User authentication caching

User authentication caching refers to storing the users' Verify credentials in Verify after their first-time successful authentication. Enable and configure the caching of user credentials to improve performance and to avoid any impact on user login during an MaaS360® release downtime.

To enable and configure user authentication caching, you must:
  1. Have administrative privileges in MaaS360.
  2. Create a user custom attribute from the MaaS360 portal.
    1. Select Directory > Attributes > Add attribute. The Manage Custom Attributes page is displayed
    2. Select Add Custom Attribute.
    3. Provide the following information:
      • Attribute Name: LAST_PASSWORD_CHANGE
      • Variable Name: LAST_PASSWORD_CHANGE
      • Attribute Type: Text
    4. Enable the SSO Sync check box.
    5. Select Add.
    6. In the Security check dialog box, specify your MaaS360 administrator password.
  3. On your Active Directory (AD) server, open the Cloud Extender Configuration Tool and enable and configure the following services:
    User Authentication

    See https://www.ibm.com/support/knowledgecenter/SS8H2S/com.ibm.mc.doc/ce_source/references/ce_ua_config_settings.htm.

    User Visibility

    Map the LAST_PASSWORD_CHANGE user custom attribute that you created, to the pwLastSet attribute that is already configured in your LDAP environment.

    See https://www.ibm.com/support/knowledgecenter/SS8H2S/com.ibm.mc.doc/ce_source/references/ce_uv_config_settings.htm.

Limitations

The user credential that is stored in Verify is only valid for 24 hours from the last time that the user authenticated.

The LAST_PASSWORD_CHANGE attribute is synced every 4 hrs from Cloud Extender to the MaaS360 portal. If the user changes password, the new password is not yet valid until the next time that Cloud Extender uploads the LAST_PASSWORD_CHANGE value in the MaaS360 portal. The user can continue to use the same old password until the next synchronization occurs.