Certification reporting

Report types

There are three types of certification reports presented in OpenIAM.

Scope report

The purpose of this report is to show the initial state of the certification. It lists the users whose access will be reviewed, what access will be reviewed, and who will do the review.
This report is generated by the system in the background when the administrator initiates a new campaign. The report can be downloaded in the webconsole, on the Report tab of the certification screen.
Also, the manager (and global UAR managers) of the campaign can find this report in self-service, in the Report tab.
The admin can perform an EXECUTE_ACCESS_CERTIFICATION command to see if there are any warning messages about scope report generation.

Current state report

The purpose of this report is to represent the current status of an access certification. The administrator can generate it, and it will be delivered to their mailbox. The report contains information about the certification status at the time of generation. This function is equivalent to getting a report from the Report menu > ACCESS_CERTIFICATION_REPORT.

Results report

The purpose of this report is to represent the results of a completed access certification campaign. This report is generated by the system: the batch task Access Certification reporting runs every night (and can be reconfigured to run on a custom schedule) and checks if there is a completed certification campaign without a results report. If the campaign lacks the results report, then the report is generated and sent to the UAR manager's email.
This process is captured in the audit system, and you can run it with the ACCESS_CERTIFICATION_AUTO_REPORTING action.

Configuring report generation

  1. Create a content provider. You can name it Call report API or give it any other applicable name.

Below is an example of the content provider configuration when running OpenIAM in Docker.

Content provider for reporting docker install

  1. Save it and add one /reportviewer/* URL pattern. Click Create in the URI Patterns section.

Uri pattern for reporting

If you are using RPM as your installation environment, use localhost instead of ui (see the screenshot below).

Content provider for reporting rpm install

This URL will be called by OpenIAM as a background task to generate the scope and results report.

  1. Navigate to System configuration > Authentication and fill in the fields as described below:

    • API call base domain. If running a Docker install, insert http://ui:8080. If running an RPM install, insert http://localhost:8080.
    • Default Base Domain. Enter the base domain URL that will be used to generate links to open campaigns for reviewer email notifications. An example can be found here.

At this point, access certification reporting is configured.