Advanced Reporting

Advanced Reporting lets you create custom reports on activity in your Advanced Identity Cloud tenant environment. You can query a number of metrics to create useful reports for your company.

Advanced Identity Cloud add-on capability

Contact your Ping Identity representative if you want to add Advanced Reporting to your PingOne Advanced Identity Cloud subscription. Learn more in Add-on capabilities.

Important tips for Advanced Reporting

The Advanced Reporting feature has the following features:
- Supports detailed entity relationships to enable a variety of join operations.
- Allows user-specified query parameters to be included dynamically at runtime.
- Provides a wide range of operators to meet different query requirements.
- Supports aggregate operations on the resulting dataset.
- Restricts data access by assigning reports to specific users or a designated report_viewer group.
- Supports report duplication to extend or modify existing queries.
Advanced Reporting custom reports can only be assigned to end users.
Users must be assigned to the report_viewer group to run and access custom reports.
Advanced Reporting continuously streams data from Advanced Identity Cloud, resulting in near-real time report results (approximately a minute behind real time).
Query Limits: For customers who have the advanced reporting add-on capability, the tenant administrators can query data from the most recent 90 days for reports that cover AM entities and some IDM operations (sync and recon). The query limits apply to both draft and published advanced reports.

Assign `report_viewer` group

Advanced Identity Cloud provides a group to which users can be assigned to access custom reports.

Group	Capability
report_viewer	A user with this group can do the following: View and run all custom reports. View and run all published custom reports allowed for the report_viewer group.

Group

Capability

report_viewer

A user with this group can do the following:

View and run all custom reports.
View and run all published custom reports allowed for the report_viewer group.

Add a user to the report_viewer group

In the Advanced Identity Cloud admin UI, go to Identities > Manage.
On the Manage Identities page, click Alpha-name - Groups.
Click New Alpha realm - Group.
On the New Alpha realm - group modal, enter the following:
- Name: Enter report_viewer.
- Description: Enter a general description for the group.
- Click Next.
On the Dynamic Alpha realm - group Assignment modal, click A filter for conditionally assigned members if you want to add a filter.
1. Select Any or All conditions that must be met to assign to a user.
2. Select a property, such as username, first name or others for your condition.
3. Select an operator, such as contains, does not contain, or others for your condition.
4. Enter a property value.
5. Click plus:icon[] to add the condition to your filter.
Click Save.

Create custom reports using Advanced Reporting

In the Advanced Identity Cloud admin UI, click New Report.

On the New Report modal, enter the following properties, and then click Next:

Field Description

Field	Description
Name	Name of the report. Follow the naming conventions established by your company.
Description	Optional. Enter a description describing the report.
Who Can Run	Click to set who can run this report. Groups: Report Viewer Users: Select the users who can run this report. To select a user, you must have assigned the `report_viewer` group permissions to the user from the Manage Identity page.

Name

Name of the report. Follow the naming conventions established by your company.

Description

Optional. Enter a description describing the report.

Who Can Run

Click to set who can run this report.

Groups:

Report Viewer

Users:

Select the users who can run this report. To select a user, you must have assigned the report_viewer group permissions to the user from the Manage Identity page.

Next, add a data source or select an existing data source:
1. Click Data Source.
2. On the Add a Data Source modal, select a data source to use in this report, and then click Next:
  Click to review the data sources:
  am_access_outcome
  
  idm_config
  
  idm_sync
  
  roles
  
  idm_recon
  
  users
  
  orgs
  
  node_events
  
  applications
  
  idm_activities
  
  governance_data^[1]
  
  journey_events
  
  governance_decision_events^[1]
  
  campaign_details^[1]
  
  campaign_decision_details^[1]
Next, select the columns in the report in the right pane for your report result. Each data source can have different attributes. When you click an attribute, the column appears on the main window.

