Question about LDAP and SSO


i just need a clarification
im in domain environment with MS AD
as SAML idp i use fortiauthenticator who connects to AD\LDAP

so the question is: can i setup only SAML without configuring ldap on nc ?
or do i must have nc connect to LDAP for user provisioning?