SSSD or System Security Services daemon enables access to remote directories and authentication mecahanisms. In particular SSSD is used by FreeIPA/RedHat IDM to talk to the identity server.

Learn more about SSSD here:

In a cluster where user identity is managed by FreeIPA/IDM, the clients use SSSD to talk to the FreeIPA/IDM server(s). While testing, or even in real-life odd situations, if you need to invalidate the local cache of SSSD to relect the change that happened in the server, use the following command.

sss_cache -E

To invalidate the cache for a specific user, use

sss_cache -u user1

I believe it is good idea to purge this cache in a periodic basis during off peak hours.