Click the plus icon () to define parameters that the end user provides or extracted from the end user profile while running the report:

On the Add a Parameter modal, enter the following fields:

Field	Description
Name	Name of the parameter or profile attribute. Also, the name appears on the filter attribute list.
Parameter Type	User provided parameter or a profile attribute.
Input Label	Label for parameter that appears when you do a reporting run.
Input Type	Options are: String Boolean Integer Float Date
Help Text	Optional. Enter any help text for the parameter.
Multivalued	Click Multivalued to allow the end user to provide multiple values while running the report.
Enumerated Values	Click Enumerated Values if the property is an enumerated value. This property creates a drop-down list for the end user to select a value when running the report.

Field

Description

Name

Name of the parameter or profile attribute. Also, the name appears on the filter attribute list.

Parameter Type

User provided parameter or a profile attribute.

Input Label

Label for parameter that appears when you do a reporting run.

Input Type

Options are:

String
Boolean
Integer
Float
Date

Help Text

Optional. Enter any help text for the parameter.

Multivalued

Click Multivalued to allow the end user to provide multiple values while running the report.

Enumerated Values

Click Enumerated Values if the property is an enumerated value. This property creates a drop-down list for the end user to select a value when running the report.

Click Save.

Next, click Filters to specify data source attributes for report filtering:

Click to review the filtering options:

Field Description

Field	Description
Any\|All	Select `Any` or `All` conditions that must be met for the filters.
Value	List of attributes in the selected data source.
Connectors	Options are: contains does not contain greater than or equal to equals to not equals to less than or equal to less than greater than starts with ends with not starts with not ends with is null is not null
Literal\|Variable	Value. End user provided variable. Select a value from the data source attributes or a property value passed by the end user during the report run.

Any|All

Select Any or All conditions that must be met for the filters.

Value

List of attributes in the selected data source.

Connectors

Options are:

contains
does not contain
greater than or equal to
equals to
not equals to
less than or equal to
less than
greater than
starts with
ends with
not starts with
not ends with
is null
is not null

Literal|Variable

Value. End user provided variable. Select a value from the data source attributes or a property value passed by the end user during the report run.

Click Save. A Filter active message with a checkmark appears.

Click Aggregate to define aggregated data counts:

On the Add an Aggregate modal, enter the following:

Field	Description
Name	Enter a descriptive label for the aggregate.
Type	Options are: Count of specific rows Sum of specific rows Distinct count of specific rows
Value	Enter a value for the aggregate.

Field

Description

Name

Enter a descriptive label for the aggregate.

Type

Options are:

Count of specific rows
Sum of specific rows
Distinct count of specific rows

Value

Enter a value for the aggregate.

Click Save.

Click Sorting to sort the data tables in the report:
1. On the Sort Data By modal, enter or select the following properties:
  Field Description
  Sort by
  
  Provided a list of attributes from the selected data source.
  
  Sort order
  
  Select the sort order for your data. Options are:
  
  Ascending
  
  Descending
2. Click Save.
Click Save at the top of the report. Your report draft appears on the Reports page and is only visible to the report template creator.
- 1 Click New Report to create a custom report.
- 2 Search for a report.
- 3 Click Run to generate a reporting run.
- 4 Click ellipsis () to publish the draft, view the reporting run history, edit, duplicate, or delete the draft.

Field	Description
Sort by	Provided a list of attributes from the selected data source.
Sort order	Select the sort order for your data. Options are: Ascending Descending

Entities and attributes available in advanced reports

The following entities and attributes are available to tenant administrators when creating advanced reports:

