Account reports
The accounts reports show information of accounts in a system.
An account is a specific user account in a specific system, for example an Active Directory user. An account can be personal, if matched one to one with an identity or non-personal if not. Examples of non-personal accounts are administrative or service accounts.
WAC001 Account list
The Account list is a list report that shows the accounts that belong to a system. The report shows account (account UID), account name, the identity that is the owner of the account (if matched) and the account type.
The account list will show the following fields for each account within the report scope. The report links to the following reports:
- System details (WSY002)
- Account details (WAC002)
- Identity details (WID002)
WAC001 fields
| Field | Description |
|---|---|
| Color icon | Left side color coding indicates compliance status. If the Role and Policy Engine is not used, the color icon shows approval state.Red indicates rejected or not attested; green indicates approved. This field links to the Resource assignment details report. |
| Account | The unique ID of the account. This field links to the Account details report. |
| Name | The full account name. |
| Identity | If the account has been matched to an identity (by exact or fuzzy match or a custom join) the identity field shows the identity name.The field links to the Identity details report for matched identities. |
| Type | Shows the account type. Accounts that are matched to an identity via exact or fuzzy match will have the value of “Personal” in this column. For a custom join match, the type may be something other than “Personal”. Unless customizations have been made to the ODW import logic, the type field will be empty for accounts that are not matched to an identity. |
| Category | Category of the account. Source system dependent |
| Compliance status | Shows the compliance status as calculated by the Omada Identity Role and Policy Engine. The possible values are: Explicitly Approved Implicitly Approved Not Approved Orphan Assignment Pending Deprovisioning In Violation Implicitly Assigned None |
| Reason | Shows the reason for the resource assignment, as calculated in the Role and Policy Engine. If the Role and Policy Engine is not used, the Reason field indicates if the resource assignment is implicit or explicit. An implicit resource assignment is associated with an identity through a reference, for example a context assignment.Assignments to resources that are child resources are also implicit resource assignments. |
WAC001 parameters
| Parameter | Description |
|---|---|
| Effective time (required) | The time the report is effective. Change the time to see a snapshot for another time. Click View Report to refresh after changing this parameter. |
| Type | The type of the account. |
| Max. items (required) | The maximum number of returned items. By default this parameter is set to 100 items.Change to view more results. |
| Category | Category of the account. Source system dependent. |
| Account | Use the Account parameter to search for a specific account. This parameter filters the Name column. This parameter supports wildcards. |
| Compliance Status | Shows the compliance status as calculated by the Omada Identity Role and Policy Engine. The possible values are: Explicitly Approved Implicitly Approved Not Approved Orphan Assignment Pending Deprovisioning In Violation Implicitly Assigned None |
WAC002 Account details
The Account details report shows details for an account. An account is a specific user in a specific system. An account can be personal, if matched one to one with an identity, or non-personal if not.Examples of non-personal accounts are administrative or service accounts.
The Account details report contains a trend graph, trend matrix, details section and a resource assignments list.
The Account details trend graph shows changes to resource assignments for the account in the period chosen for the report. The change points in the line links to the Resource assignments change log report (WRE007). The Account details trend matrix allows you to drill down to see resource assignments for the account per status and period chosen.The hyperlink in the resource assignments column links to the Resource assignments in period (WRE006) report.
