Flush the Cache

Flush the cache to remove old information from memory. When you flush the cache, each selected object is refreshed from the database the next time it is accessed.

Cache contents are refreshed every 10 minutes. Depending on cache settings, database replicated changes to cached data may take up to 10 minutes to display on all instances after a change occurs on the primary. If you do not want to wait for the automatic 10-minute refresh, you can flush the cache on each individual instance.

Before you begin

You must be an Operations Console administrator and a Super Admin.


  1. In the Operations Console, on the machine where you want to flush the cache, click Maintenance > Flush Cache.

  2. If prompted, enter your Super Admin User ID and password, and click OK.

  3. Under Flush Cache, do one of the following:

    • Select Flush all cache objects to flush all the caches, and click Flush.

    • Select Flush specific cache objects, select the specific caches that you want to flush, and click Flush.

Cached System Objects

RSA Authentication Manager saves the following system objects in the cache on each Authentication Manager instance. The data saved in the cache is specific to each primary or replica instance. For example, the instance that approves a user passcode would save information on the hardware or software token, the authentication policies that apply to that user, any user groups that include the user, the authentication agent that sent the authentication request, and so forth.

Cache Name



Administrative roles that are assigned to administrators who have actively logged on to the system.


Authentication agents that have contacted the Authentication Manager instance.


User attributes, such as the custom user attributes that an administrator defined for RADIUS or on-demand authentication.


Polices that apply to users who have authenticated, such as the token policies and risk-based authentication policies.


Information on hardware tokens, software tokens, on-demand tokencodes, and SecurID Authenticate Tokencodes that have been used to authenticate to the Authentication Manager instance.


Batch jobs, such as token import jobs, that have run on the Authentication Manager instance.


Configuration settings that are specific to each instance, such as SNMP configuration settings, and the system settings, which are defined in the Security Console, that affect the entire deployment.


Information on users who could not be found in identity sources that are linked to Authentication Manager.


Administrative information about groups:

  • Restrictions that apply to user groups, such as the security domain for the group, and the agents that each group can use for authentication,
  • Descriptive information, such as the group names.


User groups can contain multiple users and user groups. The group membership by group cache maintains information on user groups that is organized by group.


User group membership for the users that successfully authenticated, including LDAP group membership data.


Group membership data.


Identity sources that were used for authentication.


Information on SSL certificates.


RSA Authentication Manager licenses that apply to the deployment.


Information about administrators who are currently logged on.


Connection information for trusted realms that are trusted by the current Authentication Manager deployment.


Connection information for identity sources and LDAP directory servers.


Runtime conditions, such as what user interface elements are displayed in the consoles.


Roles that are used by administrators.


Security domains in the deployment.


Information on other Authentication Manager instances in the deployment.

Related Tasks

Configure the Cache