Feedback Ideas

Integration with Motorola Rave911

NIM currently supports only two access levels: FULL or APPS-only. It would be helpful to have an "admin light" security level for junior admins to manage existing source syncs and run existing schedules/jobs when needed, but not be able to make changes to role model, mappings, filters, or what-have-you.

Provide the option to attach files to mail templates. Perhaps we can provide the ability to specify an attachment(s) by specifying a path, filter or audit query.

There would be some potential benefit in having an Admin Dashboard when you login to the NIM Studio. Essentially providing an overall health status for the service. Here are some key items you would see System/Filters/Jobs/Scheduler StatusesLicense StatusBackup StatusConnector/Service UpdatesConfiguration RecommendationsRecent Error logs Attached is a concept of the information that could be presented

There are instances in apps where we need to call scripts/commands outside the capability of NIM. E.g. running DACLS.exe when generating a new OU in AD to configure permissions, or custom PowerShell scripts that perform actions outside the scope of NIM.

To protect NIM configuration natively, we should provide the ability to schedule automatically backups. This is beneficial when there are multiple NIM Administrators making configuration changes and often forget to back up their configuration.

Allow a temporary increase to thresholds in jobs. I have seen several customer NIM environments recently where they had adjusted the job thresholds to allow for the spike in enrollment changes at the beginning of the school year. It was set to really high number and they had forgotten to set it back to a modest number. In one instance, the customer had ALL of their employee's Google groups removed.

It's no fun getting evaluation reports every hour that show zero changes to be made. An option to only send evaluation reports when there are changes to be made in the target systems would be nice.

A key concept within the Role Model is implementing Segregation of Duties (SoD) or preventing Toxic Role Combinations to enhance security and compliance. This feature would ensure that conflicting roles are not assigned to the same individual, reducing the risk of fraud or misuse of privileges. Possible Implementation Approaches: Defining Conflicting Roles – Explicitly specify roles that cannot be held by the same user. Example: If your Role Model includes three roles—Employee, HR, and Payroll—you could define a rule stating that members of the HR role cannot also be assigned the Payroll role. This prevents HR employees from processing payroll, reducing the risk of internal fraud.Defining Conflicting Target Resource – Explicitly specify target resources that cannot be held by the same user. Example: In financial workflows, a system could enforce a rule that the person approving payments cannot also be responsible for issuing checks, ensuring a proper checks-and-balances system. By enforcing these restrictions, the Role Model ensures accountability and minimizes security risks associated with excessive or conflicting permissions.

Organizations need the option brand NIM to help users know they are in the right place. Apps currently give you a level of that today but it needs to be expanded. The following elements should be considered. Change logo in the top right of AppsChange logo on login pageAbility to turn on/off "I forgot my password" link on login pageOption to change "I forgot my password" link on login page.Ability to add custom text to the login page (markdown support)Option to change label and placeholder text for field on login pageOption to change background for login page

The ability to do an if/else would greatly simplify some processing arcs. Example: All staff gets X group, unless they fit specific parameters, in which case they get Y group. It could be done as part of the role, by adding a "does not meet" option where one role is positive, and if negative is processed differently. The situations we run into are not cut and dried enough to do a full processing filter for both situations, we always wind up with duplicates due to requirements. Our primary reason we have needed this in the past is for our licensing groups for different vendors which do not do the "best offered applied" and instead use a "first applied" model. Right now we are using SQL queries to add a field into our personnel sources.

Surprisingly, the "insert link" button is not available on the email template editor. It is available in the JODIT editor, but it is not available when creating an email template. Please add it.

Provide the ability to define characters that should not be include in the random password generator

Currently, we can upload a CSV file to create and populate a new lookup table. But in the event that we have an existing lookup table, and want to add more data to it, we have no option to bulk upload data to that existing table. It must be done by hand, or a new table (or new version of the table) must be created. It would be great to have an "import data" option for lookup tables.

Ability to read CSV from Sharepoint as a Source System.