To reduce lookups on an external identity system, e.g., Active Directory, TPP will temporarily cache query results so that subsequent queries can be pulled from the cache instead of going back to the identity system for subsequent lookups. (@2077)
The Identity cache is enabled by default. The purpose is to minimize repeat attribute lookup from AD and LDAP, which will improve access speed and reduce the traffic on AD. By default, the cache lives for 10 minutes. 10 minutes should not be an issue as we expect the AD data to be somewhat stale.
It is possible to change the cache expiration value by setting an attribute called ‘Identity Cache Timeout’ on the Identity Root. The value is in seconds. Setting the value to 0 will disable the cache.