RSA Authentication Manager saves the following system objects in the cache on each Authentication Manager instance. The data saved in the cache is specific to each primary or replica instance. For example, the instance that approves a user passcode would save information on the hardware or software token, the authentication policies that apply to that user, any user groups that include the user, the authentication agent that sent the authentication request, and so forth.
Administrative roles that are assigned to administrators who have actively logged on to the system.
Authentication agents that have contacted the Authentication Manager instance.
User attributes, such as the custom user attributes that an administrator defined for RADIUS or on-demand authentication.
Polices that apply to users who have authenticated, such as the token policies and risk-based authentication policies.
Information on hardware tokens, software tokens, on-demand tokencodes, and RSA SecurID Authenticate Tokencodes that have been used to authenticate to the Authentication Manager instance.
Batch jobs, such as token import jobs, that have run on the Authentication Manager instance.
Configuration settings that are specific to each instance, such as SNMP configuration settings, and the system settings, which are defined in the Security Console, that affect the entire deployment.
Information on users who could not be found in identity sources that are linked to Authentication Manager.
Administrative information about groups:
Restrictions that apply to user groups, such as the security domain for the group, and the agents that each group can use for authentication,
Descriptive information, such as the group names.
User groups can contain multiple users and user groups. The group membership by group cache maintains information on user groups that is organized by group.
User group membership for the users that successfully authenticated, including LDAP group membership data.
Group membership data.
Identity sources that were used for authentication.
Information on SSL certificates.
RSA Authentication Manager licenses that apply to the deployment.
Information about administrators who are currently logged on.
Connection information for trusted realms that are trusted by the current Authentication Manager deployment.
Connection information for identity sources and LDAP directory servers.
Runtime conditions, such as what user interface elements are displayed in the consoles.
Roles that are used by administrators.
Security domains in the deployment.
Information on other Authentication Manager instances in the deployment.