Generate campaign reports
Generate a report
Access review campaigns have built-in reports that show the progress and prove the outcomes of the campaign. Reports can be generated at any time after a campaign has started.
To generate a report:
In the navigation panel, click Campaigns.
Click the name of the campaign you’re interested in.
Click Reports > Generate report and confirm your action.
The report is compiled for you. Depending on the size of the campaign, this might take several minutes, so please be patient.
When the report is ready, click Download to receive the report in Excel format.
How to read reports
The report is generated as a spreadsheet with two tabs. Read on to learn about the contents of each report tab.
Overview tab
Category | Description | ||
---|---|---|---|
Target Completion Date | Date the Campaign Owner selected as the end date when preparing the campaign | ||
Actual Completion Date | Date the Campaign Owner actually ended the campaign | ||
Total Reviews | The number of reviews included in the campaign | ||
Marked Out of Scope | The number of reviews excluded from a campaign (often these are service accounts) | ||
Selection Criteria | Provides the policies, entitlements, entitlement description, and number of reviews included |
Access reviews tab
Category | Description | |
---|---|---|
Review ID | Unique ID assigned to each review [task] included in a Campaign | |
Application | The Application included in this Campaign [the Application is determined when selecting Entitlements] Ex: GitHub, AWS | |
App Identity | [Local User Account] C1 maintains an optional mapping from the local account identity in the Application to a ConductorOne user account This is also viewable under Applications >> find the App >> click Identities Ex: smith.jane@gmail.com | |
User Name | Full Name associated with an individual found within the associated Application This is also viewable under Applications >> find the App >> click Identities Ex: Jane Smith | |
Identity Type | User or Service Account | |
Account Owner | The account in your HR or IdP system that is associated with the user account in the app. Ex: Jane Smith | |
Account Owner Email | Email associated with the above account owner Ex: smith.jane@acme.com | |
Entitlement Name | The name of the Entitlement in the specified Application. A row is created for each Entitlement Ex: Repo Contributor T5 or AWS App Access | |
Entitlement Resource | The subject Resources for an Entitlement Ex: The Repository name in a GitHub | |
Entitlement Type | Ex: Repository, Advanced Server Access, Application | |
Entitlement Description | Describes the access rights of that Entitlement Ex: access to AWS in Okta | |
In Scope | [True or False] When preparing a Campaign, an ADMIN can determine if certain account types should be excluded. This will confirm if that task was included [True] or excluded [False] from the Campaign | |
Review Started On | Date an ADMIN clicked "Start Campaign" | |
Due Date | Date an ADMIN choses when creating a Campaign | |
Reviewers | The individuals required to action the review [task] | |
Reviewed By | The individuals that actioned the review [task]. This will also include the name of the new Approver if a task is re-assigned | |
Review Decision | Options Include: Approve, Approve with Comment [comment included in Audit Trail], Deny, Skipped An ADMIN can chose to "Skip" review when ending a Campaign and a user has not yet actioned the review [task] | |
Audit Trail | The API representation of the audit event [Campaign]. This will contain all the raw data. | |
Tenant ID | A unique internal identifier for the Campaign |
Verify report hashes
If you need to verify the checksum of a downloaded report for auditing purposes, here’s what to do:
In the navigation panel, click Campaigns.
Click the name of the campaign you’re interested in.
Click Reports. You’ll see the file hashes for each report you’ve generated.
If necessary, download the report.
On the command line, navigate to the directory where the downloaded report file is stored. Run the commands appropriate to your operating system, subbing in the name of the downloaded report for <FILENAME>.
Windows
CertUtil -hashfile <FILENAME> MD5 CertUtil -hashfile <FILENAME> SHA256
Linux
md5sum <FILENAME> sha256sum <FILENAME>
MacOS
md5 <FILENAME> shasum -a 256 <FILENAME>
Compare the output of the commands with the file hashes printed on the Reports page. The checksums will match if the downloaded file has not been altered.