# Setting up Delegated Authentication With the Installer ### Delegated Authentication At present, we support delegating the authentication of users to the following provider interfaces: * LDAP * SAML * OIDC * CAS When enabling Delegated Auth, you can still allow local users managed by Element to connect to the instance
[![Screenshot 2023-05-04 at 09.23.54.png](https://ems-docs.element.io/uploads/images/gallery/2023-05/scaled-1680-/screenshot-2023-05-04-at-09-23-54.png)](https://ems-docs.element.io/uploads/images/gallery/2023-05/screenshot-2023-05-04-at-09-23-54.png)
When `Allow Local Users Login` is `Enabled`, you can both connect to your instance using your IDP and the local database.
[![Screenshot 2023-05-04 at 14.30.04.png](https://ems-docs.element.io/uploads/images/gallery/2023-05/scaled-1680-/screenshot-2023-05-04-at-14-30-04.png)](https://ems-docs.element.io/uploads/images/gallery/2023-05/screenshot-2023-05-04-at-14-30-04.png)
Different options are offered by the installer and you can combine two or more options on the same instance like enabling SAML and OIDC delegated authentication. [Setting up Delegated Authentication with LDAP on Windows AD](https://ems-docs.element.io/books/element-on-premise-documentation/page/setting-up-delegated-authentication-with-ldap-on-windows-ad) [Setting up Delegated Authentication with OpenID on Microsoft Azure](https://ems-docs.element.io/books/element-on-premise-documentation/page/setting-up-delegated-authentication-with-openid-on-microsoft-azure) [Setting up Delegated Authentication with OpenID on Microsoft AD FS](https://ems-docs.element.io/books/element-on-premise-documentation/page/setting-up-delegated-authentication-with-openid-on-microsoft-ad-fs) [Setting up Delegated Authentication with SAML on Microsoft Azure](https://ems-docs.element.io/books/ems-knowledge-base/page/setting-up-delegated-authentication-with-saml-on-microsoft-azure) Note: We are rapidly working to expand and improve this documentation. For now, we are providing screenshots of working configurations, but in the future, we will better explain the options as well. If you do not see your provider listed below, please file a support ticket or reach out to your Element representative and we will work to get you connected and our documentation updated. ## Troubleshooting ### Redirection loop on SSO Synapse needs to have the `X-Forwarded-For` and `X-Forwarded-Proto` headers set by the reverse proxy doing the TLS termination. If you are using a Kubernetes installation with your own reverse proxy terminating TLS, please make sure that the appropriate headers are set.