Entity	Attributes	Query Limited?
Users	Account Status City Common Name Consented Mappings Country Description Display Name Email Address Generic Indexed Date 1 Generic Indexed Date 2 Generic Indexed Date 3 Generic Indexed Date 4 Generic Indexed Date 5 Generic Indexed Integer 1 Generic Indexed Integer 2 Generic Indexed Integer 3 Generic Indexed Integer 4 Generic Indexed Integer 5 Generic Indexed Multivalued 1 Generic Indexed Multivalued 2 Generic Indexed Multivalued 3 Generic Indexed Multivalued 4 Generic Indexed Multivalued 5 Generic Indexed String 1 Generic Indexed String 2 Generic Indexed String 3 Generic Indexed String 4 Generic Indexed String 5 Generic UnIndexed Date 1 Generic UnIndexed Date 2 Generic UnIndexed Date 3 Generic UnIndexed Date 4 Generic UnIndexed Date 5 Generic UnIndexed Integer 1 Generic UnIndexed Integer 2 Generic UnIndexed Integer 3 Generic UnIndexed Integer 4 Generic UnIndexed Integer 5 Generic UnIndexed Multivalued 1 Generic UnIndexed Multivalued 2 Generic UnIndexed Multivalued 3 Generic UnIndexed Multivalued 4 Generic UnIndexed Multivalued 5 Generic UnIndexed String 1 Generic UnIndexed String 2 Generic UnIndexed String 3 Generic UnIndexed String 4 Generic UnIndexed String 5 Given Name Id Last Name Password Expiration Date Password Last Changed Time Postal Address Postal Code Preferences Realm State Province Telephone Number Update Date User Name	N
Roles	Condition Creation Date Object Id Realm Role Description Role Name Temporal Constraints Update Date	N
Organizations	Creation Date Id Org Name Realm Update Date	N
Applications	Application Name Authoritative Connector ID Creation Date Id Mapping Names Realm Template Name Update Date	N
Journeys	Component Event Name IP Address Journey Name Journey Result Principal Realm Source Timestamp Tracking Ids Transaction Id User Id	Yes
Nodes	Component Event Name Journey Name Node Event Time Node Id Node Name Node Outcome Node Type Principal Tracking Ids Transaction Id User Id	Yes
AM Access Outcome	Application Name Component Event Name Event Time Http Request Method Http Request Path Http Request Secure IsActive Realm Request Resource Owner Id Scope Status Token Type Transaction Id User Id User Name	Yes
AM Access Attempt	Component Event Name Event Time Http Request Method Http Request Path Http Request Secure Object Id Realm Status Token Type Hint Transaction Id User Id	Yes
IDM Sync	Action Event Time Exception Mapping Message Realm Situation Source Object Status Target Object	Yes
IDM Recon	Action Event Time Exception Mapping Message Realm Recon Id Situation Source Object Status Target Object Transaction Id User Id	Yes
IDM Config	After Before Changed Fields Event Time Object Id Operation Revision	No
Entitlements	Creation Date Display Name Entitlement Data Entitlement Description Entitlement Id Update Date	No
Assignments	Assignment Description Assignment Mapping Assignment Name Assignment Type Creation Date Realm Update Date	No
Groups	Group Condition Group Description Group Name Object Id	No
Internal Roles	Creation Date Internal Role Condition Internal Role Description Internal Role Name Object Id Update Date	No
Accounts	Account Date Application Name Creation Date Display Name Id Update Date UserId	No
Campaigns	Certification Type Completion Date Creation Date Deadline Event Based Id Name Owner Given Name Owner Email Owner Last Name Owner User Name Start Date Status Template Id Update Date	No
Policy	Creation Date Description Id Name Owner Email Owner Given Name Owner Id Owner Last Name Owner User Name Status Update Date	No
Policy Rules	Allow Exception Allow Remediation Correction Advice Creation Date Description Detective Documentation Url Id Max Exception Duration Mitigation Control Name Owner Given Name Owner Email Owner Id Owner Last Name Owner User Name Preventive Risk Score Role Definition Status Update Date Violation Action Violation Owner Email Violation Owner Given Name Violation Owner Id Violation Owner Last Name Violation Owner UserName Workflow Id	No
Policy Scan	Completion Date Creation Date Id Is Simulation Scan Target Start Date Status Total Rules Total Violations Update Date	No
Policy Violation	Creation Date Description Id Name Outcome Policy Rule Id Status Type Update Date User Id User Name Work Flow Id Start Date	No
Account Review Items (Not available as main datasource)	Account Display Name Account Id Account Type Actors Application Id Application Name Campaign Id Completion Date Confidence Score Creation Date Deadline Decision Decision By Decision Comments Decision Date Entitlement Display Name Entitlement Id Id Last Certified Primary Reviewer Id Primary Reviewer Type Provisioning Method Reviewers Status Update Date User Given Name User Name	No
Entitlement Review Items (Not available as main datasource)	Account Display Name Account Id Account Type Actors Campaign Id Completion Date Confidence Score Creation Date Deadline Decision Decision By Decision Comments Decision Date Entitlement Display Name Entitlement Id Id Last Certified Primary Reviewer Id Primary Reviewer Type Provisioning Method Reviewers Status Update Date User Given Name User Name	No
Role Membership Review Items (Not available as main datasource)	Actors Campaign Id Completion Date Confidence Score Creation Date Deadline Decision Decision By Decision Comments Decision Date Id Last Certified MembershipType Primary Reviewer Id Primary Reviewer Type Reviewers Role Id Role Name Status Update Date User Given Name User Name	No

