SugarCRM SupportKnowledge BaseUser Log In ManagementRestricting Which LDAP Users Can Log In

Restricting Which LDAP Users Can Log In


With LDAP configured with Sugar, you may have settings established that allow any user who enters their LDAP credentials to log into Sugar. This creates a new user account for each individual that logs in and can inadvertently exceed your license count or grant unintended access to sensitive data. This article covers how to ensure that only users who are explicitly created in Sugar can log in with their LDAP credentials.

Note: For instances that use SugarIdentity, LDAP is configured in SugarIdentity via the Cloud Settings console. So you will need to disable the Auto Create Users option in SugarIdentity. Please note that only some SugarCloud instances use SugarIdentity. Refer to the SugarIdentity Guide to determine if yours is configured to do so. Existing customers will be notified before their instances begin using the service.


  • You must be an administrator or have developer-level role access to make the necessary changes in Admin > Password Management.
  • You must already have LDAP authentication enabled under Admin > Password Management > LDAP Support.

Steps to Complete

  1. Log in as an administrator and go to Admin > Password Management.
  2. Scroll down to the LDAP Support section.
  3. Ensure that the Auto Create Users option is disabled. If it is not, then disable the option by removing the checkmark from the box.
    Screenshot 1 - marked
  4. Click "Save" to finalize your changes.


Once this change has been saved, only users who were specifically created within your Sugar instance will be able to log in with their LDAP credentials. For more information on LDAP configuration under Admin > Password Management, refer to the Configuring LDAP Authentication Using Active Directory article.


Last modified: 2019-06-14 23:08:14