Premise: I don't understand the first thing about how authentication really works.
We have our own in-house ERP application. (https://sugarclub.sugarcrm.com/engage/it-operations/b/share-your-story/posts/ah-the-possibilities)
Our ERP users are a subset of the our Sugar Users.
Our ERP uses LDAP for authentication.
Our sugar instance is set up to use LDAP for authentication.
Our ERP uses the Contacts, Accounts, Addresses etc from Sugar. So the ERP will be using SugarAPIs in the background to retrieve and sometimes upsert records.
We want our user on the in-house application to log into the in-house application AND get a Sugar API token at the same time (authenticating with their LDAP credentials and using a custom platform so they don't get kicked out of their regular Sugar session). And we want to preserve that token for the duration of their ERP session.
Any tips I can pass on to our ERP team on how to achieve this?