How to improve performance by disabling lookups in nested groups

If you have a large organization with many groups, user searches in nested groups could lead to performance issues.

This article will explain how to disable user lookups in nested groups in the SecureAuth® Identity Platform.

Applies to

Integrated data stores in the New Experience for the following Identity Platform releases:
- Active Directory, release 21.04 or later
- AD LDS, release 23.07 or later
- LDAP, release 21.04 or later
- NetIQ eDirectory, release 21.04 or later
Integrated data stores in the Advanced Settings (formerly Classic Experience) for all Identity Platform releases
- Active Directory
- AD LDS
- LDAP
- NetIQ eDirectory (formerly Novell)

To help improve login times or prevent login timeouts, disable the data store lookups in nested groups.

For a data store integrated with the Identity Platform using the New Experience, open the data store settings.

Go to the Advanced Settings section in the data store and turn on (enable) the slider to Disable Nested Groups like the following example.

For a data store integrated with the Identity Platform using the Advanced Settings (formerly Classic Experience, go to the Data tab.

In the Group Permissions section, clear the check box for Include Nested Groups like the following example.

In this section: