Skip to main content

EmpowerID Reports

EmpowerID is equipped with numerous pre-built reports to assist administrators and auditors in managing identities and resources. These reports execute stored procedures that populate a grid with data retrieved from the EmpowerID SQL database.

Please follow the instructions below to access the reports.

  • Open the EmpowerID (Classic UI) Navigation Sidebar
  • Expand the System Logs section
  • Click on Reports

The report page contains a list of all available reports.

Available Reports

Report NameDescriptionColumns Returned
Access Assignments to Person DirectDirect Access Assignments made directly to people
  • Resource Type
  • Access Level
  • Resource Display Name
  • Last Name
  • First Name
  • Person Login
Account Service IdentitiesAccounts used as service or app pool identities
  • Account Logon Name
  • Type
  • Service / App Pool
  • Computer
  • Name
  • Shared Credential
Accounts – Computer Local AdminsAll users that are local computer administrators
  • RBAC Assigned
  • Computer
  • Logon Name
  • Account Domain
  • Account Display Name
  • Direct Member Group
  • Direct Group Domain
  • Local Admins Group
  • Last Certified
  • EmpowerID Login
  • Task ID
  • Added in Account Store
Accounts - High SecurityAll accounts that are members of any high security group
  • Disabled
  • Last Login
  • Password Last Changed
  • Days Old
  • Password Never Expires
  • Logon Name
  • Domain or Directory
  • Usage Type
  • Display Name
  • Description
  • EmpowerID Login
  • Distinguished Name
Accounts – Local Computers AccountsAll local computer accounts
  • Disabled
  • Last Login
  • Password Never Expires
  • Logon Name
  • Computer
  • Usage Type
  • Display Name
  • Description
  • EmpowerID Login
  • Distinguished Name
Accounts – Privileged AccountsAccounts flagged as a privileged account usage type
  • Disabled
  • Last Login
  • Logon Name
  • Domain or Directory
  • Usage Type
  • Display Name
  • Description
  • EmpowerID Login
  • Distinguished Name
Accounts - Shared CredentialsAccounts used as shared credentials
  • Disabled
  • Last Login
  • Password Last Changed
  • Days Old
  • Password Never Expires
  • Logon Name
  • Domain or Directory
  • Usage Type
  • Display Name
  • Description
  • EmpowerID Login
  • Distinguished Name
Accounts Created in Last 30 DaysAll accounts that were created in the last 30 days
  • Disabled
  • Last Login
  • Created Date
  • Logon Name
  • Domain or Directory
  • Usage Type
  • Display Name
  • Description
  • EmpowerID Login
  • Distinguished Name
Accounts No Login 90 DaysAD Accounts that have not logged in during that last 90 days
  • Disabled
  • Last Login
  • Created Date
  • Expires On
  • Logon Name
  • Domain or Directory
  • Usage Type
  • Display Name
  • Description
  • EmpowerID Login
  • Distinguished Name
Accounts Password Never ExpiresAccounts with the password set to never expire
  • Disabled
  • Last Login
  • Logon Name
  • Password Last Changed
  • Days Old
  • Password Never Expires
  • Created Date
  • Domain or Directory
  • Usage Type
  • Display Name
  • Description
  • EmpowerID Login
  • Distinguished Name
Accounts Passwords Older 120 DaysAccounts with passwords older than 120 days
  • Disabled
  • Last Login
  • Password Last Changed
  • Days Old
  • Password Never Expires
  • Expires On
  • Logon Name
  • Domain or Directory
  • Usage Type
  • Display Name
  • EmpowerID Login
  • Distinguished Name
Accounts with an Invalid ManagerAccounts with a manager that is disabled or deleted
  • Disabled
  • Expires On
  • Logon Name
  • Domain or Directory
  • Manager
  • Usage Type
  • Display Name
  • Description
  • EmpowerID Login
  • Distinguished Name
Accounts with Deleted OwnersAccounts owned by deleted people
  • Disabled
  • Logon Name
  • Domain or Directory
  • Usage Type
  • Display Name
  • Description
  • Person ID
  • Distinguished Name
Accounts with Manager Expiring in 60 DaysAccounts whose managers expire within the next 60 days
  • Disabled
  • Expires On
  • Logon Name
  • Domain or Directory
  • Usage Type
  • Display Name
  • Description
  • EmpowerID Login
  • Distinguished Name
Accounts without a Responsible PartyAccounts without a responsible party – no PersonID and no OwnerAssigneeID
  • Expires On
  • Domain or Directory
  • Logon Name
  • Manager
  • Usage Type
