How to generate report of failed provisioning in various systems - grouped by system, user, along with what failed and reason for failure

Have a following requirement, where I need to generate report and send it to stakeholders.

HR Reconciliation was done on Monday this week. Post that, there were changes (joiners/movers/leavers). For those changes, appropriate access changes were done across various systems. Some were successfully executed and some had failed.

Provide a report of failures that occurred in various systems grouped by system followed by user-name, what failed and why.

How can I generate this report?

@ChandrakalaS Since you want provisioning changes post HR reconciliation (joiners/movers/leavers), you can filter on account activity using Search that captures such events. What I usually use is:

action:"Access Request" OR action:"Identity Refresh" OR action:"Account State Update" OR action:"Account Attribute Update"

You can add additional filters like

• status:Failed - to capture only the failures.
• created:[ TO now] - to limit results since this week’s reconciliation.

Once filtered, export results to CSV. This file will include: Application, Identity, Action, Status, and Error / Completion message. Add columns using column choser as per your need.

For these reports:

• If it’s a one-time request then use search query + export CSV manually.
• If it’s weekly recurring then use saved search + scheduled report for this query.

Thanks,

Arshad.

@Arshad Thanks, as suggested by you I built a query given below and able to get all failed provisioning and Deprovisioning Events.

attributes.sourceName:* AND created:[now-30d TO now] AND status:“FAILED” AND operation:(“ADD”,“REMOVE”,“MODIFY”,“ENABLE”,“DISABLE”,“REQUEST”,“UPDATE”,“CREATE”)