The questions come from that we would like to enable both LDAP and SAML for user authentication.

I found that a user needs to be defined as Frontend access type internal with a password. Then, when SAML is well defined, this user has a choice to authenticate via SSO.

Thus, the default authentication method should be set to internal

In the meanwhile, if I want to allow LDAP authentication, a user needs to be defined with explicitly defining Frontend access type LDAP.

That means if I need to allow both LDAP and SAML authentication methods for a human user, I have to create two users in Zabbix for a human user.

As I cannot create two Zabbix users with a same username (alias), I have to create two usernames for a human user to use either LDAP or SAML authentication methods.

Please correct me. Thank you very much.

Tested on another staging environment where Zabbix server / web front end are not containerized but installed directly from packages.

A user is created in a group that is explicitly defined with LDAP frontend access, while LDAP authentication is not enabled. SSO works for the user.

cyber , I thus got your point "Whatever auth method you use, it just authenticates user." Thanks very much.

In zabbix you still configure all users/groups as needed. Whatever auth method you use, it just authenticates user. All permissions are maintained inside Zabbix.