...
Restrict the creation of internal users by using a Lightweight Directory Access Protocol (LDAP) user registry. In the external registry, assign users to groups and assign groups to roles. When appropriately defined, the access policy controls which users in which roles can access which resources.
...