Reset Search
 

 

Article

KB9984 - What are 'user records', what causes them to be persistent in Pulse Connect Secure cache, and how can this data be removed by the administrator?

« Go Back

Information

 
Last Modified Date5/22/2018 4:24 PM
Synopsis
This article provides information about 'user records', what causes them to be persistent in the Connect Secure cache and how can this data be removed by the administrator.
Problem or Goal
  • What is contained in a user record?
  • Why are certain user records deleted 15 minutes after a user logs in and other user records remain persistent?
  • If a large number of user records are stored in cache, how does this affect system performance?
  • What steps can I take if when system performance is affected due to a large number of user records?
Cause

User records contain all persistent cookies, SSO information, personal bookmarks, and other resource preferences for users who authenticate to the Pulse Connect Secure device. User Records are stored within each respective PCS Authentication server instance and can be viewed from Authentication > Auth. Servers > Users tab.

When a user signs in and is authenticated by a server instance on the PCS, a new user record will automatically be created and will be added to the list of users on the corresponding authentication server's "User" tab.  The user record is stored on the backend authentication server (Active Directory, Novell, RSA, ACE, etc) and gets stored in cache on the PCS device.  If a user record is deleted, it will be created again when the user signs in again.  Local Authentication server instances are an exception, as the user accounts are stored on the PCS server rather than a corporate backend authentication server. 

The device keeps a real-time count of all User Records (stored on the device).  This can be displayed on the main dashboard page of the PCS going to System > Status > Overview  and selecting Page Settings and enabling the option for State Storage.

User-added image

If the user does not have any 'persistent' data, then their user record will subsequently be deleted from the PCS, about 15 minutes after the user logs out. 

However, if any of the below criteria's are met, then the user record will remain 'persistent' and as a result, the user record will not be deleted and remain on the PCS, until forcefully deleted or until they no longer meet the criteria listed below:

  • User belongs to the Local Authentication authentication server.
  • User is allowed to add bookmarks for any of the access mechanisms (Web, Files, SAM, Terminal Services, Telnet/SSH).
  • Persistent cookies and passwords are enabled for the user’s role.
  • Single Sign-on (SSO) is enabled for this user.
  • User account is quarantined.
  • User is configured to be a 'Local Admin'.
  • User uses the Secure Email feature.
  • User has Secure Meetings scheduled.
  • Enabling Show Last Login IP or Time causes all user records to be persistent.
Note: Last Login IP can be enabled in the PCS appliance under System > Configuration > Security > Miscellaneous.
Solution
If the administrator do not want a user record to be retained for a specific user, ensure that the User account does not meet the above criteria.

Alternatively, the administrator can use the External User Records Management feature (Maintenance > System > Options) to remove old user records from the PCS device. This feature is useful when system performance is affected due to a large number of user records.

To delete an individual user record, perform the following steps:
  1. Login to the admin console
  2. Navigate to Authentication > Auth. Servers
  3. From the list, select the corresponding authentication server where the user record exists
  4. From the Show users named: search box, enter the username to delete
  5. From the search results, select the checkbox next to the username
  6. Click Delete

It is highly recommended to consult Pulse Secure Support, prior to using this feature so the size of the cache can be verified and the cache contents can be viewed by technical support since user records only make up a portion of the overall system cache.

Note: Deleting an authentication server will also delete the user records and consequently, removes users' personal preferences, personal bookmarks, etc.
Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255