Feedback Ideas

Provide the ability to validate via a manager approval instead of email or SMS. Currently you can work around this by setting a email or SMS option to direct to a manager but then you manager needs to be available by some form of direct communication. It's proposed that a more elegant solution be created to let the manager approve be available and not abused.

The application currently used by our Human Resources department is provided by the Los Angeles County Office of Education (LACOE) and is called HRS. It consists of a large set of database files that NIM can read to automate staff and faculty account management. HRS will be phased out as we join LACOE’s next group of school districts migrating to their new Human Capital Management (HCM) system as part of the BEST program. This transition is expected to begin sometime next year. HR has been informed by LACOE that both HRS and HCM will likely be used concurrently during the transition period. While this will likely double HR’s workload, it may also impact our current NIM setup. If the new system can be added in advance, or if we can ask NIM engineers to prepare for it ahead of time, we may be able to reduce troubleshooting and minimize potential errors or issues. I've added a few links from LACOE that may be helpful: LACOE Business Enhancement System TransformationHuman Capital Management (HCM) Course Catalog LACOE's BEST Project Newsletters: April 2025May 2025August 2025October 2025 Thank you, George Garabigie Systems Analyst | Burbank Unified School District

NIM currently supports only two access levels: FULL or APPS-only. It would be helpful to have an "admin light" security level for junior admins to manage existing source syncs and run existing schedules/jobs when needed, but not be able to make changes to role model, mappings, filters, or what-have-you.

To protect NIM configuration natively, we should provide the ability to schedule automatically backups. This is beneficial when there are multiple NIM Administrators making configuration changes and often forget to back up their configuration.

A proposed enhancement to the product is the introduction of workflows, allowing requests to be reviewed and approved by designated reviewers before proceeding. This would be particularly beneficial in scenarios such as application access requests or provisioning processes, ensuring oversight and compliance. How Workflows Would Improve the Product Approval Mechanism – When a user submits a request (e.g., access to an application or a provisioning action), it enters a workflow where assigned reviewers must approve or reject it before execution. Role-Based Reviewers – Approval requests could be routed to specific individuals based on their roles (e.g., managers, security officers, or compliance teams). Multi-Step Approvals – Workflows could support multi-tiered approvals where different stakeholders must review a request at various stages. Audit and Compliance – Each approval or rejection would be logged, providing a clear audit trail for governance and regulatory requirements. Example Use Case A user requests access to an HR application. Instead of immediate access, the request follows this workflow: Step 1: The user's manager reviews and approves the request.Step 2: If approved, the HR department reviews and grants final approval.Step 3: Upon approval, the provisioning process assigns the necessary permissions automatically. By incorporating workflows, the product enhances security, ensures compliance, and streamlines access management while preventing unauthorized changes.

Allow a temporary increase to thresholds in jobs. I have seen several customer NIM environments recently where they had adjusted the job thresholds to allow for the spike in enrollment changes at the beginning of the school year. It was set to really high number and they had forgotten to set it back to a modest number. In one instance, the customer had ALL of their employee's Google groups removed.

Provide the option to attach files to mail templates. Perhaps we can provide the ability to specify an attachment(s) by specifying a path, filter or audit query.

It would be nice to be able to structure & reorder roles either through folders, or child roles akin to filters.

It's no fun getting evaluation reports every hour that show zero changes to be made. An option to only send evaluation reports when there are changes to be made in the target systems would be nice.

There would be some potential benefit in having an Admin Dashboard when you login to the NIM Studio. Essentially providing an overall health status for the service. Here are some key items you would see System/Filters/Jobs/Scheduler StatusesLicense StatusBackup StatusConnector/Service UpdatesConfiguration RecommendationsRecent Error logs Attached is a concept of the information that could be presented

Password Reset module of NIM provides a multitude of possibilities but it's prime function is Account recovery via password reset. Previously SSRPM provide a landing page for multiple options (Enroll, Reset Password, Unlock, Manage Attributes, Lookup Username) NIM should provide an option to have a landing page that can provide options for different Password Reset profiles (e.g. Reset Password, Unlock Only). This provides a simple point of entry. Expansion on this is to allow only certain hostnames to be allowed. For example if my nim host name is "nim.domain.com", I maybe want to have password reset point to "reset.domain.com". This would mean then if I go to "reset.domain.com" I would land on the dashboard page to select my option.

If Roles could be tagged with a Type, then when scheduled, rather than just selecting groupMembership -> target it could be groupMembership ->target to only run the specific tagged roles for that target. This could allow separation of Role concerns (e.g. Students roles not running Employee roles).

Currently, you have to export all columns that are turned on in a filter. This prevents you from using ordering on data that you don't want in the export. There should be an option to select which columns that are present in the filter that we want to export in the scheduler's export and multi-export options.

Currently NIM does not use the data types and keys from the connector. To simplify the process in adding an new system this should be automatically loaded and used. Additionally it would be beneficial if relations would be defined and used in the connector too.

Currently if we want to make apps, like the Onboarding Portal for example, accessible on the internet we have to make our entire NIM server, with all of it's PII and sensitive data, accessible on the internet. Their needs to be an option to run the Apps on a separate server that can be placed in the DMZ and leave the server with the data behind the firewall.