Implementation Guide › Optimizing Identity Manager › Role Optimizations › How Role Evaluation Affects Performance at Login

How Role Evaluation Affects Performance at Login

When an Identity Manager user attempts to log into the User Console, the following actions occur:

1. Identity Manager prompts the user to supply credentials, such as a user name and password.
2. The user's credentials are authenticated using one of the following methods:
   • Identity Manager native authentication
   • SiteMinder authentication, if the Identity Manager implementation includes SiteMinder
3. Identity Manager evaluates every member policy for every admin role in the environment to determine which admin roles apply to the user.

   Note: This evaluation occurs only once for a given user. After the initial evaluation, Identity Manager caches the results. Identity Manager uses the cached information until a change occurs to the user or to the set of member policies, which causes Identity Manager to refresh the information in the cache.

4. The Identity Manager User Console displays the categories that the user can view based on his roles.

This process occurs for every user that logs into the User Console. If an Identity Manager environment contains a large number of roles, or inefficient member policies, role membership evaluation can significantly impact performance. In this case, the initial screen that users see when they log into the User Console may display slowly.

Note: Identity Manager does not need to evaluate member policies when a user accesses a public task to self-register or to request a forgotten password. In these cases, Identity Manager does not need a list of the user's roles because it does not display the complete User Console.