Feedback Ideas

In Privileged Identity Management, elevated rights are typically granted on a temporary basis (e.g., 8 hours). NIM should have native functionality to support this directly. While some target systems offer time-bound permissions, a centralized approach within NIM would provide greater control and consistency. This perhaps is related to https://feedback.nimsuite.com/b/5v84550g/feature-ideas/workflows

A proposed enhancement to the product is the introduction of workflows, allowing requests to be reviewed and approved by designated reviewers before proceeding. This would be particularly beneficial in scenarios such as application access requests or provisioning processes, ensuring oversight and compliance. How Workflows Would Improve the Product Approval Mechanism – When a user submits a request (e.g., access to an application or a provisioning action), it enters a workflow where assigned reviewers must approve or reject it before execution. Role-Based Reviewers – Approval requests could be routed to specific individuals based on their roles (e.g., managers, security officers, or compliance teams). Multi-Step Approvals – Workflows could support multi-tiered approvals where different stakeholders must review a request at various stages. Audit and Compliance – Each approval or rejection would be logged, providing a clear audit trail for governance and regulatory requirements. Example Use Case A user requests access to an HR application. Instead of immediate access, the request follows this workflow: Step 1: The user's manager reviews and approves the request.Step 2: If approved, the HR department reviews and grants final approval.Step 3: Upon approval, the provisioning process assigns the necessary permissions automatically. By incorporating workflows, the product enhances security, ensures compliance, and streamlines access management while preventing unauthorized changes.

Proposed Feature Ability to (re)certify access to security/resources via manager, owner(s), users. The following would be some basic requires of the functionality Ability to categorize resourcesAbility to set/retrieve owners and reviewers for a resourceOwner/Manager based review, with confirmation tracking (view and submission)Remediation steps (Report or Automatic Remediation)Ability to create scheduled campaignsOption for failback reviewer Usage Review via NIM AppNotification via Email

Currently, Role Mining in NIM evaluates groups in a target system (e.g., Active Directory, Google Workspace) and compares them to existing roles in the Role Model. However, NIM should also support attribute-based Role Mining, allowing administrators to analyze existing permissions based on user attributes such as title, department, and company. For example, an administrator could identify all users with a common attribute (e.g., Department = Human Resources) and assess how many have a specific group or permission. This insight would then enable the administrator to automatically create a role based on the observed patterns, streamlining role definition and ensuring alignment with business structures.

Many clients want to be notified when their thresholds are hit for the source and target systems. However, the only means of notifying them is by triggering an email on the error state of a sync. There is no distinct "threshold reached" event that we can trigger on, which makes our notifications more vague than they ought to be. It would be great to have such an event that we could use to trigger an email notification.

Use Case: Define a filter that returns all Active Employees. Now, for the corresponding 'Inactive Employee AD Accounts' filter, instead of defining the inverse of all the Active conditions, just target all the relevant accounts (ie: AD, EmployeeType == Employee, etc). Add a Lookup Exclude against the 'Active Employee' filter using the EmployeeID named, with the Lookup named 'Inactive Employee Accounts'. This functionality would allow us to more quickly implement filters that have both a set of Grant and Revoke criteria that are just inverse of each other.

The ability to categorize apps in the interface would be helpful. Also, the ability for users to favorite an app so it always shows at the top would be helpful as well. E.g. local IT always does app X and rather than searching for it each time as we make new apps available it would always show up at the beginning of the available apps.

A key concept within the Role Model is implementing Segregation of Duties (SoD) or preventing Toxic Role Combinations to enhance security and compliance. This feature would ensure that conflicting roles are not assigned to the same individual, reducing the risk of fraud or misuse of privileges. Possible Implementation Approaches: Defining Conflicting Roles – Explicitly specify roles that cannot be held by the same user. Example: If your Role Model includes three roles—Employee, HR, and Payroll—you could define a rule stating that members of the HR role cannot also be assigned the Payroll role. This prevents HR employees from processing payroll, reducing the risk of internal fraud.Defining Conflicting Target Resource – Explicitly specify target resources that cannot be held by the same user. Example: In financial workflows, a system could enforce a rule that the person approving payments cannot also be responsible for issuing checks, ensuring a proper checks-and-balances system. By enforcing these restrictions, the Role Model ensures accountability and minimizes security risks associated with excessive or conflicting permissions.

Provide the ability for NIM to leverage Let's Encrypt for the HTTPS Certificate. This feature would give the administrator the ability to have automatic certificate renewal and avoid any additional costs for certificates

Provide robust reporting solution for NIM so administrators and users are better informed.

This concept builds on existing feature requests related to time-based privileged access, attribute-based role mining, and user access certification to improve how NIM connectors classify and utilize system data. https://feedback.nimsuite.com/b/5v84550g/feature-ideas/support-time-based-access-for-privileged-identity-managementhttps://feedback.nimsuite.com/b/5v84550g/feature-ideas/attribute-based-role-mininghttps://feedback.nimsuite.com/b/5v84550g/feature-ideas/certification-functionality-user-access-reviewsattestation By enabling connectors to tag specific tables based on resource types (e.g., User, Permission, Group, Licenses, Roles), organizations can: Streamline Data Identification – Easily access and categorize system data without the need for custom filtering. For example, retrieving all permissions for recertification could be done from a comprehensive list rather than requiring manual queries.Enhance Role Mining – Identify common roles across multiple systems by shared attributes, improving automation and accuracy.Improve Reporting & Governance – Track and analyze system-wide changes more effectively, such as user modifications, permission updates, or licensing adjustments. Additional tagging could also help regulate actions like password changes, account lockouts, and license assignments for better compliance and oversight. This enhancement would provide a more structured, efficient, and scalable approach to managing identity-related data across integrated systems.

Restyle the apps to be more modern and user friendly.

Provide a bulk input data via NIM App. For example, you have a CSV file you want to process to add group memberships or process some sort of action. All this done through the NIM App. Acceptable solutions could be file upload or pasting the text into a multi-line element

There are cases where a CSV or API Response to cause additional columns to be added to a system table. In cases where the header row isn't included it could be the data row that becomes the column names. (Attached Example) To solve this, NIM should implement the following Ability to lock columns for a system tableAbility to set guards much like data row guards we have today but for columns.

Create connector for Concur SAP