NIM

Quick start guide

NIM is a user provisioning automation tool, designed to handle a large volume of users (75,000+) and operations (millions).

The best way to learn NIM is to follow along with the tutorials in The NIM workflow. Most of them use the HR500 test dataset as a simulated source system. You will also need to add at least one target system (e.g., Active Directory). We recommend using a test environment for your target.

For a conceptual understanding of NIM, the most important articles are: Soll-ist engine, Vault, Data models, Filters, and Mappings. This will give you the big picture of how NIM works.

To get started, follow these steps.

Follow steps (1) - (4) to set up NIM for the first time. Subsequently, repeat steps (2) - (4) any time you connect a new system to NIM.

  1. Install NIM. NIM runs in on-premises Windows environments.

    1. Install NIM

    2. Enter a license code

    3. Configure HTTPS

    4. Launch the NIM Studio

  2. Connect NIM to your organization's IT systems. This typically involves at least one source system (e.g., an HR system) and multiple target systems into which NIM will provision users (e.g., Active Directory, Google Workspace, etc). See Systems.

    The interfaces between NIM and your source & target systems are called Connectors. If NIM doesn't include an official connector for a certain application, you can create a custom connector. This is possible for any proprietary application which has a REST or PowerShell API. See Custom connectors.

    For each of your organization's relevant systems:

    1. Add a system

    Tip

    To test NIM with simulated HR source data, Add a CSV-File system and configure it with the HR500 test dataset.

  3. Configure a data model for each connected system. A data model is a schema which transforms the system's proprietary data into NIM's interoperable, internal format. See Data models.

    For each connected system:

    1. Configure a system's data model

  4. Configure inter-system relations. After configuring a data model for each system, you must relate the data models to one another via inter-system relations. This lets NIM read and write data across those systems. See Inter-system relations.

    For each relevant pair of systems:

    1. Create an inter-system relation

After Initial setup, NIM is ready to use. You don't necessarily need to perform every step listed here, or in this exact order. But, this is representative of NIM's general workflow and will get you started on the right foot.

  1. Define a set of SQL-like queries, called filters. The output of every filter is a sub-population of user accounts. You then feed these sub-populations into other objects like mappings and roles to set up your provisioning operations. See Filters.

    1. Create a filter

  2. Create mappings. A mapping assigns a filter's output to a user lifecycle CRUD operation in a target system. For example, "Mapping X should create a new user account in system Y for every user returned by filter Z". See Mappings.

    1. Create a mapping

      1. Optional: Create a name generator

      2. Optional: Create a password generator

  3. Create roles. A role assigns a filter's output to one or more group memberships in a target system. For example, "Role W should grant group memberships X1, X2, and X3 in system Y for every user returned by filter Z". See Roles and Role models.

    1. Create a role generator to create roles in bulk, or Create a role to create one-off roles

  4. Combine your mappings and roles into jobs. Jobs are sets of mappings and/or roles which are executed together. See Jobs.

    When a job is executed, NIM performs a soll-ist evaluation for each included mapping and/or role in the active role model. NIM evaluates the filter's output (the is) vs. the mapping or role assignment (the ought). If the is and ought are the same, nothing happens. If there is a delta, NIM performs the necessary write operations in the relevant target systems—thus synchronizing the is and ought.

    This soll-ist process is the heartbeat of NIM. Essentially, it is the culmination of all previous steps in the workflow.

    1. Create a job

  5. Schedule and run your jobs, via tasks. Tasks are sets of jobs which are executed together, typically on a scheduled (recurring) basis via cron. By creating a task for each required user provisioning operation, you progressively build toward full user provisioning automation in your organization. See Scheduler.

    1. Create a task

  6. Run event actions in response to trigger events. Event actions are automated actions that are triggered by certain events in NIM (e.g., execution of jobs). See Events.

    1. Create an event action

    2. Optional: Create an event filter

    3. Optional: Create a notification template