Local: Easy to set up. Admins can create accounts directly in VALT with no external dependencies. AD / SSO: Requires IT involvement for initial configuration (e.g., networking, mappings, certificates).

Local: Admins manage users, passwords, and groups within VALT. Great for hands-on control but becomes tedious at scale. AD / SSO: User updates are handled in external systems. Changes are centralized but require coordination with IT.

Local: Full manual control—admins can create groups and assign users directly. AD / SSO: Group membership is controlled externally. VALT reads and enforces group assignments from AD or the SSO provider.

Local: Admins can create test users easily for troubleshooting or permission checks. AD / SSO: Test accounts require setup in the external system (or can't exist without real credentials), making this harder.

Local: Not scalable. Every account must be added and maintained manually. AD / SSO: Designed to scale. Easily supports hundreds or thousands of users by syncing existing data from your org’s directory.

Local: Requires unique credentials for VALT. AD / SSO: Reuses org credentials, reducing password fatigue and support tickets.

AD / SSO: Can pull in extra user info (e.g., department, title) from the directory for reporting or automation. Local: Limited to basic user info.

Local: Admins reset passwords manually. AD / SSO: Passwords are managed externally; changes apply instantly to VALT access.

SSO: VALT creates the user account upon first login based on info provided by the Identity Provider. Admins don’t need to pre-create users.

AD / SSO: Disable access centrally by removing the user from the appropriate group—no need to log into VALT. Local: Must manually delete or deactivate the user in VALT.

Local: Independent. VALT access continues even if external systems (AD or SSO) are down. AD / SSO: VALT access depends on the availability of external authentication systems.

AD: Requires specific firewall rules and network connectivity to the LDAP server. SSO: No special network setup needed—authentication happens in the browser.

SSO: Needs SSL certificates and accurate time-syncing (NTP). These are standard in most enterprise environments.