Generate reports
Access review campaigns have built-in reports that show the progress and prove the outcomes of the campaign. Reports can be generated at any time after a campaign has started.
- In the navigation panel, click Campaigns.
- Click the name of the campaign you’re interested in.
- Click Reports > Generate Report and confirm your action.
- The report is compiled for you. Depending on the size of the campaign, this might take several minutes, so please be patient.
- When the report is ready, click Download to receive the report in Excel format.
How to read reports
The report is generated as a spreadsheet with two tabs. Read on to learn about the contents of each report tab.
Overview
| Category | Description | ||
|---|---|---|---|
| Target Completion Date | Date the Campaign Owner selected as the end date when preparing the campaign | ||
| Actual Completion Date | Date the Campaign Owner actually ended the campaign | ||
| Total Reviews | The number of reviews included in the campaign | ||
| Marked Out of Scope | The number of reviews excluded from a campaign (often these are service accounts) | ||
| Selection Criteria | Provides the policies, entitlements, entitlement description, and number of reviews included |
Access reviews
| Category | Description | |
|---|---|---|
| Review ID | Unique ID assigned to each review [task] included in a Campaign | |
| Application | The Application included in this Campaign [the Application is determined when selecting Entitlements] Ex: GitHub, AWS | |
| App Identity | [Local User Account] C1 maintains an optional mapping from the local account identity in the Application to a ConductorOne user account This is also viewable under Applications >> find the App >> click Identities Ex: smith.jane@gmail.com | |
| User Name | Full Name associated with an individual found within the associated Application This is also viewable under Applications >> find the App >> click Identities Ex: Jane Smith | |
| Identity Type | User or Service Account | |
| Account Owner | The account in your HR or IdP system that is associated with the user account in the app. Ex: Jane Smith | |
| Account Owner Email | Email associated with the above account owner Ex: smith.jane@acme.com | |
| Entitlement Name | The name of the Entitlement in the specified Application. A row is created for each Entitlement Ex: Repo Contributor T5 or AWS App Access | |
| Entitlement Resource | The subject Resources for an Entitlement Ex: The Repository name in a Github | |
| Entitlement Type | Ex: Repository, Advanced Server Access, Application | |
| Entitlement Description | Describes the access rights of that Entitlement Ex: access to AWS in Okta | |
| In Scope | [True or False] When preparing a Campaign, an ADMIN can determine if certain account types should be excluded. This will confirm if that task was included [True] or excluded [False] from the Campaign | |
| Review Started On | Date an ADMIN clicked "Start Campaign" | |
| Due Date | Date an ADMIN choses when creating a Campaign | |
| Reviewers | The individuals required to action the review [task] | |
| Reviewed By | The individuals that actioned the review [task]. This will also include the name of the new Approver if a task is re-assigned | |
| Review Decision | Options Include: Approve, Approve with Comment [comment included in Audit Trail], Deny, Skipped An ADMIN can chose to "Skip" review when ending a Campaign and a user has not yet actioned the review [task] | |
| Audit Trail | The API representation of the audit event [Campaign]. This will contain all the raw data. | |
| Tenant ID | A unique internal identifier for the Campaign |