NIM

Quick start guide

NIM is a user provisioning automation tool, designed to handle a large volume of users (75,000+) and operations (millions).

The best way to learn NIM is to follow along with the tutorials in The NIM workflow. Most of them use the HR500 test dataset as a simulated source system. You will also need to add at least one target system (e.g., Active Directory). We recommend starting with a test environment as your target.

For a conceptual understanding of NIM, the most important articles are Vault and Filters.

Follow steps (1) - (4) to set up NIM for the first time. Subsequently, repeat steps (2) - (4) any time you connect a new system to NIM.

  1. Install NIM. NIM runs in on-premises Windows environments.

    1. Install NIM

    2. Enter a license code

    3. Configure HTTPS

  2. Connect NIM to your organization's IT Systems. This typically involves at least one source system (e.g., an HR system) and multiple target systems into which NIM will provision users (e.g., Active Directory, Google Workspace, etc).

    The interfaces between NIM and your external systems are called Connectors. If NIM doesn't include an official connector for a certain application, you can create a custom connector. This is possible for any proprietary application which has a REST or PowerShell API. See Custom connectors.

    For each of your organization's relevant systems:

    1. Add a system

    Tip

    To test NIM with simulated HR source data, Add a CSV-File system and configure it with the HR500 test dataset.

  3. Configure Data models for all connected systems. A data model is a schema which tells NIM how to interpret the data collected from that system.

    For each connected system:

    1. Configure a system's data model

  4. Configure Inter-system relations. After configuring a data model for each system, you must relate the data models to one another via inter-system relations. This lets NIM read and write data across those systems.

    For each relevant pair of systems:

    1. Create an inter-system relation

After Initial setup, NIM is ready to use. You don't need to perform every step listed here, or in this exact order. But, this will get you started on the right foot.

  1. Define a set of SQL-like queries, called Filters. The output of every filter is a subset of data from the Vault. You feed filter results into other objects like mappings and roles to set up your provisioning operations.

    1. Create a filter

  2. Create Mappings. A mapping assigns a filter's output to a resource CRUD function in a target system. Resources may include users, groups, file shares, etc. For example, "Mapping X should create a new user account in system Y for every user returned by filter Z".

    1. Create a mapping

      1. Optional: Create a name generator and/or Create a password generator to compose special fields for your mappings.

  3. Create Roles. A role assigns target accounts to target groups. The purpose of roles is to manage security (access and other privileged entitlements) in target systems in a simplified way. For example, "Role W should grant group memberships X1, X2, and X3 in system Y for every target user account returned by filter Z". Also see Role models and Role generators.

    1. Recommended: Provision groups & manage memberships

  4. Combine your mappings and roles into Jobs. Jobs are sets of mappings and/or role model operations which are executed together.

    1. Create a job

  5. Schedule and run your jobs, via Sync tasks. Tasks are sets of jobs which are executed together, typically on a scheduled (recurring) basis via cron. By creating a task for each required user provisioning operation, you progressively build toward full user provisioning automation in your organization.

    1. Create a sync task

    2. Optional: Create other types of tasks. See Scheduler.

  6. Run event actions in response to trigger Events. Event actions are automated actions that are triggered by certain events in NIM (e.g., execution of jobs). The main type of event action is Notification templates.

    1. Create an event action

      1. Optional: Create an event filter

    2. Optional: Create a notification template