Certification reporting

1 Report types

There are three types of the certification report presented in OpenIAM.

  1. Scope report. The purpose of this report is to show the initial state of the certification. There is a list of users, whose access will be reviewed, and also which access and who will do the review. This report is generated by system in the background when administrator initiates new campaign. The report can be downloaded in webconsole, on a report tab of the certification screen. Also manager (and global UAR managers) of the campaign can find this report in selfservice, in a report tab. Admin can perform an EXECUTE_ACCESS_CERTIFICATION command to see if there are any warning messages about scope report generation.

  2. Current state report. The purpose of this report is to represent current status of access certification. Administrator can generate it and it will be delivered into mailbox. Report contains info about certification status at the time of the report generation. This function equals to getting report from menu Report -> ACCESS_CERTIFICATION_REPORT.

  3. Results report The purpose of this report is to represent results of completed access certification campaign. This report is generated by system, batch task Access Certification reporting is called every night (can be reconfigured to be run based on custom schedule) and it checks if there is a completed certification campaign without result report. If the campaign lacks the result report, then report is generated and sent to UAR manager's email. This process is captured in audit system, you can run it with ACCESS_CERTIFICATION_AUTO_REPORTING action.

2 Configuring report generation

Step 1. Create content provider. You can name it Call report API. Below there is an example of the content provider configuration when running OpenIAM in Docker. Content provider for reporting docker install

Step 2. Save it and add one /reportviewer/* URL pattern. Click Create in URI Patterns section. Uri pattern for reporting

If you are using rpm installation then use 'localhost' instead of 'ui'(see figure below) Content provider for reporting rpm install This uri will be called by OpenIAM as the background task to generate scope and result report.

Step 3. Now go to System configuration-> Authentication -> fill it ->

  1. API call base domain. If running Docker install, insert http://ui:8080. If running rpm install, insert http://localhost:8080

  2. Default Base Domain Put the base domain URL that will be used to generate links to open campaigns for reviewers email notifications. Example can be found here: https://demo.openiam.com