Reporting Overview
Menu path: Observe → Overview
URL: /en/insights/dashboard/identity/overview
Purpose
The Reporting Overview is the landing page for the Observe module. It provides a high-level snapshot of the most important IAM health metrics across your organisation, acting as a daily briefing for administrators. It is designed to answer the question: "Is anything on fire right now, and where should I look first?"
The page is divided into two sections: Daily Insights (a quick alert triage list) and IAM Eco-System Overview (contextual charts linking identities, accounts, data sources, and data quality).
Daily Insights
The Daily Insights panel is a rapid-fire list of key metrics, each with an alert status indicator and a direct link to drill down into the affected records. Amber warning icons indicate issues that need investigation; green check marks indicate that particular metric is clean.
| Metric | What it means |
|---|---|
| Orphaned Accounts | Accounts in directories that cannot be linked to any identity or person. These are candidates for review and potential disablement. |
| Orphaned Identities | Identity records in Apporetum that have no linked Workforce Person - they exist in the system but cannot be traced back to a known HR record. |
| Inactive Accounts | Enabled accounts that have had no logon activity in the last 45 days. |
| Dormant Accounts | Enabled accounts with no logon in the last 90 days - a longer-term inactivity signal. |
| Account With Stale Passwords | Enabled accounts whose passwords have not been changed in over a year. |
| Active Past Expiry | Accounts that have been used after their account expiry date - a sign of leavers still accessing systems. |
| Enabled Post Departure | Accounts that remain enabled after the associated workforce person's end date. |
| Activity Post Departure | Accounts with recorded logon activity after the person's departure date - the most serious leaver-risk indicator. |
Each metric links directly to a filtered query or report page so you can immediately investigate the affected accounts.
How to interpret the Daily Insights panel
Focus first on any items with numbers against them, particularly the departure-related metrics (Active Past Expiry, Enabled Post Departure, Activity Post Departure), as these represent active security risks where former employees or contractors may still have access. Orphaned accounts and stale passwords are important hygiene issues but are typically lower urgency unless they involve privileged accounts.
IAM Eco-System Overview
Source of Authority - Where is the Source for our Identities?
Chart type: add example --> Donut chart
Links to: Identities report
This chart answers the question: "Where does the identity data come from?" It shows how the total identity population is distributed across source feeds (HR systems). In a well-governed environment, the majority of identities should be sourced from a trusted HR or workforce management system. A large proportion of "System Managed" or unlinked identities may indicate accounts created outside normal provisioning processes that are not governed by the standard joiner/leaver lifecycle.
What to look for: If a significant number of identities are labelled "System Managed" rather than tied to an HR feed, this warrants investigation. It suggests accounts exist in your environment that were created manually or through processes that bypass your HR-driven lifecycle controls.
Accounts - What Type of Accounts Do We Have?
Chart type: add example --> Grouped bar chart
Links to: Accounts report
This chart shows the breakdown of account types across each data source (directory). Account types typically reflect organisational categories such as standard user accounts (Productivity, Finance), privileged/admin accounts (Admins), specialised accounts (Contractor, Breakglass), and test accounts.
What to look for: A high proportion of admin accounts relative to standard accounts is a warning sign of privilege sprawl. Test accounts that persist in production are a hygiene and risk issue. Breakglass accounts should be very few in number and tightly controlled.
System Check - Are all your Data Sources Healthy?
Chart type: add example --> Status tiles per data source
Links to: Data source configuration pages
A red/error indicator means that Apporetum cannot currently sync data from that source, which means reports in this module may not reflect the current state of that directory. This is a critical operational check - if a data source is unhealthy, the accuracy of all downstream reports is compromised.
What to look for: Any red indicators require immediate investigation. An unhealthy data source means the data in Apporetum is stale, and decisions made on the basis of that data may be incorrect.
Data Inconsistencies - Does Accounts Match HR Records?
Chart type: add example --> Horizontal bar chart
Links to: Accounts report
This chart highlights data quality problems - cases where account attributes in the directory do not match what the HR system records for that person. The attributes checked include Display Name, First Name, Surname, Employee ID, and Employee Number.
What to look for: High mismatch counts on Employee ID or Employee Number are particularly significant because these are often used as the authoritative joining key between HR and directory systems. If these are wrong, automated processes (like provisioning and deprovisioning) may fail or target the wrong accounts. Display Name and name mismatches may indicate maiden name changes, preferred names, or data entry errors that need resolution.