# User and access reports

Use these reports to track users, assigned access, lifecycle events, and login activity.

### <kbd>USER\_REPORT</kbd>

**Service class:** `UserReportService`

Generates a directory-style user listing.

#### Output includes

* first, last, and middle name
* employee ID, company, and department
* user status and account status
* email, phone, login, and last login date
* start date, end date, and manager

#### Key behavior

* supports multi-status filtering
* supports supervisor hierarchy filtering
* uses ElasticSearch for performance
* supports pagination

### <kbd>USER\_ACCESS\_REPORT</kbd>

**Service class:** `UserAccessReportService`

Shows roles and groups assigned to users.

#### Output includes

* user name, login, and employee ID
* user and account status
* access type and access name
* access start and end dates
* access rights details and related resources

#### Key behavior

* caches roles, groups, and resources
* supports managed system and entitlement filters
* supports a show-all-entitlements option

### <kbd>LAST\_LOGIN\_REPORT</kbd>

**Service class:** `LastLoginReportService`

Tracks recent user login activity.

#### Output includes

* first and last name
* login ID
* last login date and time
* last login IP address
* user count metric

#### Key behavior

* does not use ElasticSearch
* supports date-based filtering
* runs as a lightweight query

### <kbd>USER\_LIFE\_CYCLE\_ACTIVITIES</kbd>

**Service class:** `UserLifeCycleActivitiesReportService`

Tracks lifecycle requests and related approvals for a user.

#### Output includes

* request number, type, and status
* user identity and profile fields
* manager and organization data
* request dates, description, and notes
* first, second, and third approver decisions

#### Key behavior

* shows complete request history
* tracks activity over time
* supports supervisor filtering
* covers multiple request types

### <kbd>ORPHANED\_USER\_ACCOUNTS</kbd>

**Service class:** `OrphanedUserAccountsReportService`

Finds accounts in target systems that are not linked to an OpenIAM identity.

#### Output includes

* account identity
* managed system name
* first and last name
* email address
* employee ID
* created date

#### Supported filters

* managed system ID
* identity
* first name and last name
* email address
* employee ID
* created date range

#### Key behavior

* highlights data quality issues
* supports multi-criteria search
* caches managed system lookups
* supports email or download delivery

### <kbd>TERMINATED\_USER\_REPORT</kbd>

**Service class:** `TerminatedUserReportService`

Tracks terminated users and deprovisioning status.

#### Output includes

* employee ID
* managed system name
* user status
* identity status
* end date and actual termination date
* custom fields `1` through `5`

#### Key behavior

* uses a dedicated backend service
* tracks deprovisioning status
* supports custom fields
* supports date range filtering


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs-beta.openiam.com/openiam-report-services/user-and-access-reports.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.