Skip to main content

NIM

The NIM workflow

Abstract

The NIM workflow involves connecting NIM to IT systems using connectors, configuring data models and inter-system relations, defining SQL-like filters, and creating mappings and roles for user provisioning. Jobs combine mappings and roles, executed via scheduled sync tasks. Trigger events automate actions with notification templates. NIM Apps allow end users to perform helpdesk tasks, and the workflow supports comprehensive user onboarding.

The below sequence is a typical workflow in NIM. We'll cover all these steps in the tutorials.

  1. Connect NIM to your organization's IT Systems. This typically involves at least one source system (e.g., an HR system) and multiple target systems into which NIM will provision users (e.g., Active Directory, Google Workspace, etc). The adapters that link NIM to your external systems are called Connectors. If NIM doesn't include an official connector for a certain system, you can create a custom connector. This is possible for any proprietary application which has a REST or PowerShell API. See Custom connectors.

  2. Configure Data models for all connected systems. A data model is a schema that tells NIM how to interpret the data collected from that system.

  3. Configure Inter-system relations. After configuring a data model for each system, you must relate the data models to one another via inter-system relations. This lets NIM read and write data across those systems.

  4. Define a set of SQL-like queries, called Filters. The output of every filter is a subset of data from the Vault. You feed filter results into other objects like mappings and roles to set up your provisioning operations.

  5. Create Mappings. A mapping assigns a filter's output to a resource CRUD function in a target system. Resources may include users, groups, file shares, etc. For example, "Mapping X should create a new user account in system Y for every user returned by filter Z". You may also need to compose special fields for your mappings with Name generators and Password generators.

  6. Create Roles. A role assigns target accounts to target groups. The purpose of roles is to manage security (access and other privileged entitlements) in target systems in a simplified way. For example, "Role W should grant group memberships X1, X2, and X3 in system Y for every target user account returned by filter Z". Roles are assigned using Role models and Role generators.

  7. Combine your mappings and roles into Jobs. Jobs are sets of mappings and/or role model operations which are batched together.

  8. Schedule and run your jobs, via Sync tasks. Tasks are sets of jobs which are executed together, typically on a scheduled (recurring) basis via cron. In this way, you can progressively build toward full user provisioning automation in your organization.

  9. Run event actions in response to trigger Events. Event actions are automated actions that are triggered by certain events in NIM (e.g., execution of jobs). The main type of event action is Notification templates.

  10. Build Apps for your end users. NIM Apps are fully customizable web forms that let you delegate traditional helpdesk tasks to users within your organization (e.g., create accounts, enable/disable accounts, update account attributes, password reset, modify group memberships, etc).

  11. Set up Onboarding.

Next: Provisioning tutorial