  • Display Name
  • Description
  • EmpowerID Login
  • Distinguished Name
Accounts Without ManagersActive Directory accounts without managers assigned
  • Disabled
  • Logon Name
  • Domain or Directory
  • Usage Type
  • Display Name
  • Description
  • EmpowerID Login
  • Distinguished Name
AD Accounts Expiring 60 DaysActive Directory accounts that expire within the next 60 days
  • Disabled
  • Expires On
  • Logon Name
  • Domain or Directory
  • Usage Type
  • Display Name
  • Description
  • EmpowerID Login
  • Distinguished Name
AD Accounts that Never LoggedActive Directory accounts that have never logged in
  • Disabled
  • Created Date
  • Logon Name
  • Domain or Directory
  • Usage Type
  • Display Name
  • Description
  • EmpowerID Login
  • Distinguished Name
All access assignments in the systemAll access assignments in the system
  • Task ID
  • Assignment Type Description
  • Rbac Object Type
  • Rbac Object Friendly Name
  • Resource Type
  • Access Level
  • Resource Display Name
  • Assignment Target
  • Assignment Location
  • Started
  • End Date
All High Security GroupsAll groups flagged as high security groups in EmpowerID
  • Logon Name
  • Domain or Directory
  • Display Name
  • Group Type
  • Publish in IT Shop
  • Risk Score
  • Email
  • Distinguished Name
Audit Log ReportLog of all actions occurring in the system
  • In Workflow
  • Task ID
  • When (Ago)
  • Who Requested
  • Who Approved
  • Action
  • To Whom or What
  • Resource Type
  • When
  • Operation
Computers without a Responsible PartyAll computers that do not have a valid owner or a responsible person
  • Display Name
  • DNS Host Name
  • Private Address
  • Public Address
  • Type
  • Instance Type
  • Operating System
  • Service Pack
  • Last Login
  • Last Verified Alive
  • DN
Core Identities Created Last 30 DaysCore identities that were created in the last 30 days
  • Created
  • Last Name
  • First Name
Core Identities Without a PersonCore identities that have no associated EmpowerID Person object
  • Created
  • Last Name
  • First Name
Empty GroupsGroups that do not contain any members
  • Logon Name
  • Domain or Directory
  • Display Name
  • Group Type
  • Publish in IT Shop
  • Risk Score
  • Email
  • Distinguished Name
Enforcement GroupsGroups used by EmpowerID for permissions enforcement
  • Enforcement Type
  • EID Group
  • Resource Role Friendly Name
  • Assignment Point ID
  • EID Group Path
  • Access Level
  • Account Store
  • Last Enforcement Attempt (Ago)
  • Last Enforcement Success (Ago)
Expired AccountsActive Directory accounts that have expired in Active Directory
  • Disabled
  • Expires On
  • Logon Name
  • Domain or Directory
  • Usage Type
  • Display Name
  • Description
  • EmpowerID Login
  • Distinguished Name
Expired GroupsGroups whose Valid Until dates have passed
  • Valid Until
  • Logon Name
  • Domain or Directory
  • Display Name
  • Group Type
  • Publish in IT Shop
  • Risk Score
  • Email
  • Distinguished Name
Fulfillment ReportRecertification fulfillment report including all fulfillment actions
  • Task ID
  • Direct Report
  • Certifier
  • Decision
  • Time Constraint
  • Quality Check Approved
  • Fulfillment Status
  • System Name
  • Instance
  • Entitlement Type
  • Entitlement
  • Profile Name
  • Profile Description
  • Context
  • Context Description
  • Description
  • Assigned To
  • Comments
  • FulfillmentActor1
  • FulfillmentActor2
  • FulfillmentActor3
  • FulfillmentActor4
  • FulfillmentActor5
  • Certification Date
  • Auditor Review Date
  • Final Fulfillment Date
  • Audit
  • Recertification Managers
  • Audit Started
  • Verified
  • Verified Date
Group Membership High SecurityAll membership of high security groups
  • Logon Name
  • Account Domain
  • Account Display Name
  • Group
  • Group Domain
  • Is High Security Group
  • RBAC Assigned
  • Added in Account Store
  • Last Certified
  • EmpowerID Login
  • Task ID
Group Membership Not PeopleGroup membership of accounts that are not people
  • Is High Security Group
  • Logon Name
  • Account Domain
  • Account Display Name
  • Group
  • Group Domain
  • Last Certified
  • EmpowerID Login
  • Task ID
Group Membership Not RBAC AssignedAll group membership of accounts that are not assigned by RBAC policy
  • Is High Security Group
  • Logon Name
  • Account Domain
  • Account Display Name
