You can configure the Embedded Service Provider (ESP) of Access Gateway to receive attributes when the user authenticates. LDAP traffic is reduced and performance is improved when the required LDAP attribute values are retrieved during authentication. This improvement is easily seen when you have many users and you have configured Identity Injection or Authorization policies to protect resources and these policies use LDAP attributes or Identity Server roles.
When the authentication process does not gather the LDAP attribute values, each user access can generate a new LDAP query, depending upon how the user accesses the resources and how the policies are defined. However, if the LDAP values are gathered at authentication, one LDAP query can retrieve all the needed values for the user.
On the Home page, click Identity Servers > IDP Global Settings > Attribute Sets.
On the Attributes page, click Plus icon, specify a name, then click Next.
For each attribute you need to add because it is used in a policy:
Click Plus icon.
In Local attribute, scroll to LDAP Attribute section, then select the attribute.
Click Save.
The other fields do not need to be configured.
If you use Identity Server roles in your policies, click Plus icon, select the All Roles attribute, then click Save.
Update Identity Server.