Reporting features and settings

Reports are created by collecting and manipulating data from various data sources. OneSpan Authentication Server provides the ability to run standard supplied reports or to create your own custom reports. The basic concepts and features behind reporting in OneSpan Authentication Server are described in the following sections.

Report types

There are four general report types in OneSpan Authentication Server:

  • List Analysis. Lists all items that match the criteria specified in the report definition, e.g. a list of users without assigned authenticators.
  • Detailed Analysis. Shows detail of the events specified in the report definition, e.g. a detailed list of failed authentications for a user.
  • Distribution Analysis. Shows a count of events and objects, e.g. the number of failed authentications for a domain.
  • Trend Analysis. Shows a trend over a period of time for the objects specified in the report definition. For trend analysis reports, there is an extra parameter, namely the period of time for which the data should be extracted by hour, day, month, and year.

All reports, whether standard or custom, are based on these report types. Each report type retrieves information from either the audit data, the data store, or both.

Grouping levels

The grouping level specifies how data in the report should be grouped:

  • Client. If a report has set the grouping level to Client, each (physical) client connected will be represented individually.
  • Domain.
  • Organizational Unit. If a detailed or list report has set the grouping level to Organizational Unit, the data for all the users in that organizational unit will be added together and represented only once under the organizational unit.
  • User. If a detailed or list report has set the grouping level to User, each user will be represented individually.
  • Digipass.

Data sources

Each report is generated from data existing in OneSpan Authentication Server:

  • Users. Generates the report based on the user information from the OneSpan Authentication Server data store.
  • Users + Audit Data. Generates the report based on the user information from the OneSpan Authentication Server data store and the audit data from OneSpan Authentication Server.
  • Digipass. Generates the report based on the authenticator information from the OneSpan Authentication Server data store.
  • Digipass + Audit Data. Generates the report based on the authenticator information from the OneSpan Authentication Server data store and the audit data from OneSpan Authentication Server.
  • Audit Data. Generates the report based on the audit data only. This means that the results are grouped by the distinct grouping objects, e.g. client components, found in the audit data for the selected reporting time period, whether they currently exist in the OneSpan Authentication Server database or not.
  • Users + Digipass. Generates the report based on the user and authenticator information from the OneSpan Authentication Server data store. This option can be used for list or detailed analysis reports only.

Each report type can use different data sources (see Table: Report types and available data sources).

Table: Report types and available data sources
  List
analysis
Detailed
analysis
Trend
analysis
Distribution
analysis
Database
Audit data
Audit data + Database Not supported

Administrative scope of reports

The administrative scope of reports allows you to define the part of the organizational structure the report is generated for. With this administrative scope it is possible to determine which users, authenticators, organizational units, and domains are included in the report processing and the relevant output.

Administrator levels are not considered when creating reports!

  • All domains. Running the report is initiated by a master domain administrator. Objects are processed over all domains, including the master domain.
  • Single domain. Running the report is initiated by a single domain administrator. Objects that are part of the same domain are processed.
  • Multiple domains. Running the report is initiated by a multiple domain administrator. Objects that are part of the same domains for which the administrator has the relevant permissions are processed.
  • Org unit and all child org units. Running the report is initiated by an organizational unit administrator. Objects that are part of the same organizational unit and all its child organizational units are processed.

The administrative scope is not applicable to reports on client applications.

Time zones

When configuring report settings, you can specify a time zone. This time zone will be used for:

  • The report's specified time period
  • All logs in the report (if any)

Fields

You can filter report data at a field level, but only in the following cases:

  • The report type is Detailed Analysis or List Analysis.
  • The data is collected from the Audit data source.

If no specific fields are selected, then all fields are included in the report. For example, your report could display the number of session times over one hour within the past week.

Queries

You can customize reporting data by setting one or more queries.

For example, to generate a report for a specific audit message type, e.g. Authentication, you can specify the following line in your query:

Audit Message = 'Authentication'

With this query defined, you will only receive report data about Authentication audit messages in your report.

You can use multiple queries to gain even finer-grained control of data. For example, the Authentication Activity by Client report includes the following query data:

Audit:Category equals Authentication,
Audit:Type equals success,
Audit:Code equals S-002001,
Audit:Code equals S-010001

The Query value field can also recognize free text for time values. For example:

Audit:Timestamp + is greater than + "6 months ago"

Permissions

Each report definition has an owner. The owner is usually the administrator who created the report definition, but you can transfer ownership to another administrator in the same domain. The permissions associated with each report determine the following:

  • Who can run the report. Report usage can be restricted to the report owner, or it can be granted to other administrators.
  • Who can change the report definitions. The ability to change the report format and details can be restricted to the report owner, or it can be granted to other administrators.
  • Who can view the report.

Usage permissions

There are three types of usage permissions:

  • Private. Only the owner can run the report.
  • Domain. The report can be run only by administrators that belong to the domain where the report is defined.
  • Public. All administrators in all domains can run the report.

Change permissions

There are three types of change permissions:

  • Private. Only the owner can change the report.
  • Domain. The report can be changed only by administrators that belong to the domain where the report was defined.
  • Public. All administrators in all domains can change the report.

Viewing reports

Both the usage and the change permission settings determine who can view the report. If both report permissions are set to Private, then only the report owner can view the report. If the report has the usage permission set to Private, and a change permission other than Private (or vice versa), then all administrators (change permission set to Public) or administrators in the same domain (change permission set to Domain) with the View Report administrative privilege can view the report.

Domain administrators with the Access Private Reports administrative privilege can view reports with both the usage and change permissions set to Private. If they have adequate administrative privileges, they can also change or run private reports.

Standard reports have private permissions relating to changing the reports, and public permissions relating to running and viewing the reports.

Templates

Reports can be generated in XML, HTML, or PDF format. When defining a report, you can do one of the following:

  • Use the default XML or PDF templates.
  • Provide your own custom template definition.

You define templates when you create a report definition, and then select one from a list when you run the report. Each report definition can have more than one formatting template.

Initially, report data is always generated in XML format. A SQL query retrieves the data that is required for the report. The generation finalization process thereafter depends on the required output format:

  • XML and HTML. OneSpan Authentication Server supports XSLT transformation to produce desired reporting output. The result of the SQL query and the report type are then combined into an XML report. The XML report and the report format template are combined to produce the finished report in the required format (XML or HTML).

  • PDF. The XML data is run through a PDF generator to produce a basic PDF report. This is then combined with the template data (including header, footer, and logo), to provide a finished PDF with bookmarked headline sections. The PDF header, footer, and logo can be customized, or use the standard template.

    Only PDF reports can be generated in the background. As such, running a report with XML or HTML outputs will block the Administration Web Interface until the reporting task completes.

Report retrieval

You can retrieve saved PDF reports via REPORTS > Retrieve report in the Administration Web Interface. The PDF report can be opened directly or it can be saved.