The following chapters will explain the differences between users and agents and why the differentiation is important.
As a simplified description:
Users from any directory source need to be authenticated within a (synced) user directory in order to be recognized within LUCS.
Then those users need to be authorized to access various functions within LUCS (e.g. Reporting, Frontend, Configuration). Also see → Role Based Access - RBAC which determines access rights.
These rights are separated by Organization Units to further distinguish the user's individual access per divison / team.