view application role grants and revokes for users and groups for applications that are configured in Oracle Identity Cloud Service.

Data

The application role privileges report shows:

• The name of the admin who approved the application role privilege.
• Name of the application where application role privilege has been granted or revoked.
• The name of the application role.
• Whether it is for a single user, or for a group.
• The date and time of when the privilege was granted or revoked.

Filtering the results

You can filter the report by:

• Approver.
• Application name.
• The user or group.
• The application role name.
• Results from a specific date range.

Run the Diagnostic Data Report

Use the Diagnostic Data report to view logging data captured in Oracle Identity Cloud Service for diagnostic purposes.

Data and filtering the results

The information reported in the Diagnostic Data report is:

• Correlation ID: The correlation identifire for the request.
• Type: The diagnostic level of the record.
• Message: The diagnostic message that has been recorded.
• Component: The name of the micro-service which raised the message.
• The timestamp when the diagnostic message has been recorded.

You can filter by any of these values, and also by the user name or client.

There are two steps to perform to get diagnostic data:

• Set the logging level at which you capture operational logs. You do this in the Settings menu.
• Then go to the Diagnostic Data report in Reports where the data is displayed.

1. In the Identity Cloud Service console, expand the Navigation Drawer, click Settings, and then click Diagnostics.
2. Click Diagnostics Type to set the Oracle Identity Cloud Service log level.
   • To capture high-level logging information only, select Activity View.
   • To capture both mid-level and high-level logging information, select Data View.
   • To capture detailed logging information, select Service View.
3. Toggle Identify item in search results on to identify the resources returned in the diagnostic log.
4. Click Save to activate data logging in Oracle Identity Cloud Service. You can view logging data captured over the next 15 minutes for diagnostic purposes.

   Note:

   After 15 minutes, the Oracle Identity Cloud Service log level reverts to None automatically.
5. In the Identity Cloud Service console, go to the Reports page.
6. In the Reports page, expand the Diagnostics node.
7. Click the Diagnostic Data report. Detailed report information appears.
8. Filter the data that appears in the Diagnostic Data report.
9. To download a comma-separated values (CSV) version of the report, click Download Report.

Organize Report Data

With Oracle Identity Cloud Service, you can organize the report data to increase your efficiency by:

• Filtering the report data: After you run a report, Oracle Identity Cloud Service displays the report data in tabular form, which can sometimes contain a large amount of data. Instead of scrolling through many report pages for the information that you need, refine the data by filtering it. For example, view all the report data that Oracle Identity Cloud Service recorded over a designated time interval. Or, customize a date or time range to see this data.

• Sorting the report data: Sort the report data in the table in ascending or descending order. Place the mouse pointer in a column heading to see an up-arrow button. Click the up-arrow button once to sort the data in ascending order, and click the button again to sort the data in descending order.

Filter Report Data

You can filter the report results to focus on a particular date, or a specific user, or the type of even recorded. The filters available depend on the type of report.

1. With the report open, user the filter fields to specify the results you want. You can see the filters for each report type in the description of that report.
2. Click Run.

The filtered report is displayed on the screen. You can sort the columns by clicking on the column headings.

Export Report Data

You can download report data for:

• Audit log report
• Successful and unsuccessful login reports
• Application access and application role privileges reports
• Diagnostic data report

Oracle Identity Cloud Service supports CSV report generation.

1. With the report open, apply any filters and click Run.
2. Click Download.
3. Choose a location for the download file, or have it open in Excel.

The report is created.