WAC002 fields
| Field | Description |
|---|---|
| Account | Account unique ID. This field links to the Account details report |
| Approval Reason | Shows the comment given in attestation, if any. |
| Approval State | Shows if the account has been recertified in an attestation survey. If recertified the field will show approval state (Approved or Rejected), approver unique ID and the time of recertification. |
| Category | Category of the account. Source system dependent |
| Color icon | Left side color coding indicates compliance status. If the Role and Policy Engine is not used, the color icon shows approval state. Red indicates rejected or not attested; green indicates approved. This field links to the Resource assignment details report. |
| Compliance status | Shows the compliance status as calculated by the Omada Identity Role and Policy Engine. The possible values are: Explicitly Approved Implicitly Approved Not Approved Orphan Assignment Pending Deprovisioning In Violation Implicitly Assigned None |
| Description | Account description. |
| ** | Display name** |
| Distinguished name | Distinguished name of the account. Specific to AD accounts. |
| Domain | Domain the account belongs to. |
| Identity | If the account has been matched to an identity (by exact or fuzzy match or a custom join) the identity field shows the identity name. The field links to the Identity details report for matched identities. |
| Last logon | The date and time the account was last logged on. |
| Last password change | The date and time the password was last changed for the account. |
| Name | The full account name. |
| Path | The relative path of the account.Specific to AD accounts. |
| Reason | Shows the reason for the resource assignment, as calculated in the Role and Policy Engine. If the Role and Policy Engine is not used the Reason field indicates if the resource assignment is implicit or explicit. An implicit resource assignment is associated with an identity through a reference, for example a context assignment. Assignments to resources that are child resources are also implicit resource assignments. |
| Resource | The name of the resource the account has an assignment to. This field links to the Resource details report. |
| Source | The source system the account has been imported through. |
| Status | Status of the resource assignment: Active or Inactive. This field links to the Resource assignment details report. |
| Status mask | Status mask. Specific to AD accounts. |
| System | Shows the system the account belongs to. This field links to the System details report. |
| Type | Shows the account type. Accounts that are matched to an identity via exact or fuzzy match will have the value of “Personal” in this column.For a custom join match, the type may be something other than “Personal”. Unless customizations have been made to the ODW import logic, the type field will be empty for accounts that are not matched to an identity. |
| Valid from | The date the account is valid from. |
| Valid to | The date the account is valid to. |
WAC002 parameters
| Parameter | Description |
|---|---|
| Effective time | The time the report is effective. Change the time to see a snapshot for another time.Click View Report to refresh after changing this parameter. |
| Max.items | The maximum number of returned items. By default this parameter is set to 100 items.Change to view more results. |
| Include indirect resources assignments | An indirect resource assignment is associated with an identity through a reference. Assignments to resources that are child resources are also indirect resource assignments. Select: True/False |
| Show trend | Select: True/False to display/hide the chart showing the trend over time. |
| Trend from | The from time used for the trend graph and matrix. Change the time to see data in another period. Click View Report to refresh after changing this parameter. |
| Resource | Use the Resource parameter to search for a resource assignment for a particular resource. This searches the resource column.Supports wildcards. |
info
The Account details report is accessed from the any report that contains a reference to an account.The Identity details report for example will contain a link to the Account details reports for each account that is associated with the identity.
WAC003 Account ownership
Each account is ideally associated (matched) to an identity.Accounts are matched to identities in the ODW import by built-in or custom logic. The account ownership report is a list report of the ownership status for accounts in a system.
info
The Account ownership report can only be accessed from the System details report.
WAC003 fields
| Field | Description |
|---|---|
| Account | The unique ID of the account. This field links to the Account details report. |
| Last updated | The time the account ownership was last changed for the account. |
| Identity | The Identity unique ID of the matched identity. This field links to the Identity details report. |
| Status | Ownership status. The standard available values are: Confirmed, Auto Confirmed, Confirmed by Owner, Pending, Suspected Orphan. The values may be different if the ODW import logic has been customized. |
| Similarity | Shows the similarity between account and identity as a percentage. |
| Type | Shows the account type. Accounts that are matched to an identity via exact or fuzzy match will have the value of “Personal” in this column. For a custom join match, the type may be something other than “Personal”. Unless customizations have been made to the ODW import logic, the type field will be empty for accounts that are not matched to an identity. |
| Reason | Shows the reason for the resource assignment, as calculated in the Role and Policy Engine. If the Role and Policy Engine is not used the Reason field indicates if the resource assignment is implicit or explicit. An implicit resource assignment is associated with an identity through a reference, for example a context assignment.Assignments to resources that are child resources are also implicit resource assignments. |
| Compliance status | Shows the compliance status as calculated by the Omada Identity Role and Policy Engine. The possible values are: Explicitly Approved Implicitly Approved Not Approved Orphan Assignment Pending Deprovisioning In Violation Implicitly Assigned None |
WAC003 parameters
| Parameter | Description |
|---|---|
| Effective time (required) | The time the report is effective. Change the time to see a snapshot for another time. Click View Report to refresh after changing this parameter. |
| Max.items (required) | The maximum number of returned items. By default this parameter is set to 100 items.Change to view more results. |
| Join status | Use the Join status drop down list to filter the report on a particular join status.The available values are: Confirmed, Auto Confirmed, Confirmed by Owner, Pending, Suspected Orphan. |
| Account | Use the Account parameter to search for a specific account.This searches the Account column.Supports wildcards. |
| Compliance status | Shows the compliance status as calculated by the Omada Identity Role and Policy Engine. The possible values are: Explicitly Approved Implicitly Approved Not Approved Orphan Assignment Pending Deprovisioning In Violation Implicitly Assigned None |
WAC004 Account ownership log
The Account ownership log report shows changes to account ownership for accounts within a chosen period.
