Types of Analytics reports

The Analytics retrieves the available data from the storage where it is aggregated from different sources and presents it into the report according to the report type. The report type is selected on the report creation, and determines the availability and combinations of data to be covered: whether it is the integration data, or the system data; assignments or additional properties related to accounts, access detection data, etc.

The New Report popup window, opened with the New Report button available in the header of the Analytics area, provides a list of reports types. By selecting one, a new report will be created. The table below provides description of the report types.

Report Types

Type of Report	Description
Audit Log	The report is built upon the Access Detection data gathered from the targets and describing the aspects of the user session detected on the target. The report shows such data, as: when the user logged in to the target, from what machine, account, etc.; how long the session lasted, what actions were performed, on what data, etc. More information on Access Detection: Understanding Access Detection & Analytics
Credentials Log	It is a logging type of the data recorded by ObserveID on every Check Out and Check In action. If the action is performed, the information about that is written down into the report. The Check Out \ In activity is part of Privileged Access Management intended to ensure maximum transparency of every attempt to access the credentials, especially when it comes to workgroup accounts, service accounts, password rotation for privileged accounts and other cases.
INTEGRATIONS INVENTORY
Accounts	The Accounts report helps the user to investigate the additional properties of the accounts across integrations and correlate those with the additional properties of the Identities across HR Sources, organization-wide, per department, location, etc.
Entitlements	The Entitlements report describes the Integration from the standpoint of the access that the Identities can get if provisioned with the entitlements: if it is a structural, or functional level of access; being combined, if the entitlements compromise the security of the target; what entitlements can make up the minimum access required for a typical job function; etc.
Resources	It is the report to list all the securable that a principal can be granted access to. It allows the user to research the resources and determine the level of protection needed, for example: if it is a user-only access, or service accounts are also allowed; if it is optimal to use some privileged access, or ordinary level would cover all tasks performed on the daily basis.
Detected Entitlements	Detected Entitlements refer to those entitlements that a principal is detected having ones. If detected, such an entitlement is reported in relation to the account and the integration\resource it pertains to, on the one hand; and on the other hand, in relation to the Identity who owns the account. There are two categories that entitlement provisioning can fall into: entitlement being Assigned - if it is displayed as `yes`, the entitlement was actually assigned via ObserveID to the Identity. If it is displayed as `no`, the entitlement was not assigned by any tools of ObserveID. entitlement being Detected - should be considered in combination with the Assigned category as follows: `yes` assigned, `yes` detected - shows that the Entitlement is assigned; and the Account has the entitlement. `yes` assigned, `no` detected - shows that the Entitlement is assigned; and the Account does not have the entitlement. It might happen due to variety of reasons, for example, when synchronization is required via Data Import and \ or Identities Update. `no` assigned, `yes` detected - shows that the Entitlement was not assigned; and the Account has the entitlement. It might happen due to a variety of reasons, for example, when the entitlement was already imported being assigned to the account directly on the target. `no` assigned, `no` detected - no record in the Detected Entitlements report.
Identities	The Identities report helps to manage, analyze and be aware of patterns of Identity creation or termination. The report provides deep capabilities in investigating the Identity Data. It can be used for filtering identities by properties; for determining the cause of changes in the assigned access; for analysis of onboarding \ termination trends and other.
ROLES
Detected Roles	The Detected Roles report shows the Birthright or IT Roles. An Identity can be explicitely assigned with a role in ObserveID. However, the report is named as 'Detected Roles' because a role can also be not assigned, but a certain set of entitlements that the Identity has at the moment, can be the same like in one of the currently existing roles. In this case a role is named to be detected. The Detected Roles report helps one to investigate roles: in relation to all those accounts, the role access was granted into; and also in relation to the integration\resources the affected accounts pertain to; and finally, in relation to the Identity who the role was assigned to. There are two categories the role access can fall into: role access being Assigned - if it is displayed as `yes`, the role was actually assigned via ObserveID to the Identity. If it is displayed as `no`, the role was not assigned to the Identity. role access being Detected - should be considered in combination with the Assigned category as follows: `yes` assigned, `yes` detected - shows that the Role is assigned, and all affected Accounts have the correct number of entitlements that make up the role access. `yes` assigned, `no` detected - shows that the Role is assigned, and that at least one entitlement, included into the role is absent in the actual access the Identity currently has, regardless of the account, the integration, or the resource. `no` assigned, `yes` detected - shows that the Role has not been explicitly assigned to the Identity; though the access the Identity currently has is the same as the access that the role provides. `no` assigned, `no` detected - no record in the Detected Roles report.
Role Entitlements	Helps in role analysis, to investigate how many roles and what are the roles that provide some specific access by integration, resource, or entitlement.
Roles	The Roles report filters roles by role properties, such as: owner, type, if requestable, who was the certifier, when the role was last certified.