KB9984 - What are 'user records', what causes them to be persistent in Pulse Connect Secure cache, and how can this data be removed by the administrator?

• What is contained in a user record?
• Why are certain user records deleted 15 minutes after a user logs in and other user records remain persistent?
• If a large number of user records are stored in cache, how does this affect system performance?
• What steps can I take if when system performance is affected due to a large number of user records?

User records contain all persistent cookies, SSO information, personal bookmarks, and other resource preferences for users who authenticate to the Pulse Connect Secure device. User Records are stored within each respective PCS Authentication server instance and can be viewed from Authentication > Auth. Servers > Users tab.

When a user signs in and is authenticated by a server instance on the PCS, a new user record will automatically be created and will be added to the list of users on the corresponding authentication server's "User" tab.  The user record is stored on the backend authentication server (Active Directory, Novell, RSA, ACE, etc) and gets stored in cache on the PCS device.  If a user record is deleted, it will be created again when the user signs in again.  Local Authentication server instances are an exception, as the user accounts are stored on the PCS server rather than a corporate backend authentication server. 

The device keeps a real-time count of all User Records (stored on the device).  This can be displayed on the main dashboard page of the PCS going to System > Status > Overview  and selecting Page Settings and enabling the option for State Storage.



If the user does not have any 'persistent' data, then their user record will subsequently be deleted from the PCS, about 15 minutes after the user logs out. 

However, if any of the below criteria's are met, then the user record will remain 'persistent' and as a result, the user record will not be deleted and remain on the PCS, until forcefully deleted or until they no longer meet the criteria listed below:

• User belongs to the Local Authentication authentication server.
• User is allowed to add bookmarks for any of the access mechanisms (Web, Files, SAM, Terminal Services, Telnet/SSH).
• Persistent cookies and passwords are enabled for the user’s role.
• Single Sign-on (SSO) is enabled for this user.
• User account is quarantined.
• User is configured to be a 'Local Admin'.
• User uses the Secure Email feature.
• User has Secure Meetings scheduled.
• Enabling Show Last Login IP or Time causes all user records to be persistent.

1. Login to the admin console
2. Navigate to Authentication > Auth. Servers
3. From the list, select the corresponding authentication server where the user record exists
4. From the Show users named: search box, enter the username to delete
5. From the search results, select the checkbox next to the username
6. Click Delete