A couple days ago, I received this question from a reader:

Hey, reading your blog with interest.. just wondered, why would you want to replicate all the org hierarchies across the role mgr and identity mgr products?  Do you see the need to keep the org hierarchies in sync to be  a limitation or are there key benefits to be had ?

Paul

I didn’t respond right away because I felt that a friend of mine, who works more in depth with ORM than myself, could give a better answer. Thankfully he got back to me on it =)

Here is my friend’s, Paul Bedi, response to this question:

The integration library that integrates 10.1.4.1.1 and the 9.0.2 (I think) version of OIM allows you to replicate the following hierarchies: Reporting Organization, Cost Center, and Location.  By building out all of these hierarchies, you can create ORM objects that are applicable to a particular hierarchy (and it’s descendants) as opposed to the entire organization. In RBAC projects, customers may manage their Roles & SOD by different hierarchies for different business units – the implementation of this would be difficult if you had a single hierarchy, hence the need for multiple hierarchies. Additionally, for certification/attestation, populating multiple hierarchies will allow you slice and dice your certifications.

Now that you understand the need – the Integration Library will allow you to put OIM Users in their respective hierarchies automatically (can you imagine doing this manually!!).

Paul