Certification reporting
Report types
There are three types of certification reports presented in OpenIAM.
Scope report
The purpose of this report is to show the initial state of the certification. It lists the users whose access will be reviewed, what access will be reviewed, and who will do the review.
This report is generated by the system in the background when the administrator initiates a new campaign. The report can be downloaded in the webconsole, on the Report tab of the certification screen.
Also, the manager (and global UAR managers) of the campaign can find this report in self-service, in the Report tab.
The admin can perform an EXECUTE_ACCESS_CERTIFICATION
command to see if there are any warning messages about scope report generation.
Current state report
The purpose of this report is to represent the current status of an access certification. The administrator can generate it, and it will be delivered to their mailbox. The report contains information about the certification status at the time of generation. This function is equivalent to getting a report from the Report menu > ACCESS_CERTIFICATION_REPORT
.
Results report
The purpose of this report is to represent the results of a completed access certification campaign. This report is generated by the system: the batch task Access Certification reporting runs every night (and can be reconfigured to run on a custom schedule) and checks if there is a completed certification campaign without a results report. If the campaign lacks the results report, then the report is generated and sent to the UAR manager's email.
This process is captured in the audit system, and you can run it with the ACCESS_CERTIFICATION_AUTO_REPORTING
action.
Configuring report generation
- Create a content provider. You can name it Call report API or give it any other applicable name.
Below is an example of the content provider configuration when running OpenIAM in Docker.
- Save it and add one
/reportviewer/*
URL pattern. Click Create in the URI Patterns section.
If you are using RPM as your installation environment, use localhost
instead of ui
(see the screenshot below).
This URL will be called by OpenIAM as a background task to generate the scope and results report.
Navigate to System configuration > Authentication and fill in the fields as described below:
- API call base domain. If running a Docker install, insert
http://ui:8080
. If running an RPM install, inserthttp://localhost:8080
. - Default Base Domain. Enter the base domain URL that will be used to generate links to open campaigns for reviewer email notifications. An example can be found here.
- API call base domain. If running a Docker install, insert
At this point, access certification reporting is configured.