There are two objects that can represent humans in Device42: "End Users" and "Admins".
End users are objects that represent actual people with relationships to other objects in Device42 (devices, assets, software). End users are usually linked to lifecycle events of these other objects, or when a specific end user is responsible for a system or software. These end users cannot login to Device42. They can be synced from Active Directory/LDAP.
The above shows an Asset that has been checked out to an End User.
In Device42, login is controlled via "Admin accounts". You can see your list of current admins by going to Tools>Admin & Permissions>Admins. These are either "local admins" or "LDAP/Active Directory synced accounts". Local admins are native to Device42 and they are stored in Device42's internal database. You can bring in "admin accounts" from your AD or LDAP server as well.
In the above you can see some Admins that have are "Local" and some that have been synced from Active Directory. Some are also "superusers".
After syncing from AD or creating admin accounts manually, you can then either set these accounts as "superusers" for full permissions to every licensed feature of Device42 or you can create Admin Groups (Tools>Admin & Permissions>Admin Groups) with whichever permissions sets are needed. Device42 comes with a handful of Admin Groups by default. An Admin account will be restricted to the highest level of rights given by their groups. Please note, these permissions also apply to Import/Export tool and API calls.