Entity

Attributes

Query Limited?

Users

Account Status
City
Common Name
Consented Mappings
Country
Description
Display Name
Email Address
Generic Indexed Date 1
Generic Indexed Date 2
Generic Indexed Date 3
Generic Indexed Date 4
Generic Indexed Date 5
Generic Indexed Integer 1
Generic Indexed Integer 2
Generic Indexed Integer 3
Generic Indexed Integer 4
Generic Indexed Integer 5
Generic Indexed Multivalued 1
Generic Indexed Multivalued 2
Generic Indexed Multivalued 3
Generic Indexed Multivalued 4
Generic Indexed Multivalued 5
Generic Indexed String 1
Generic Indexed String 2
Generic Indexed String 3
Generic Indexed String 4
Generic Indexed String 5
Generic UnIndexed Date 1
Generic UnIndexed Date 2
Generic UnIndexed Date 3
Generic UnIndexed Date 4
Generic UnIndexed Date 5
Generic UnIndexed Integer 1
Generic UnIndexed Integer 2
Generic UnIndexed Integer 3
Generic UnIndexed Integer 4
Generic UnIndexed Integer 5
Generic UnIndexed Multivalued 1
Generic UnIndexed Multivalued 2
Generic UnIndexed Multivalued 3
Generic UnIndexed Multivalued 4
Generic UnIndexed Multivalued 5
Generic UnIndexed String 1
Generic UnIndexed String 2
Generic UnIndexed String 3
Generic UnIndexed String 4
Generic UnIndexed String 5
Given Name
Id
Last Name
Password Expiration Date
Password Last Changed Time
Postal Address
Postal Code
Preferences
Realm
State Province
Telephone Number
Update Date
User Name

Roles

Condition
Creation Date
Object Id
Realm
Role Description
Role Name
Temporal Constraints
Update Date

Organizations

Creation Date
Id
Org Name
Realm
Update Date

Applications

Application Name
Authoritative
Connector ID
Creation Date
Id
Mapping Names
Realm
Template Name
Update Date

Journeys

Component
Event Name
IP Address
Journey Name
Journey Result
Principal
Realm
Source
Timestamp
Tracking Ids
Transaction Id
User Id

Yes

Nodes

Component
Event Name
Journey Name
Node Event Time
Node Id
Node Name
Node Outcome
Node Type
Principal
Tracking Ids
Transaction Id
User Id

Yes

AM Access Outcome

Application Name
Component
Event Name
Event Time
Http Request Method
Http Request Path
Http Request Secure
IsActive
Realm
Request
Resource Owner Id
Scope
Status
Token Type
Transaction Id
User Id
User Name

