Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-11077: How to Reduce the Time to Update the Cloud Cache when Adding a Computer into the MFA Role

Privileged Access Service ,  

18 October,18 at 03:07 PM

When a new machine is added to the tenant role that enables MFA, the cloud cache must be updated before the role is realized for that machine.  The time that is required to update the cache is variable and can sometimes be long.  Is there a way to reduce the time required to enable MFA on a specific machine?

A technique to add computers to the MFA role in the tenant that quickens the time needed to realize the changes, is to put the computer into an AD (Active Directory) group and then add the AD group as a member of the role on the tenant.

In this example, the AD group created is named cfyC_MFA-computers.
The machine, cps-rhel2, is a member of the AD group.

User-added image

In the tenant, the AD group needs to be added as a Member of the MFA role, i.e. MFA-Computers-All
User-added image

Using the technique above, the performance of the cloud cache for the role is improved and the machine will realize the MFA-Computers-All role quicker than being added as an individual machine.  Each time a new machine is required to have MFA, add the machine to the AD group and it will automatically belong to the role on the tenant.
User-added image