info
The report can only be accessed from the Account ownership report.
WAC004 fields
| Field | Description |
|---|---|
| Account | The unique ID of the account. This field links to the Account details report. |
| Last updated | The time the account ownership was last changed. |
| Identity | The Identity unique ID for the matched identity. This field links to the Identity details report. |
| Status | Ownership status. The standard available values are: Confirmed, Auto Confirmed, Confirmed by Owner, Pending, Suspected Orphan. The values may be different if the ODW import logic has been customized. |
| Probability | Shows the probability (confidence) of the match as a percentage. |
| Type | Shows the account type. Accounts that are matched to an identity via exact or fuzzy match will have the value of “Personal” in this column. For a custom join match, the type may be something other than “Personal”. Unless customizations have been made to the ODW import logic, the type field will be empty for accounts that are not matched to an identity. |
| Event | Shows the event for the particular object. Can be "New" or "Changed". |
| Reason | Shows the reason for the resource assignment, as calculated in the Role and Policy Engine. If the Role and Policy Engine is not used, the Reason field indicates if the resource assignment is implicit or explicit. An implicit resource assignment is associated with an identity through a reference, for example a context assignment.Assignments to resources that are child resources are also implicit resource assignments. |
| Compliance status | Shows the compliance status as calculated by the Omada Identity Role and Policy Engine. The possible values are: Explicitly Approved Implicitly Approved Not Approved Orphan Assignment Pending Deprovisioning In Violation Implicitly Assigned None |
WAC004 parameters
| Parameter | Description |
|---|---|
| Effective time (from) | The time the report is effective from. Change the time to change the “from date” for the report. Click View Report to refresh after changing this parameter. |
| Effective time (to) | The time the report is effective to. Change the time to change the “to date” for the report. Click View Report to refresh after changing this parameter. |
| Max.items (required) | The maximum number of returned items.By default, this parameter is set to 100 items. Change to view more results. |
| Join status | Use the Join status drop down list to filter the report on a particular join status.The available values are: Confirmed, Auto Confirmed, Confirmed by Owner, Pending, Suspected Orphan. |
| Account | Use the Account parameter to search for a specific account. This searches the Account column. Supports wildcards. |
WAC005 Accounts pending deprovisioning
The Accounts pending deprovisioning report lists accounts that have been rejected in attestation but not yet removed in the source system.
info
The report can only be accessed from the System details report.
WAC005 fields
| Field | Description |
|---|---|
| Account | The unique ID of the account. This field links to the Account details report. |
| Name | The full account name. |
| Identity | If the account has been matched to an identity (by exact or fuzzy match or a custom join) the identity field shows the identity name. The field links to the Identity details report for matched identities. |
| Status | The account status. The available values are Active, All, Disabled, Enabled and Inactive. |
| Approval state | Shows the decision from the attestation survey. In this report, the state will be Rejected, as these are accounts that have been rejected and await deprovisioning. |
| Approval Reason | Shows the comment given in attestation, if any. |
WAC005 parameters
| Parameter | Description |
|---|---|
| Effective time (required) | The time the report is effective. Change the time to see a snapshot for another time. Click View Report to refresh after changing this parameter. |
| Max. items (required) | The maximum number of returned items. By default this parameter is set to 100 items. Change to view more results. |
| Account | Use the Account parameter to search for a specific account. This searches the Account column. Supports wildcards. |