Feedback Ideas

Many clients want to be notified when their thresholds are hit for the source and target systems. However, the only means of notifying them is by triggering an email on the error state of a sync. There is no distinct "threshold reached" event that we can trigger on, which makes our notifications more vague than they ought to be. It would be great to have such an event that we could use to trigger an email notification.

Make it possible to user conditions in the email template We can do this in HelloID which is very useful. My example is the last name was changed for a user but not the first name. But the customer wants the names to be reflected in the email. The problem is since "givenName" wasn't updated it's not available as an argument even it's specified in the mapping So the result for "John Smith" would be "Smith" In HelloID we can do something like {​​​​​​​​​{​​​​​​​​​account.password||"No password"}​​​​​​​​​}​​​​​​​​​, wondering if have some similar logic here available. I think to expand on this we should have the following: If Null Example: If {var.event.argument.mail} is null then {var.event.input.mail} If statement Example: If {var.event.input.employeeType} == "student" && {var.event.argument.mail} != null then allow block of text with variables

When a mapping or sync fails it would be helpful to be able to include a table of error messages directly in the email body. This makes using the "Failure" option in Event Actions more useful and prevents having to manually navigate and dig through the logs to find the error.

Provide robust reporting solution for NIM so administrators and users are better improved.

Variables defined within an App are not available for use in notifications, while any other variables defined from any App Elements are available. Please allow access to the App defined variables. Use Case: Format a Date object for use in the email.

Add a column for last modified date and time of a filter, would help to quickly sort the ones that are being worked on.

Use Case: Define a filter that returns all Active Employees. Now, for the corresponding 'Inactive Employee AD Accounts' filter, instead of defining the inverse of all the Active conditions, just target all the relevant accounts (ie: AD, EmployeeType == Employee, etc). Add a Lookup Exclude against the 'Active Employee' filter using the EmployeeID named, with the Lookup named 'Inactive Employee Accounts'. This functionality would allow us to more quickly implement filters that have both a set of Grant and Revoke criteria that are just inverse of each other.

The ability to categorize apps in the interface would be helpful. Also, the ability for users to favorite an app so it always shows at the top would be helpful as well. E.g. local IT always does app X and rather than searching for it each time as we make new apps available it would always show up at the beginning of the available apps.

NIM currently supports only two access levels: FULL or APPS-only. It would be helpful to have an "admin light" security level for junior admins to manage existing source syncs and run existing schedules/jobs when needed, but not be able to make changes to role model, mappings, filters, or what-have-you.

A proposed idea within the Role Model is to provide a feature for Segregation of Duties. I picture this to work where within a Role you can define another Role that cannot be used. For example if you have a Role Model with 3 Roles (Employee, HR, Payroll). Within the HR Role you say they cannot be part of the Payroll Role. This ensures an HR Employee can't be a Payroll Employee as well. Or you use an analogy, the Person approving the funds cannot also write the checks.

To protect NIM configuration natively, we should provide the ability to schedule automatically backups. This is beneficial when there are multiple NIM Administrators making configuration changes and often forget to back up their configuration.

It's no fun getting evaluation reports every hour that show zero changes to be made. An option to only send evaluation reports when there are changes to be made in the target systems would be nice.

Some organizations want to be fully hosted in the cloud for various reasons. Providing a hosted solution for NIM could be benefical to these organizations.

There are instances in apps where we need to call scripts/commands outside the capability of NIM. E.g. running DACLS.exe when generating a new OU in AD to configure permissions, or custom PowerShell scripts that perform actions outside the scope of NIM.

I propose add on a simple attestation feature that uses information from the Role Model and system data based on its ability to work within the Role Model Ability to categorize resources Type Risk Level Excluded Ability to set owners and reviewers for a resource Owner/Manager based review, with confirmation tracking A review should provide Resource System User Status (New, Approve, Denied) Review Start Date/Time Review Completed Date/Time Reviewer Option to revoke and block access Reports Simple Overview of Reviews (Per User) Detailed view of each review (Per Resource-User) Exclude Resources Blocked Resources