Feedback Ideas

Currently if we want to make apps, like the Onboarding Portal for example, accessible on the internet we have to make our entire NIM server, with all of it's PII and sensitive data, accessible on the internet. Their needs to be an option to run the Apps on a separate server that can be placed in the DMZ and leave the server with the data behind the firewall.

When a session is about to expire, there is no way to extend your session. You are simply told to save your work, and then you must log back in after your session expires, regardless of what you are doing. If you are actively working on something, this is rather disruptive. Instead, it would be good to either A.) trigger session expiration only after a period of inactivity, or B.) allow users to click a button to extend their session and continue working.

NIM currently supports only two access levels: FULL or APPS-only. It would be helpful to have an "admin light" security level for junior admins to manage existing source syncs and run existing schedules/jobs when needed, but not be able to make changes to role model, mappings, filters, or what-have-you.

Allow a temporary increase to thresholds in jobs. I have seen several customer NIM environments recently where they had adjusted the job thresholds to allow for the spike in enrollment changes at the beginning of the school year. It was set to really high number and they had forgotten to set it back to a modest number. In one instance, the customer had ALL of their employee's Google groups removed.

If Roles could be tagged with a Type, then when scheduled, rather than just selecting groupMembership -> target it could be groupMembership ->target to only run the specific tagged roles for that target. This could allow separation of Role concerns (e.g. Students roles not running Employee roles).

It's no fun getting evaluation reports every hour that show zero changes to be made. An option to only send evaluation reports when there are changes to be made in the target systems would be nice.

Password Reset module of NIM provides a multitude of possibilities but it's prime function is Account recovery via password reset. Previously SSRPM provide a landing page for multiple options (Enroll, Reset Password, Unlock, Manage Attributes, Lookup Username) NIM should provide an option to have a landing page that can provide options for different Password Reset profiles (e.g. Reset Password, Unlock Only). This provides a simple point of entry. Expansion on this is to allow only certain hostnames to be allowed. For example if my nim host name is "nim.domain.com", I maybe want to have password reset point to "reset.domain.com". This would mean then if I go to "reset.domain.com" I would land on the dashboard page to select my option.

There would be some potential benefit in having an Admin Dashboard when you login to the NIM Studio. Essentially providing an overall health status for the service. Here are some key items you would see System/Filters/Jobs/Scheduler StatusesLicense StatusBackup StatusConnector/Service UpdatesConfiguration RecommendationsRecent Error logs Attached is a concept of the information that could be presented

Currently, Role Mining in NIM evaluates groups in a target system (e.g., Active Directory, Google Workspace) and compares them to existing roles in the Role Model. However, NIM should also support attribute-based Role Mining, allowing administrators to analyze existing permissions based on user attributes such as title, department, and company. For example, an administrator could identify all users with a common attribute (e.g., Department = Human Resources) and assess how many have a specific group or permission. This insight would then enable the administrator to automatically create a role based on the observed patterns, streamlining role definition and ensuring alignment with business structures.

Connect to photos in LIfetouch database to export photos by student ID for upload to various systems (i.e. PowerSchool, Meal Magic, Follett Destiny) to prevent the manual uploads we now process from each system

Organizations need the option brand NIM to help users know they are in the right place. Apps currently give you a level of that today but it needs to be expanded. The following elements should be considered. Change logo in the top right of AppsChange logo on login pageAbility to turn on/off "I forgot my password" link on login pageOption to change "I forgot my password" link on login page.Ability to add custom text to the login page (markdown support)Option to change label and placeholder text for field on login pageOption to change background for login page

We would like a feature-rich SQL editor to be added to NIM, particularly when working with the various Systems and Tables. It is difficult to only have the single line for each System Query's SQL Statement, necessitating the use of an external text editor to copy/paste which often loses formatting (besides the simple fact that copy and pasting back and forth is not the most efficient way to work) - it also leads to errors. It would be great to have a formal SQL editor which would not only allow multi-line view but also the ability to format, highlight, color, etc. - all of which would help us with troubleshooting problems and avoiding errors because of the difficulty we currently encounter. Having an integrated SQL editor would be extremely helpful for our workflow, and it would allow us to do so much more than we are able to at present.

Presently, the Membership tab of a role displays the Group ID, Group Display Name, and Member ID. Without a Member Display Name, this view is useless except for validating that the role has more than zero members. It would be infinitely more useful if we could see the name of the members in this view as well.

Provide support for PGP Decryption and Encryption. CSV and CSV-SFTP support to decrypt via PGPMulti-Export support to encrypt via PGP

There are times where there are issues with importing data from a system and there's currently no way to halt the import process. E.g. when an import is too taxing on a target system as it's experiencing other issues.