Implementation Guide › Optimizing CA IdentityMinder › Role Optimizations › How Role Evaluation Affects Performance at Login

How Role Evaluation Affects Performance at Login

When a CA IdentityMinder user attempts to log into the User Console, the following actions occur:

1. CA IdentityMinder prompts the user to supply credentials, such as a user name and password.
2. The user's credentials are authenticated using one of the following methods:
   • CA IdentityMinder native authentication
   • SiteMinder authentication, if the CA IdentityMinder implementation includes SiteMinder
3. CA IdentityMinder evaluates every member policy for every admin role in the environment to determine which admin roles apply to the user.

   Note: This evaluation occurs only once for a given user. After the initial evaluation, CA IdentityMinder caches the results. CA IdentityMinder uses the cached information until a change occurs to the user or to the set of member policies, which causes CA IdentityMinder to refresh the information in the cache.

4. The CA IdentityMinder User Console displays the categories that the user can view based on his roles.

This process occurs for every user that logs into the User Console. If a CA IdentityMinder environment contains a large number of roles, or inefficient member policies, role membership evaluation can significantly impact performance. In this case, the initial screen that users see when they log into the User Console may display slowly.

Note: CA IdentityMinder does not need to evaluate member policies when a user accesses a public task to self-register or to request a forgotten password. In these cases, CA IdentityMinder does not need a list of the user's roles because it does not display the complete User Console.