I’m currently working on a solution that requires organizing identities within Organizational Units (OUs) internally. The desired structure is a complex, tree-like hierarchy where each element can have additional attributes. For example, I want to represent the following structure: OU=User, Branch1=Internals, Branch2=CompanyX, Branch3=DepartmentY. Each of these elements should not only be a flat string but a hierarchical attribute that includes various details such as address, manager, and description.
As a workaround, I have been creating an Ou_ID for each identity that represents the ID of a group of entitlements. This group contains the entitlement information related to the OU. However, I am wondering if there are better or more efficient solutions to achieve this type of organization and attribute management.
Has anyone else faced this challenge? What approaches or best practices would you recommend for creating complex tree-structured attributes in identities?
Hi @s_tartaglione
To better understand your requirement, can you share a few insights on where you’re trying to organize these identities?
Are you doing this on ISC, or a target system like has a directory, like Microsoft’s Active Directory? Because applications like AD or others that are LDAP compliant already organize users in this tree-like fashion without you having to implement it from scratch.
I’m not sure I follow what you mean here, so if you don’t mind, can you elaborate:
There isn’t a way to have multi-level grouping of identities at the moment. However, you can have groups of identities at one level, through governance groups. Note that the primary use case of governance groups isn’t grouping or segregating users, but as the name suggests: governance. Shared responsibilities for various governance activities.
This might not be directly useful, but you can have different types of identities through identity profiles. You can take a look. This again isn’t a multi-level grouping, but a way to distinguish types of identities.