Skip to main content

How to improve performance by disabling lookups in nested groups

If you have a large organization with many groups, user searches in nested groups could lead to performance issues.

This article will explain how to disable user lookups in nested groups in the SecureAuth® Identity Platform.

Applies to

  • Integrated data stores in the New Experience for the following Identity Platform releases:

    • Active Directory, release 21.04 or later

    • AD LDS, release 23.07 or later

    • LDAP, release 21.04 or later

    • NetIQ eDirectory, release 21.04 or later

  • Integrated data stores in the Advanced Settings (formerly Classic Experience) for all Identity Platform releases

    • Active Directory

    • AD LDS

    • LDAP

    • NetIQ eDirectory (formerly Novell)

Solution

To help improve login times or prevent login timeouts, disable the data store lookups in nested groups.

New Experience

For a data store integrated with the Identity Platform using the New Experience, open the data store settings.

Go to the Advanced Settings section in the data store and turn on (enable) the slider to Disable Nested Groups like the following example.

disable_nested_groups.png

Advanced Settings (formerly Classic Experience)

For a data store integrated with the Identity Platform using the Advanced Settings (formerly Classic Experience, go to the Data tab.

In the Group Permissions section, clear the check box for Include Nested Groups like the following example.

disable_nested_groups_classic.png