Using LDAP with single sign-on triggers

You have the option of using auth-check-sso type triggers when LDAP authentication is enabled. In this case, users authenticated by LDAP can define a client-side SSO script instead of being prompted for a password. If the trigger succeeds, the active LDAP configurations are used to confirm that the user exists in at least one LDAP server. The user must also pass the group authorization check if it is configured. Triggers of type auth-check-sso will not be called for users who do not authenticate against LDAP.

For information about SSO triggers, see Triggering to use external authentication. For information about group authorization, see the next section.