Autonomous Identity 2021.3.3

Run Reports

By this point, you should have ingested the data files into Autonomous Identity. Training involves two steps: the first step is an initial machine learning run where Autonomous Identity analyzes the data dn produces the association rules. In a typical deployment, you can have several million generated rules. Each of these rules are mapped from the user attributes to the entitlements and assigned a confidence score.

Run Insight Report

Next, run an insight report on the generated rules and predictions that were generated during the training and predictions runs. The analytics command generates insight_report.txt and insight_report.xlsx and writes them to the /data/input/spark_runs/reports directory.

The report provides the following insights:

  • Number of assignments received, scored, and unscored.

  • Number of entitlements received, scored, and unscored.

  • Number of assignments scored >80% and <5%.

  • Distribution of assignment confidence scores.

  • List of the high volume, high average confidence entitlements.

  • List of the high volume, low average confidence entitlements.

  • Top 25 users with more than 10 entitlements.

  • Top 25 users with more than 10 entitlements and confidence scores greater than 80%.

  • Top 25 users with more than 10 entitlements and confidence scores less than 5%.

  • Breakdown of all applications and confidence scores of their assignments.

  • Supervisors with most employees and confidence scores of their assignments.

  • Top 50 role owners by number of assignments.

  • List of the "Golden Rules", high confidence justifications that apply to a large volume of people.

  1. Run the insight command.

    $ analytics insight

    The analytics job displays the JSON output log during the process and refreshes every 15 seconds. When the job completes, you should see the following JSON output at the end of the log if the job completed successfully:

            …​
        "Time to Complete: 47.645989656448364s",
        "
stderr: "
    ],
    "total": 53
}

  2. Access the insight report. The report is available at /data/output/reports in .xlsx format.

Run Anomaly Report

Autonomous Identity provides a report on any anomalous entitlement assignments that have a low confidence score but are for entitlements that have a high average confidence score. The report’s purpose is to identify true anomalies rather than poorly managed entitlements.

The report generates the following points:

  • Identifies potential anomalous assignments.

  • Identifies the number of users who fall below a low confidence score threshold. For example, if 100 people all have low confidence score assignments to the same entitlement, then it is likely not an anomaly. The entitlement is either missing data or the assignment is poorly managed.

  1. Run the anomaly command to generate the report.

    $ analytics anomaly

    The analytics job displays the JSON output log during the process and refreshes every 15 seconds. When the job completes, you should see the following JSON output at the end of the log if the job completed successfully:

            "",
        "Time to Complete: 97.65438652038574s",
        "
stderr: "
    ],
    "total": 48
}

  2. Access the anomaly report. The report is available at /data/output/reports in .csv format.

Run the Role-Mining Report

Autonomous Identity provides several reports that uses the results of the Autonomous Identity analytics to identify high confidence entitlement asignments under common rules that could serve as potential roles if implemented. Autonomous Identity also generates reports that list the users who will get the roles and a report on a list of role users who are missing the key entitlements.

The three reports can be used to generate Tableau views detailing the created roles. Tableau is a business visualization and analytics software tool.

The Role Mining reports uses two configurable criteria:

  • Confidence threshold. Only rule-entitlement combinations that scored above this threshold are considered for role generation.

  • Minimum number of people allowed in generated roles. A role will only be created if at least this many people have the rule-entitlement combination.

There are three types of role-mining reports:

  • role_definitions.csv. Reports the clusters of entitlements that define a role.

  • role_assignees.csv. Lists the users and the roles they will be assigned.

  • role_definitions.csv. Lists the new assignment as a result of the generated and applied roles.

  • Run the insight report.

    $ [../../resources/examples.bash:#run-role-mining-report]
Copyright © 2010-2022 ForgeRock, all rights reserved.