"if-needed" generally used for authentication scheme..Let's say you want authentiction for PPP services and if user is authenticated for any other services (like EXEC or so) earlier (before starting PPP), with that keyword authentication will not be "needed" during PPP..
For exa--
aaa authentication ppp default if-needed group radius local
PPP authentication (for the list default) uses methods radius then local.
The if-needed keyword automatically permits ppp for users that have
successfully authenticated using exec mode. If the EXEC facility has
authenticated the user, RADIUS authentication for PPP is not performed.
This is necessary for clients that use terminal window after dial.