The system caches the following information from each of your identity providers:
- The names of users who access the system.
- The groups that each user belongs to.
As long as this information is in the system's cache, your users can perform any activities for which they have permissions, without the system needing to reconnect to the identity provider.
LDAP user information remains in the cache for four hours.
Clearing the cache
Any changes that you make on the identity provider are not reflected in the system until the information is removed from the cache. For example, if you add a user to an LDAP identity provider, that user cannot access the system for up to four hours, or until the cache is cleared. If you delete a user from an LDAP identity provider, that user will be able to access the system for up to four hours, or until the cache is cleared.
To ensure that a change is reflected immediately, use the clearCache command or API.