...
The REST API still requires logging in using local realm users, or API Tokens. API Tokens can be created for single sign-on users.
Once you enable single sign-on, you will not be able to configure or use LDAP Realms for authentication and authorization. You can still login using local users, which can be useful if there are issues with single sign-on provider.
...