I installed patch 6 to one of my ISE servers yesterday and suddenly no one could authenticate to my network devices with TACACS.  I use RSA SecurID as an external identity source and a new setting showed up under Administration>Identity Management>External Identity Sources>RSA SecurID>{RSA Device Name}>Authentication Control.  The new checkbox is "Enable Identity Caching" and is unchecked by default after the patch is installed.  I can find no reference to this setting except for a bug fix that references 'Radius Token Identity Caching Timeout not Configurable'.  This appears under RSA identity sources and appears that it needs to be enabled to pass authorization correctly.  The ISE logs indicate the user authenticates but then fails authorization.  This option does not appear in ver 2.4 patch 5, at least not in the same place.  When checked it defaults to 120 minutes and I am wondering what this option is really doing for me, 120 minutes seems to be a long time to cache an identity.     Can anyone help me understand this new setting?