Feedback Ideas

If Roles could be tagged with a Type, then when scheduled, rather than just selecting groupMembership -> target it could be groupMembership ->target to only run the specific tagged roles for that target. This could allow separation of Role concerns (e.g. Students roles not running Employee roles).

Restyle the apps to be more modern and user friendly.

Password Reset module of NIM provides a multitude of possibilities but it's prime function is Account recovery via password reset. Previously SSRPM provide a landing page for multiple options (Enroll, Reset Password, Unlock, Manage Attributes, Lookup Username) NIM should provide an option to have a landing page that can provide options for different Password Reset profiles (e.g. Reset Password, Unlock Only). This provides a simple point of entry. Expansion on this is to allow only certain hostnames to be allowed. For example if my nim host name is "nim.domain.com", I maybe want to have password reset point to "reset.domain.com". This would mean then if I go to "reset.domain.com" I would land on the dashboard page to select my option.

Provide an option to use passwords generated by an API like DinoPass https://www.dinopass.com/

Currently the only input you can have from a user during onboarding is password. We need the ability to collect other data such as personal email or mobile phone. This requires an additional function in onboarding profile.

Use Case: Define a filter that returns all Active Employees. Now, for the corresponding 'Inactive Employee AD Accounts' filter, instead of defining the inverse of all the Active conditions, just target all the relevant accounts (ie: AD, EmployeeType == Employee, etc). Add a Lookup Exclude against the 'Active Employee' filter using the EmployeeID named, with the Lookup named 'Inactive Employee Accounts'. This functionality would allow us to more quickly implement filters that have both a set of Grant and Revoke criteria that are just inverse of each other.

The ability to categorize apps in the interface would be helpful. Also, the ability for users to favorite an app so it always shows at the top would be helpful as well. E.g. local IT always does app X and rather than searching for it each time as we make new apps available it would always show up at the beginning of the available apps.

To protect NIM configuration natively, we should provide the ability to schedule automatically backups. This is beneficial when there are multiple NIM Administrators making configuration changes and often forget to back up their configuration.

A proposed enhancement to the product is the introduction of workflows, allowing requests to be reviewed and approved by designated reviewers before proceeding. This would be particularly beneficial in scenarios such as application access requests or provisioning processes, ensuring oversight and compliance. How Workflows Would Improve the Product Approval Mechanism – When a user submits a request (e.g., access to an application or a provisioning action), it enters a workflow where assigned reviewers must approve or reject it before execution. Role-Based Reviewers – Approval requests could be routed to specific individuals based on their roles (e.g., managers, security officers, or compliance teams). Multi-Step Approvals – Workflows could support multi-tiered approvals where different stakeholders must review a request at various stages. Audit and Compliance – Each approval or rejection would be logged, providing a clear audit trail for governance and regulatory requirements. Example Use Case A user requests access to an HR application. Instead of immediate access, the request follows this workflow: Step 1: The user's manager reviews and approves the request.Step 2: If approved, the HR department reviews and grants final approval.Step 3: Upon approval, the provisioning process assigns the necessary permissions automatically. By incorporating workflows, the product enhances security, ensures compliance, and streamlines access management while preventing unauthorized changes.

NIM currently supports only two access levels: FULL or APPS-only. It would be helpful to have an "admin light" security level for junior admins to manage existing source syncs and run existing schedules/jobs when needed, but not be able to make changes to role model, mappings, filters, or what-have-you.

In Privileged Identity Management, elevated rights are typically granted on a temporary basis (e.g., 8 hours). NIM should have native functionality to support this directly. While some target systems offer time-bound permissions, a centralized approach within NIM would provide greater control and consistency. This perhaps is related to https://feedback.nimsuite.com/b/5v84550g/feature-ideas/workflows

A key concept within the Role Model is implementing Segregation of Duties (SoD) or preventing Toxic Role Combinations to enhance security and compliance. This feature would ensure that conflicting roles are not assigned to the same individual, reducing the risk of fraud or misuse of privileges. Possible Implementation Approaches: Defining Conflicting Roles – Explicitly specify roles that cannot be held by the same user. Example: If your Role Model includes three roles—Employee, HR, and Payroll—you could define a rule stating that members of the HR role cannot also be assigned the Payroll role. This prevents HR employees from processing payroll, reducing the risk of internal fraud.Defining Conflicting Target Resource – Explicitly specify target resources that cannot be held by the same user. Example: In financial workflows, a system could enforce a rule that the person approving payments cannot also be responsible for issuing checks, ensuring a proper checks-and-balances system. By enforcing these restrictions, the Role Model ensures accountability and minimizes security risks associated with excessive or conflicting permissions.

Proposed Feature Ability to (re)certify access to security/resources via manager, owner(s), users. The following would be some basic requires of the functionality Ability to categorize resourcesAbility to set/retrieve owners and reviewers for a resourceOwner/Manager based review, with confirmation tracking (view and submission)Remediation steps (Report or Automatic Remediation)Ability to create scheduled campaignsOption for failback reviewer Usage Review via NIM AppNotification via Email

It's no fun getting evaluation reports every hour that show zero changes to be made. An option to only send evaluation reports when there are changes to be made in the target systems would be nice.

Some organizations want to be fully hosted in the cloud for various reasons. Providing a hosted solution for NIM could be benefical to these organizations.