Sources and targets

In some user provisioning tools, there is a strong distinction between source and target systems. Not so in NIM. There is no such thing as separate source and target systems, nor separate source and target connectors. There are only Systems, and only Connectors. Whether a system is a source or target simply depends on the current context, i.e., if it is being read from (Collection) or written to (Mappings and Roles).

Therefore, when this documentation refers to "source systems" or "target systems," it is only a weak distinction based on the current context.


For example, if you're provisioning users from your HR system into Active Directory, you could loosely say that the HR system is your "source" system and Active Directory is your "target" system. However, in NIM, both systems are technically considered to be in a source context during collection. Active Directory would be in a target context during mapping. (In this scenario, it is unlikely that the HR system would ever be in a target context.)

The operations available for a system in source and target contexts depends on the implementation of its underlying connector, i.e., the Data tables and mapping/role functions defined in them:

  • All connectors support baseline collection capabilities for source contexts. All official connectors support data collection out of the box, and any custom connectors you create, must support it. Collecting data from a system (i.e., bringing it into the Vault) is the prerequisite for doing anything else with that system in NIM.

  • The target capabilities of a connector depends on the system and its resource types. For example, HR systems generally don't support any target capabilities, because they are meant to be read-only sources of truth. These systems aren't meant to be used in target contexts in NIM, and so their connectors don't support any target capabilities.

    On the other hand, enterprise directory systems like Active Directory and Google Workspace are common targets for NIM. Thus, their connectors support mapping functions like users, groups, and any system-specific resources (e.g., OUs in Active Directory)—in addition to their source capabilities.

If an official connector is missing a resource type or other feature that you need, contact Tools4ever.