Certification reporting
1 Report types
There are three types of the certification report presented in OpenIAM.
Scope report. The purpose of this report is to show the initial state of the certification. There is a list of users, whose access will be reviewed, and also which access and who will do the review. This report is generated by system in the background when administrator initiates new campaign. The report can be downloaded in webconsole, on a report tab of the certification screen. Also manager (and global UAR managers) of the campaign can find this report in selfservice, in a report tab. Admin can perform an
EXECUTE_ACCESS_CERTIFICATION
command to see if there are any warning messages about scope report generation.Current state report. The purpose of this report is to represent current status of access certification. Administrator can generate it and it will be delivered into mailbox. Report contains info about certification status at the time of the report generation. This function equals to getting report from menu
Report
->ACCESS_CERTIFICATION_REPORT
.Results report The purpose of this report is to represent results of completed access certification campaign. This report is generated by system, batch task
Access Certification reporting
is called every night (can be reconfigured to be run based on custom schedule) and it checks if there is a completed certification campaign without result report. If the campaign lacks the result report, then report is generated and sent to UAR manager's email. This process is captured in audit system, you can run it withACCESS_CERTIFICATION_AUTO_REPORTING
action.
2 Configuring report generation
Step 1. Create content provider. You can name it Call report API. Below there is an example of the content provider configuration when running OpenIAM in Docker.
Step 2.
Save it and add one /reportviewer/* URL pattern. Click Create
in URI Patterns section.
If you are using rpm installation then use 'localhost' instead of 'ui'(see figure below) This uri will be called by OpenIAM as the background task to generate scope and result report.
Step 3.
Now go to System configuration
-> Authentication
-> fill it ->
API call base domain. If running Docker install, insert http://ui:8080. If running rpm install, insert http://localhost:8080
Default Base Domain Put the base domain URL that will be used to generate links to open campaigns for reviewers email notifications. Example can be found here: https://demo.openiam.com