Hi Raphael,

LDAP as an authentication method does not allow for SSO. However, it allows your costumers to use the password from LDAP to authenticate. Further you need the account data of the customer which may also me synced from the same LDAP. Please refer to the defaults config to obtain an overview: https://github.com/RotherOSS/otobo/blob/rel-11_0/Kernel/Config/Defaults.pm

Best regards,
Arnold

Absolutly. You need an SSO service that speaks OIDC or Kerberos. What SSO solution are currently employing?

Authentication succeeded, but no customer record is found in the customer backend. Please contact the administrator.

Ah! That is actually more helpful than you realize. You can authenticate successfully. That means that OTOBO can verify the provided username and password on login. Now you are missing a user record in OTOBO that represents that user. I assume you would like the same data (from LDAP). So I suggest you sync that data from LDAP aswell. Configure this to setup LDAP as a backend for your customer user data: https://github.com/RotherOSS/otobo/blob/rel-11_0/Kernel/Config/Defaults.pm#L1744-L1819

Good look,
Arnold

 Thank you, I can connect with LDAP, but is there an automatic link?
For example, if a user submits a ticket by email, will it automatically be sent to customer.pl?

If the ticket is created by email and the email address belongs to customer user (you can check that from the admin panel) the customer user is assigned automatically by OTOBO and is visible for the user in the customer portal.

And is it possible to ensure that each manager in each department has access to their department’s tickets, but that other users only see their own tickets?

That certainly is possible, however configuration is a tiny bit daunting. You need to create a customer in OTOBO for each department. The customer id has to be reflected in LDAP. Customer users should be assigned to customers by LDAP mapping like this: https://github.com/RotherOSS/otobo/blob/rel-11_0/Kernel/Config/Defaults.pm#L1806

Now, we want to limit CompanyTicketAccess (enabled by default) limit the access to a customer user group.
Create a group like „Management“ and assign the managers to this group: https://doc.otobo.de/manual/admin/11.0/en/content/administration-area/users-groups-roles/customer-users-groups.html. Now, navigate to Admin -> System Settings -> CustomerFrontend::Navigation###CustomerTicketOverview###002-Ticket and set the visibility to the management group.

A tip: It might help to activate the System Setting SwitchToCustomer to test the configuration with the users like they appear in the directory service.