# Configure external authentication This menu allows you to configure the general settings for integration with external authentication sources. In order to be able to use these external authentication sources, the corresponding extensions must first be activated in the PHP configuration. There is no limit to the number of external sources configured in the application. To use the capacity of GLPI to create on the fly users present in the external sources of authentication, it is necessary to activate it in the menu Configuration > Authentication > Configuration. ![Authentication configuration menu](/files/JX5UD8VC8qDAdTPP5cAp) The LDAP directories also allow you to refuse the creation of users who do not have authorizations. Deleting a user from the directory can also lead to an action such as trashing the user, deleting his permissions or deactivating him. You also have the option to specify how to handle users that were previously deleted from the directory but are now restored. You can set the restore action to do nothing, restore the user from the trashbin, or re-enable the user. It is also at this level that the time zone of GLPI is set. ## Configure External Authentication This menu allows you to configure general settings for integration with external authentication sources. In order to use these external authentication sources, the corresponding extensions must first be enabled in the PHP configuration. There is no limit to the number of external sources configured in the application. To use GLPI's ability to create users on the fly that are present in external authentication sources, it is necessary to enable it in the `Configuration` > `Authentication` > `Configuration` menu. LDAP directories also allow you to authorize or refuse the creation of users who do not have permissions. Deleting a user from the directory can also trigger several actions: * **User**: * Do nothing * Disable * Move to trash * **Groups**: * Do nothing * Delete dynamic groups * Delete all groups * **Permissions**: * Do nothing * Delete dynamic permissions * Delete all permissions You also have the option to specify how to handle users who have been previously deleted from the directory but are now restored. You can define the restore action: * Do nothing * Restore (remove from trash) * Enable It is also at this level that GLPI's timezone is defined. The external authentication sources that can be used in GLPI are: * LDAP Directories * Email Servers * CAS Server * x509 Certificate * Delegate authentication to the web server External authentication sources that can be used inside GLPI are: * [LDAP directories](/documentation/modules/configuration/authentication/ldap.md) * [Email servers](/documentation/modules/configuration/authentication/imap.md) * [CAS server](#auth_cas) * [x509 certificate](#auth_x509) * [Delegate authentication to web server](#auth_other) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.glpi-project.org/documentation/modules/configuration/authentication/configuration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.