What is the purpose of LDAP User Mapping in CyberArk?

The purpose of LDAP User Mapping in CyberArk primarily revolves around authentication and the definition of user attributes. When integrating with an LDAP (Lightweight Directory Access Protocol) directory service, CyberArk utilizes this mapping to authenticate users attempting to access the CyberArk vault.

Through LDAP User Mapping, CyberArk can retrieve essential user attributes such as usernames, group memberships, and roles from the LDAP directory. This process ensures that the access control within CyberArk is aligned with the established directory structure, enabling a seamless user experience and consistent security policies. By relying on these attributes, CyberArk can effectively manage user permissions and ensure that users are granted appropriate access based on their roles within the organization.

In contrast, defining system access for users focuses more on permissions and roles assigned after authentication, while mapping users to Vault Admins suggests a limited scope that doesn't encompass the broader functionality of user mapping within LDAP. Automatically adding new users to the system may be a feature in some implementations but isn't the primary purpose of LDAP User Mapping itself; the mapping process is concerned more with authentication and existing user attribute management.