HCP caches information about authenticated AD users that access any of its interfaces. The cache also includes information about the AD groups to which those users belong. As long as the applicable information is in the cache, AD-authenticated users can perform any HCP activities for which they have permission without being reauthenticated.
HCP uses the same cache to store information about all the domains included in the AD forest that HCP uses for user authentication. HCP uses this information to supply the list of allowable domains in the Domain field on the login pages for its GUI interfaces.
You can clear the AD cache at any time. You might do this, for example, if the account for an authenticated AD user is deleted from AD. In this case, because the user information is already cached, the user can continue to access HCP even though the user account is no longer valid. Clearing the cache prevents the user from continuing to access HCP with the invalid account.
You also might clear the cache if a domain is added to or removed from the AD forest. This forces an immediate update to the list of allowable domains on the HCP login pages.
You use the Active Directory page in the HCP System Management Console to clear the AD cache. To display this page, in the top-level menu of the System Management Console, select .
To clear the AD cache, on the Active Directory page:
- If support for AD is not currently enabled:
- Select Active Directory.
- Select Enable Active Directory.
- Click Clear Cache.