When configuring an Active Directory (AD) in senhasegura, one of the steps involves enabling the LDAP provider option and disabling the local provider option, meaning that authentication is performed only through LDAP.
However, it is recommended to force certain users to use a specific authentication provider. The recommendation is that, even with LDAP enabled and local disabled, keep at least one or two users with “Provider by user” configured to force the use of the local provider.
This measure ensures that there is still a means of local access if AD, TACACS, OpenID, SAML, or any other configured authentication provider is unavailable. This way, administrator users will still be able to access the system in emergency situations, ensuring that senhasegura administration continues uninterrupted.