Skip to main content


Sources and targets

In some user provisioning tools, there is a strong distinction between source and target systems. Not so in NIM. There is no such thing as separate source and target systems, nor separate source and target connectors. There are only Systems, and only Connectors. Whether a system is a source or target simply depends on the current context, i.e., if it is being read from (Collection) or written to (Mappings and the Active role model).

Therefore, when this documentation refers to "source systems" or "target systems," it is only a weak distinction based on the current context.


For example, if you're provisioning users from your HR system into Active Directory, you might informally say that the HR system is your "source" system and Active Directory is your "target" system. However, in NIM, both systems are technically considered to be in a source context during collection. In comparison, Active Directory would be in a target context during mapping. (In this scenario, it is unlikely that the HR system would ever be in a target context.)

The operations available for a system in source and target contexts depends on the implementation of its underlying connector, i.e., the Data tables and mapping/role functions defined in the connector:

  • All official connectors support basic collection capabilities for source contexts, and any custom connectors you create must also support collection. Collecting data from a system (i.e., bringing it into the Vault) is the prerequisite for doing anything else with that system in NIM.

  • The target capabilities of a connector depends on the system and its resource types. For example, dedicated HR systems like BambooHR generally don't support any target capabilities, because they are meant to be read-only sources of truth.

    On the other hand, enterprise directory systems like Active Directory and Google Workspace are common targets for NIM. Thus, their connectors support mapping functions like users, groups, and any system-specific resources (e.g., OUs in Active Directory)—in addition to their source capabilities.

If an official connector is missing a resource type or other feature that you need, please reach out to Tools4ever Support.