  • Group
  • Group Domain
  • Last Certified
  • EmpowerID Login
  • Task ID
Groups – Local Computer GroupsAll local computer groups
  • Logon Name
  • Computer
  • Description
  • Publish in IT Shop
  • Is High Security Group
Groups – Possible Stale Disabled MembersPossibly stale because all members are disabled or expired
  • Valid Until
  • Logon Name
  • Domain or Directory
  • Display Name
  • Group Type
  • Publish in IT Shop
  • Risk Score
  • Email
  • Distinguished Name
Groups and their Native AD Managed ByActive Directory group managers
  • Managed Group
  • Group Managed By
  • Object Type of Manager
  • Managed By Logon Name
  • Group Logon Name
Groups Expiring 30 DaysGroups expiring within the next 30 days
  • Valid Until
  • Logon Name
  • Domain or Directory
  • Display Name
  • Group Type
  • Publish in IT Shop
  • Risk Score
  • Email
  • Distinguished Name
Groups O365 TypeOffice 365 groups
  • Logon Name
  • Domain or Directory
  • Display Name
  • Group Type
  • Publish in IT Shop
  • Risk Score
  • Email
  • Distinguished Name
Groups without a Responsible PartyAll sensitive groups that do not have a valid owner or responsible party
  • Group Name
  • Domain or Directory
  • Display Name
  • Group Type
  • Publish in IT Shop
  • Distinguished Name
High Security PeopleAll people who have at least one high security group membership
  • Enabled
  • Last Login Date
  • Last Name
  • First Name
  • EmpowerID Login
  • Business Role and Location
  • Manager
  • Department
  • Title
  • Telephone
  • Email
Locked Out AccountsActive Directory accounts that were locked out as of the last inventory
  • Disabled
  • Locked Out Time
  • Logon Name
  • Domain or Directory
  • Usage Type
  • Display Name
  • Description
  • EmpowerID Login
  • Distinguished Name
Mailboxes Owned by Deleted PeopleMailboxes owned by people who have been terminated
  • Email
  • Display Name
  • Logon Name
  • Person ID
  • Mailbox Type
  • Path
Management Roles without a Responsible PartyAll management roles that do not have a valid owner or responsible party
  • Management Role
  • Type
  • Description
  • Management Role Definition
  • High Security
  • High Security (Inherited)
  • Publish in IT Shop
  • Risk Score
Orphan AccountsAccounts that do not belong to a person
  • Disabled
  • Last Login
  • Created Date
  • Logon Name
  • Domain or Directory
  • Usage Type
  • Display Name
  • Description
  • EmpowerID Login
  • Distinguished Name
Password Manager EnrollmentsWho has enrolled for password management
  • Last Enrolled (Ago)
  • Last Name
  • First Name
  • Login
  • Password Manager Policy Display Name
  • Last Login (Ago)
  • First Login Failed (Ago)
  • Person Locked Out Until
People Created in Last 30 DaysPeople who were created within the last 30 days
  • Created
  • Enabled
  • Last Login Date
  • Last Name
  • First Name
  • EmpowerID Login
  • Business Role and Location
  • Department
  • Title
  • Telephone
  • Email
People Logged In Last 1 DayPeople who have logged in during the past day
  • Enabled
  • Last Login Date
  • Last Name
  • First Name
  • EmpowerID Login
  • Business Role and Location
  • Department
  • Title
  • Telephone
  • Email
People Not EnrolledPeople who are not enrolled for password self service
  • Enabled
  • Last Name
  • First Name
  • EmpowerID Login
  • Business Role and Location
  • Department
  • Title
  • Telephone
  • Email
People Not Logged In 30 DaysPeople who have not logged in within the past 30 days
  • Enabled
  • Last Login Date
  • Last Name
  • First Name
  • EmpowerID Login
  • Business Role and Location
  • Department
  • Title
  • Telephone
  • Email
People That Have Ever Logged InAll people who have logged in to the system
  • Enabled
  • Last Login Date
  • Last Name
  • First Name
  • EmpowerID Login
  • Business Role and Location
  • Department
  • Title
  • Telephone
  • Email
People with Invalid ManagersPeople whose managers are terminated or disabled
  • Enabled
  • Last Login Date
  • Last Name
  • First Name
  • EmpowerID Login
  • Business Role and Location
  • Manager
  • Department
  • Title
  • Telephone
  • Email
People without AccountsPeople who do not own any user accounts
  • Enabled
  • Last Name
  • First Name
  • EmpowerID Login
  • Business Role and Location
  • Department
  • Title
  • Telephone
  • Email
