I’m starting this discussion to gather insights on how everyone is handling advanced reporting use cases in ISC, particularly scenarios that require combining multiple data points into a single, comprehensive report.
For example:
Generating an access request report that includes requestor, requestee, approvals, and comments — where some of these details are not readily available out-of-the-box.
Producing a certification report that captures approver actions (who approved/rejected and when), along with revocation outcomes (success/failure).
From my understanding, ISC does not offer the same level of flexibility for custom reporting as IIQ (e.g., using QueryOptions and object relationships to construct richer reports). Instead, most data access seems to rely on APIs.
I am keen to understand how others are addressing these reporting requirements in your environments. How are you handling the enrichment of data for such use cases? Leverage on external reporting platform (e.g. PowerBI, datawarehouse) or scheduled job to call APIs to construct the report in CSVs?
Appreciate any approaches, patterns, or workarounds you can share, besides suggestion for shifting operating models to purely to fit ISC limitations.
For access request please check access request approval API available which should meet your need.
For certification the status report gives the details you’re after. admin→certifications –> campaign –> campaign name –> download reports –> status report.
Sailpoint certification report you can find from admin→certifications –> campaign –> campaign name –> download reports , You will find different types of reports there.
ISC reporting is API-driven and UI Based. For advanced use cases like use the Search API. It allows you to query across indexed data and correlate multiple attributes in a single response.
You can:
Fetch access requests, approvals, comments, and identities in one query (depending on indexed fields)
Build custom filters and aggregations
Join/enrich data in your script (Python/PowerShell) if needed
For most scenarios, Search API + lightweight post-processing is sufficient instead of external tools.
Recommendation:
Go through ISC search capabilities in detail — most complex reporting requirements can be solved using this endpoint alone. Search | SailPoint Developer Community
AIC is worth exploring for this use case. Certification campaign data like approver actions and completion rates works well in AIC. I was able to get the managers, number of items they are certifying, number of items that have been reassigned, managers that needed to sign off, etc.
We built something similar to show the general information which includes
Access Request overview → shows all the access requests which are pending for approval from whom and since when.
– All completed access request history along with approval information from each step.
– total number of access requests in cancelled , completed or provisioning failure status.
For me, i am making use of multiple data points as you described for approvers, governance group memebers and ofcourse beneficiaries and requestors.
For governance groups → the data source is governance group api along with the api to get memebers for individual governance groups.
For all identity or role related information search is the option i am using.
Most importantly, these dashboard we built in powerBI platform as AIC was not available at that point of time. So far it has been working properly for last 5 years.
I hope this helps, if you need more information, please feel free to let me know.