Feedback Ideas

To protect NIM configuration natively, we should provide the ability to schedule automatically backups. This is beneficial when there are multiple NIM Administrators making configuration changes and often forget to back up their configuration.

A proposed enhancement to the product is the introduction of workflows, allowing requests to be reviewed and approved by designated reviewers before proceeding. This would be particularly beneficial in scenarios such as application access requests or provisioning processes, ensuring oversight and compliance. How Workflows Would Improve the Product Approval Mechanism – When a user submits a request (e.g., access to an application or a provisioning action), it enters a workflow where assigned reviewers must approve or reject it before execution. Role-Based Reviewers – Approval requests could be routed to specific individuals based on their roles (e.g., managers, security officers, or compliance teams). Multi-Step Approvals – Workflows could support multi-tiered approvals where different stakeholders must review a request at various stages. Audit and Compliance – Each approval or rejection would be logged, providing a clear audit trail for governance and regulatory requirements. Example Use Case A user requests access to an HR application. Instead of immediate access, the request follows this workflow: Step 1: The user's manager reviews and approves the request.Step 2: If approved, the HR department reviews and grants final approval.Step 3: Upon approval, the provisioning process assigns the necessary permissions automatically. By incorporating workflows, the product enhances security, ensures compliance, and streamlines access management while preventing unauthorized changes.

NIM currently supports only two access levels: FULL or APPS-only. It would be helpful to have an "admin light" security level for junior admins to manage existing source syncs and run existing schedules/jobs when needed, but not be able to make changes to role model, mappings, filters, or what-have-you.

At the moment, numeric fields only support "equals", "exists", "greater than", "not equals", "not exists", and "smaller than" operators. It would be helpful to have other operators, such as "in" so that you can pass in a list of numbers for comparison. Right now, I'm needing to create a calculated field that converts the numeric field into a string for just this purpose.

Often, I will need to modify a filter or something after examining its results in a role or a mapping. It would be nice to quickly navigate to a filter, name generator, password generator, etc. that is being used by something like a mapping or a role. For example, in the screenshot below (Taken from a mapping), having a button to quickly jump to the selected filter, name generator, or password generator would be very handy.

Within apps, we should have the ability to link an external resource. Separate action to navigate to linkThe action is available as all other actionsIn static text we will introduce the option to insert links with a specification similar to the markdown standard: text shown. In NIM, the url specification is the name of the event (https://domain.com). For the links in static text, actions can be configured. When the syntax http(s)://domain.com is used, nim will automatically create the action to navigate to that url.

Customization of views should persist. Adding, removing, pinning, and re-ordering columns sometimes persists, but usually does not. Systems > Overview: Pinning the Actions column does not persist. Removing columns does not persist. Re-ordering columns does not persist. Processing > Filters: Pinning the Actions column seemed to work temporarily... but then reverted to unpinned. Adding columns does not persist. Re-ordering columns does not persist. This continues for nearly every list view. Being able to persist view changes is basic functionality that I am baffled to discover missing.

Currently you can't leverage SMS or Email Codes for onboarding. It only allows the user to do Question/Answer for the verification. It should provide the same functionality as Password Reset where you can target SMS or Email to send a random pin code to the person.

Use Case: Define a filter that returns all Active Employees. Now, for the corresponding 'Inactive Employee AD Accounts' filter, instead of defining the inverse of all the Active conditions, just target all the relevant accounts (ie: AD, EmployeeType == Employee, etc). Add a Lookup Exclude against the 'Active Employee' filter using the EmployeeID named, with the Lookup named 'Inactive Employee Accounts'. This functionality would allow us to more quickly implement filters that have both a set of Grant and Revoke criteria that are just inverse of each other.

The ability to categorize apps in the interface would be helpful. Also, the ability for users to favorite an app so it always shows at the top would be helpful as well. E.g. local IT always does app X and rather than searching for it each time as we make new apps available it would always show up at the beginning of the available apps.

In Privileged Identity Management, elevated rights are typically granted on a temporary basis (e.g., 8 hours). NIM should have native functionality to support this directly. While some target systems offer time-bound permissions, a centralized approach within NIM would provide greater control and consistency. This perhaps is related to https://feedback.nimsuite.com/b/5v84550g/feature-ideas/workflows

A key concept within the Role Model is implementing Segregation of Duties (SoD) or preventing Toxic Role Combinations to enhance security and compliance. This feature would ensure that conflicting roles are not assigned to the same individual, reducing the risk of fraud or misuse of privileges. Possible Implementation Approaches: Defining Conflicting Roles – Explicitly specify roles that cannot be held by the same user. Example: If your Role Model includes three roles—Employee, HR, and Payroll—you could define a rule stating that members of the HR role cannot also be assigned the Payroll role. This prevents HR employees from processing payroll, reducing the risk of internal fraud.Defining Conflicting Target Resource – Explicitly specify target resources that cannot be held by the same user. Example: In financial workflows, a system could enforce a rule that the person approving payments cannot also be responsible for issuing checks, ensuring a proper checks-and-balances system. By enforcing these restrictions, the Role Model ensures accountability and minimizes security risks associated with excessive or conflicting permissions.

Proposed Feature Ability to (re)certify access to security/resources via manager, owner(s), users. The following would be some basic requires of the functionality Ability to categorize resourcesAbility to set/retrieve owners and reviewers for a resourceOwner/Manager based review, with confirmation tracking (view and submission)Remediation steps (Report or Automatic Remediation)Ability to create scheduled campaignsOption for failback reviewer Usage Review via NIM AppNotification via Email

It's no fun getting evaluation reports every hour that show zero changes to be made. An option to only send evaluation reports when there are changes to be made in the target systems would be nice.

Some organizations want to be fully hosted in the cloud for various reasons. Providing a hosted solution for NIM could be benefical to these organizations.