I have connected Ranger to external LDAP and users are synchronised form there with "User" role.
It would be a good feature to to introduce a mechanism to automatically map certain users (e.g. they are in a specific group) to "Administrator" role.
If Knox gateway and Knox SSO are enabled for Ranger then only those users can authenticate and login through Knox SSO that are in the LDAP. Ranger's local administrator user is not in LDAP therefore it cannot authenticate and log in to Ranger UI through Knox SSO.