Yes

AM Access Attempt

Component
Event Name
Event Time
Http Request Method
Http Request Path
Http Request Secure
Object Id
Realm
Status
Token Type Hint
Transaction Id
User Id

Yes

IDM Sync

Action
Event Time
Exception
Mapping
Message
Realm
Situation
Source Object
Status
Target Object

Yes

IDM Recon

Action
Event Time
Exception
Mapping
Message
Realm
Recon Id
Situation
Source Object
Status
Target Object
Transaction Id
User Id

Yes

IDM Config

After
Before
Changed Fields
Event Time
Object Id
Operation
Revision

Entitlements

Creation Date
Display Name
Entitlement Data
Entitlement Description
Entitlement Id
Update Date

Assignments

Assignment Description
Assignment Mapping
Assignment Name
Assignment Type
Creation Date
Realm
Update Date

Groups

Group Condition
Group Description
Group Name
Object Id

Internal Roles

Creation Date
Internal Role Condition
Internal Role Description
Internal Role Name
Object Id
Update Date

Accounts

Account Date
Application Name
Creation Date
Display Name
Id
Update Date
UserId

Campaigns

Certification Type
Completion Date
Creation Date
Deadline
Event Based
Id
Name
Owner Given Name
Owner Email
Owner Last Name
Owner User Name
Start Date
Status
Template Id
Update Date

Policy

Creation Date
Description
Id
Name
Owner Email
Owner Given Name
Owner Id
Owner Last Name
Owner User Name
Status
Update Date

Policy Rules

Allow Exception
Allow Remediation
Correction Advice
Creation Date
Description
Detective
Documentation Url
Id
Max Exception Duration
Mitigation Control
Name
Owner Given Name
Owner Email
Owner Id
Owner Last Name
Owner User Name
Preventive
Risk Score
Role Definition
Status
Update Date
Violation Action
Violation Owner Email
Violation Owner Given Name
Violation Owner Id
Violation Owner Last Name
Violation Owner UserName
Workflow Id

Policy Scan

Completion Date
Creation Date
Id
Is Simulation
Scan Target
Start Date
Status
Total Rules
Total Violations
Update Date

Policy Violation

Creation Date
Description
Id
Name
Outcome
Policy Rule Id
Status
Type
Update Date
User Id
User Name
Work Flow Id
Start Date

Account Review Items (Not available as main datasource)

Account Display Name
Account Id
Account Type
Actors
Application Id
Application Name
Campaign Id
Completion Date
Confidence Score
Creation Date
Deadline
Decision
Decision By
Decision Comments
Decision Date
Entitlement Display Name
Entitlement Id
Id
Last Certified
Primary Reviewer Id
Primary Reviewer Type
Provisioning Method
Reviewers
Status
Update Date
User Given Name
User Name

Entitlement Review Items (Not available as main datasource)

Account Display Name
Account Id
Account Type
Actors
Campaign Id
Completion Date
Confidence Score
Creation Date
Deadline
Decision
Decision By
Decision Comments
Decision Date
Entitlement Display Name
Entitlement Id
Id
Last Certified
Primary Reviewer Id
Primary Reviewer Type
Provisioning Method
Reviewers
Status
Update Date
User Given Name
User Name

Role Membership Review Items (Not available as main datasource)

Actors
Campaign Id
Completion Date
Confidence Score
Creation Date
Deadline
Decision
Decision By
Decision Comments
Decision Date
Id
Last Certified
MembershipType
Primary Reviewer Id
Primary Reviewer Type
Reviewers
Role Id
Role Name
Status
Update Date
User Given Name
User Name

1. PingOne® Identity Governance is an add-on capability to Advanced Identity Cloud. Contact your Ping Identity representative if you want to add PingOne® Identity Governance to your Advanced Identity Cloud subscription.

PingOne Advanced Identity Cloud

Advanced Reporting

Assign report_viewer group

Add a user to the report_viewer group

Create custom reports using Advanced Reporting

Entities and attributes available in advanced reports

Assign `report_viewer` group