You can use
LDAP to
authenticate end users who access applications or services through Captive
Portal and authenticate firewall or Panorama administrators who
access the web interface.
You can also
connect to an LDAP server to define policy rules based on user groups.
For details, see
Map
Users to Groups.