Publishing Changes to the Identity Router and Cloud Authentication Service

When you use the Cloud Administration Console to modify configuration settings such as identity providers, identity sources, application connections, access policies, and user portal pages, the changes take effect only after you publish them to the identity routers and the Cloud Authentication Service. Publish the configuration changes when you want to apply the new settings to your deployment.

When any administrator publishes changes, all pending changes are published, regardless of which administrator modified the configuration settings. Changes are published to all identity routers and clusters in your deployment simultaneously, as well as to the Cloud Authentication Service. The banner at the top of the Cloud Administration Console changes color and displays a status message when publishing is complete.

Publish Status

While most settings in the Cloud Administration Console must be published, changes to console-specific settings, such as passwords, domains, and some types of account names and sign-in sessions, take effect immediately. The Status field at the top of the Cloud Administration Console indicates when pending changes require publishing. The following table describes the Status field values.

Status Definition
No Changes No administrators have made any changes that require publishing yet.
Changes Pending Settings modified by an administrator are not synchronized with the identity routers or Cloud Authentication Service. These changes require publishing.
Publishing Publish is in progress.
Partial Failure

Changes were successfully published to the Cloud Authentication Service, but could not be published to the identity routers.

or

Changes were successfully published to the identity routers, but could not be published to the Cloud Authentication Service.

Failure Changes failed to publish to the identity routers and the Cloud Authentication Service.

Successful

All settings are synchronized with the identity routers and Cloud Authentication Service.
Disabled Single sign-on (SSO) is enabled and the domain is not set.

When to Publish

Configuration changes require some identity router services to restart or reload. Users might experience a brief performance impact or service unavailability if they attempt to authenticate or load web pages from the identity router during publication. For this reason, SecurID recommends that you publish configuration changes during off-peak hours.

Configuring Global Service Load Balancers

Global Server Load Balancers (GSLBs) might receive service unavailable status (HTTP status code 503) for up to seven minutes. If you use GSLBs, configure them to wait for this duration before they switch to another cluster.