Aid is based Qlik tool, following information will assist leanring about the AIC capabilities.
Should you have access to our University e-learnings:
Access Insights: Access Intelligence Center - QUICKLEARN SERIES
SP, developer portal, AIC ER Diagram:
https://developer.sailpoint.com/docs/reporting/access-intelligence-center
Qlik Help:
Qlik Natural Language Query Feature:
Also adding some search query examples for you to develop knowledge around the Search feature in ISC.
Find identities which have errors
processingState:ERROR
Find identities which were recently changed:
lastModified:>2018-04-19
Find identities which were recently created:
created:>2018-03-01 AND created:<2018-03-30
created:[2018-03-01 TO 2018-03-30]
Find all identities with a specific start date or end dates:
attributes.startDate:[2018-08-01 TO 2018-10-01]
attributes.endDate:[2018-09-01 TO 2018-09-30]
Find common identities which share manager by display name:
manager.displayName:"Bill Lumbergh"
Find common identities which share manager by manager ID:
manager.id:2c9180845d1edece015d27a96c973e0d
Find identities with directory accounts which are disabled.
@accounts(source.name:'Directory' AND disabled:true)
Find identities with a certain IdentityNow invitation status:
Note: IdentityNow has three invitation statuses, UNREGISTERED, PENDING, and REGISTERED. Choose the right one which works for you.
attributes.cloudStatus:UNREGISTERED
attributes.cloudStatus:PENDING
attributes.cloudStatus:REGISTERED
Find identities which have manually correlated accounts on a certain source:
@accounts(source.name:'Directory' AND manuallyCorrelated:true)
Find identities with privileged accounts (on any source):
@accounts( privileged:true )
Find identities with locked accounts (on any source):
@accounts( locked:true )
Find identities with disabled accounts (on any source):
@accounts( disabled:true )
Find identities with accounts from a source (e.g. Employees) which were created in the past month:
@accounts(source.name:'Employees' AND created:[2017-03-01 TO 2017-03-30])
Find identities with AD accounts which have had a password set within a certain time period (using AD passwordLastSet timestamp):
@accounts( source.name:"AD" AND passwordLastSet:[2017-08-01 TO 2017-09-01] )
Find all identities on a specific identity profile:
identityProfile.name:"Employees"
Find all identities who work in London:
attributes.location:London
Find all identities who work in London who started this year:
attributes.location:London AND created:[2018-01-01 TO now]
Find a user's direct reports:
manager.name:brandy.smith
Find users with a specific role:
@access(type:ROLE AND name:Inventory*)
Find inactive users with active accounts:
attributes.cloudLifecycleState:inactive AND @accounts(disabled:false)
Find out whether privileged access was revoked for previous contingent workers
identityProfile.name:contractors
AND attributes.cloudLifecycleState:(inactive transition)
AND @access(value:EXCHANGESERVER*)
Find users who haven't finished registering:
attributes.cloudStatus:PENDING
OR attributes.cloudStatus:UNREGISTERED
Find users from the Sales department who have Webex accounts who don't have a particular entitlement:
attributes.department:Sales
AND @accounts(source.name:webex)
AND NOT @access(value:"MeetingType 220")
Find identities that don't have a manager:
NOT _exists_:manager
Find all the identities with elevated user levels (within IdentityNow):
@access(value:(ORG_ADMIN OR HELPDESK OR DASHBOARD OR CERT_ADMIN)
AND type:ENTITLEMENT
AND source.name:IdentityNow)
Find all the identities with IdentityNow admin access:
@access(value:ORG_ADMIN AND type:ENTITLEMENT AND source.name:IdentityNow)
Find all identities that have a lifecycle state of terminated in IdentityNow with accounts on Active Directory that are still enabled:
attributes.cloudLifecycleState:Inactive
AND @accounts(source.name:"Active Directory"
AND disabled:"false")
Find identities that are active in IdentityNow but who have disabled Active Directory accounts:
attributes.cloudLifecycleState:Active
AND @accounts(source.name:"Active Directory"
AND disabled:"true")
Find all active identities that have anything listed in their personal email field:
attributes.cloudLifecycleState:active
AND _exists_:attributes.personalEmail