NIM

Quick start guide

NIM is a user provisioning automation tool, designed to handle a large volume of users (75,000+) and operations. To get started, follow these steps.

Follow steps (1) - (4) to set up NIM for the first time. Subsequently, repeat steps (2) - (4) any time you connect a new system to NIM.

  1. Install NIM. NIM runs in on-premises Windows environments.

    1. Install NIM

    2. Enter a license code

    3. Configure HTTPS

    4. Strongly recommended: Read Vault

    5. Launch the NIM Studio

  2. Connect NIM to your organization's IT systems. This typically involves at least one source system (e.g., an HR system) and multiple target systems into which NIM will provision users (e.g., Active Directory, Google Workspace, etc). See Systems.

    The interfaces between NIM and your source & target systems are called Connectors. If NIM doesn't include an official connector for a certain application, you can create a custom connector. This is possible for any proprietary application which has a REST or PowerShell API. See Custom connectors.

    For each of your organization's relevant systems:

    1. Add a system

    Tip

    To test NIM with simulated HR source data, Add a File system and configure it with the HR500 test dataset.

  3. Configure a data model for each connected system. A data model is a schema which transforms the system's proprietary data into NIM's interoperable, internal format. See Data models.

    For each connected system:

    1. Configure a system's data model

  4. Configure inter-system relations. After configuring a data model for each system, you must relate the data models to one another via inter-system relations. This lets NIM read and write data across those systems. See Inter-system relations.

    For each relevant pair of systems:

    1. Create an inter-system relation

After Initial setup, NIM is ready to use. You don't necessarily need to perform every step listed here, or in this exact order. But, this is representative of NIM's general workflow and will get you started on the right foot.

  1. Define a set of SQL-like queries, called filters. The output of every filter is a sub-population of user accounts. You then feed these sub-populations into other objects like mappings and roles to set up your provisioning operations. See Filters.

    1. Create a filter

  2. Create mappings. A mapping assigns a filter's output to a user lifecycle CRUD operation in a target system. For example, "Mapping X should create a new user account in system Y for every user returned by filter Z". See Mappings.

    1. Create a mapping

      1. Optional: Create a name generator

      2. Optional: Create a password generator

  3. Create roles. A role assigns a filter's output to one or more group memberships in a target system. For example, "Role W should grant group memberships X1, X2, and X3 in system Y for every user returned by filter Z". See Roles.

    1. Create a role

  4. Combine your mappings and roles into jobs. Jobs are sets of mappings and/or roles which are executed together. See Jobs.

    When a job is executed, NIM performs a soll-ist evaluation for each included mapping and/or role. NIM evaluates the filter's output (the is) vs. the mapping or role assignment (the ought). If the is and ought are the same, nothing happens. If there is a delta, NIM performs the necessary write operations in the relevant target systems—thus synchronizing the is and ought.

    This soll-ist process is the heartbeat of NIM. Essentially, it is the culmination of all previous steps in the workflow.

    1. Create a job

  5. Schedule and run your jobs, via tasks. Tasks are sets of jobs which are executed together, typically on a scheduled (recurring) basis via cron. By creating a task for each required user provisioning operation, you progressively build toward full user provisioning automation in your organization. See Scheduler.

    1. Create a task

  6. Run event actions in response to trigger events. Event actions are automated actions that are triggered by certain events in NIM (e.g., execution of jobs). See Events.

    1. Create an event action

    2. Optional: Create an event filter

    3. Optional: Create a notification template