Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Known Behavior


This section lists the known behaviors and limitations in Juniper Identity Management Service Release 1.0.0.

  • To mitigate brute force attacks, Juniper Identity Management Service only accepts requests from known devices and will limit failed login attempts. To further protect against attacks, customers should implement strong security business continuity plans, limit the exploitable attack surface, and only allow trusted administrators, networks, and hosts to access Juniper Identity Management Service deployments.

  • Juniper Identity Management Service uses the event log timestamp to decide the order of events, and, therefore, you might experience unexpected side issues if your domain controllers and Active Directories are not synchronized. This is more likely to happen across domains than within domains, which typically time-synchronize with their domain controller. Juniper Identity Management Service uses UTC (GMT) internally, and the time zone should not matter, only the time synchronization. See the Windows Time Service Tools and Settings documentation for Windows Server 2016, 2012 R2, or 2008 R2.

  • If you install applications such as Juniper Identity Management Service that add a shortcut inside a folder on the Start menu, the shortcut does not work until you log out and log back in again. See the release notes for Windows Server 2016, 2012 R2, or 2008 R2 for more information regarding this issue.

  • After more than 210 groups per user for an Active Directory group filter are configured on and reported by Juniper Identity Management Service, the SRX Series device generates an error and any additional groups are dropped.

  • Health mailboxes on Microsoft Exchange servers (users with a prefix of HealthMailBox) are filtered out by default by Juniper Identity Management Service.

  • Juniper Identity Management Service creates and maintains sessions for Active Directory domain controllers as well as domain PCs. This might result in the service attempting to send PC probes to the domain controllers. To avoid this behavior, add the IP addresses of the domain controllers to an IP filter on Juniper Identity Management Service.