Person Duplicate EmailPeople with the same email address
  • Enabled
  • Last Name
  • First Name
  • EmpowerID Login
  • Business Role and Location
  • Email
Person Duplicate Phone NumberPeople with the same phone number
  • Enabled
  • Last Name
  • First Name
  • EmpowerID Login
  • Business Role and Location
  • Mobile Phone
  • Email
Person Logged In 30 DaysPeople who have logged in during the last 30 days
  • Enabled
  • Last Login Date
  • Last Name
  • First Name
  • EmpowerID Login
  • Business Role and Location
  • Department
  • Title
  • Telephone
  • Email
Person Verified AddressesVerified Person Communication Channels – verified emails, SMS, and voice call numbers
  • Enabled
  • Person Display Name
  • Login
  • Type
  • Communication Address
Possible Stale GroupsGroups that have not had a change in membership for the last 180 days
  • Valid Until
  • Logon Name
  • Domain or Directory
  • Display Name
  • Group Type
  • Publish in IT Shop
  • Risk Score
  • Email
  • Distinguished Name
Recertification Revokes AllAll items revoked during recertification
  • Description
  • Policy Type
  • Revoke Status
  • Item to Review
  • Date
  • Reviewer
  • Reviewer Login
  • Audit and Recertification Policy
  • Task ID
Recertification Revokes CompletedAll recertification revokes that are flagged as completed
  • Description
  • Policy Type
  • Revoke Status
  • Item to Review
  • Date
  • Reviewer
  • Reviewer Login
  • Audit and Recertification Policy
  • Task ID
Recertification Revokes FailedAll recertification revokes that are flagged as failed
  • Description
  • Policy Type
  • Revoke Status
  • Item to Review
  • Date
  • Reviewer
  • Reviewer Login
  • Audit and Recertification Policy
  • Task ID
Recertification Revokes IgnoredAll recertification revokes that are flagged as ignored
  • Description
  • Policy Type
  • Revoke Status
  • Item to Review
  • Date
  • Reviewer
  • Reviewer Login
  • Audit and Recertification Policy
  • Task ID
Recertification Revokes In ProgressAll recertification revokes that are currently in progress
  • Description
  • Policy Type
  • Revoke Status
  • Item to Review
  • Date
  • Reviewer
  • Reviewer Login
  • Audit and Recertification Policy
  • Task ID
SAP Role and Profile Membership ChangesChange history for SAP roles and profiles
  • When (Ago)
  • Change Type
  • User Account
  • Role or Profile
  • Is High Security Group
  • Account Display Name
  • Account Store
  • Person ID
  • Task ID
Status by LocationRecertification status by location
  • Location
  • Total #
  • # Open
  • # Completed
  • % Open
  • % Closed
  • % Complete
  • Manager
Top 100 High Security GroupsThe 100 high security groups with the most members
  • Logon Name
  • Domain or Directory
  • Display Name
  • Group Type
  • Publish in IT Shop
  • Distinguished Name
Top 100 Riskiest GroupsThe 100 groups with the highest risk scores
  • Logon Name
  • Domain or Directory
  • Display Name
  • Group Type
  • Publish in IT Shop
  • Risk Score
  • Email
  • Distinguished Name
Top 100 Riskiest PeopleThe 100 people with the highest risk scores
  • Risk Score
  • Enabled
  • Last Login Date
  • Last Name
  • First Name
  • EmpowerID Login
  • Business Role and Location
  • Manager
  • Department
  • Title
  • Telephone
  • Email
Your Access AssignmentsAll of your access assignments
  • Assignment Type Description
  • Rbac Object Type
  • Rbac Object Friendly Name
  • Resource Type
  • Access Level
  • Resource Display Name
  • Assignment Target
  • Assignment Location
Your Expiring Access AssignmentsAll of your access assignments that are due to expire
  • Expires On
  • Assignment Type Description
  • Rbac Object Type
  • Rbac Object Friendly Name
  • Resource Type
  • Access Level
  • Resource Display Name
  • Assignment Target
  • Assignment Location
Your Reports AccessAll access assignments of your direct reports
  • Expires On
  • Assignment Type Description
  • Rbac Object Type
  • Rbac Object Friendly Name
  • Resource Type
  • Access Level
  • Resource Display Name
  • Assignment Target
  • Assignment Location
Your Reports Expiring AssignmentsAll access assignments for your direct reports that are due to expire
  • Expires On
  • Assignment Type Description
  • Rbac Object Type
  • Rbac Object Friendly Name
  • Resource Type
  • Access Level
  • Resource Display Name
  • Assignment Target
  • Assignment Location