SSO LDAP Group refresh not working
There is no configuration to force an LDAP Group refresh for a logged-in SSO user.
Even after hours, the firewall does not notice that the user has been removed from an LDAP/AD group. The only workaround is to log out all existing users on the firewall, so the SSO kicks in again and looks up the group memberships.
Any other suggestions? Any plans to introduce an LDAP group membership interval?