Advanced analytics
Omada Identity stores a wealth of data on Identities and their entitlements, including compliance and risk information to ease analytics and reporting.
Omada Identity provides predefined Key Figures and Key Performance Indicators that can be added to user dashboards. The KPIs measure the most important IGA data, thus facilitating data analytics. For some KPIs, you can drill down to the details on the measured data. The KPIs can obtain data from the tabular model, Omada Identity data objects, and SQL databases.
Omada Identity also provides KPI dashboards - two of the standard dashboards include predefined KPI definitions. They display the KPIs to which the active user has access. This allows auditors and managers to easily access the data that is relevant for them. You select which dashboard you prefer to use as a start page.
- These dashboards are called My dashboard (with Key Figures) and Key Figures. The first shows up to three KPIs and can be selected as a start page, the second shows all Key Figures that are accessible to the active user and is not selectable as start page by default.
The User Interface for KPIs in the Omada Identity Portal supports the display of KPIs from the Tabular Model. The Tabular Model is processed each time you import data to the Omada Data Warehouse (if Analysis Services have been enabled). This means that you might make changes to the current state data in Omada Identity and the Role and Policy Engine that will not be immediately updated in the Tabular Model, and you will not see changes in the KPIs based on the tabular model until you have run an import and the data has been processed.
In some cases, Data Warehouse and Omada Identity count data differently, for example, in a view of all resources, resource with the resource category Account are shown, but in the Data Warehouse, Accounts are not considered resources. The KPI descriptions specify precisely how data is calculated for each KPI.
Omada Identity Cloud solution triggers the processing separately from the import so this synchronization is needed for ensuring the consistency.
Analysis Services
The Analysis Services feature is enabled by a customer setting in the Warehouse category. By default, Analysis Services are enabled for new installations and disabled for upgrades.
This setting can only be edited by Platform administrators.
The Analysis Services feature uses SQL Server Analysis Services. Only SQL Server 2016 and later versions are supported.
The Analysis Services feature uses SQL Server Analysis Services (Tabular Model). Omada Identity connects to SQL Server Analysis Services using two new data connections, SSAS OLEDB and SSAS:
-
SSAS OLEDBis anOLE DBconnection used for loading data into and processing Analysis Services. -
SSASis anADOMD.NETconnection used for reading data from Analysis Services.
Some elements of Analysis Services are configured using a configuration object.
When you are saving configuration objects that have a reference to an XML schema, the configuration object will be validated against the schema when changes are made to the configuration data. The schema name in the Xml Schema field on a Configuration object refers to the Name property of an XML schema data object.
Each EnumerationMapping element is used to group values into target values which are being utilized in Analysis Services, for example, Customer and Contractor are grouped into External.
-
SourceValue"<none>"means no value (null). -
SourceValue""means an empty value. -
SourceValue"<default>"means all values that have not been configured, for example, the value Trainee.
The values <default> and <none> must be present in each EnumerationMapping element.
You cannot create, change, or delete EnumerationMapping elements.
Additional MappingEntry elements may be created as long as they use the existing target values, for example, to map Trainee to Internal. You can also change the target value for existing MappingEntry elements.
The SSAS tabular model on-prem
The Omada Identity analytics platform includes the SQL Server Analysis Services (SSAS) Tabular Model. The Tabular Model is configurable through Omada Identity. It provides analytical measures that will enable you to gain insight and perform fast analytics on identity and access data. The model uses the DAX query language for querying the analytical model.
The SSAS Tabular Model contains data from the Omada Data Warehouse and will be expanded in future versions to also include process and operations data.
Exploratory BI on-prem
The tabular model can be browsed exploratorily through tools that can read SSAS Tabular models, for example Excel, Power BI and others.
It has not been the focus of the first version of the Analytics feature to provide exploratory BI, as it has been designed to support the Key Performance Indicators as described in this document. Therefore, the data model is not geared specifically for this purpose, and you may find that some desired data and attributes are missing from the model. You may use the Tabular Model “as-is” for exploratory BI and create your own reports and dashboards based on the data, but please note that the tabular model is likely to change in future versions, and you then need to migrate the reports and dashboards manually.
Real-time data and data differences on-prem
The Tabular Model is processed each time you import data to the Omada Data Warehouse (if Analysis Services have been enabled). This means that you might make changes to the current state data in Enterprise Server and the Role and Policy Engine that will not be immediately updated in the Tabular Model, and you will not see changes in the KPIs based on the tabular model until you have run an import and the data has been processed.
In some cases, Data Warehouse and Enterprise Server count data differently. For example: in a view of all resources in Enterprise Server, resource with the resource category Account are shown, but in the Data Warehouse, Accounts are not considered resources. The KPI descriptions specify precisely how data is calculated for each KPI.
The import process acquires an Application lock on a virtual resource called BI just for copying the data from temporary tables to the ODW tables. The lock ensures that the copying and tabular model processing does not execute simultaneously.
Cloud import no longer processes the Tabular Model. The Store data for analytics step is no longer available in the import execution process. The cloud solution triggers the processing separately from the import so this synchronization is needed for ensuring the consistency.