Hardware reference guide
GlobalProtect Administrator’s Guide 29
Set Up the GlobalProtect Infrastructure Enable Group Mapping
Enable Group Mapping
Because the agent or app running on your end-user systems requires the user to successfully authenticate before
being granted access to GlobalProtect, the identity of each GlobalProtect user is known. However, if you want
to be able to define GlobalProtect configurations and/or security policies based on group membership, the
firewall must retrieve the list of groups and the corresponding list of members from your directory server. This
is known as group mapping.
To enable this functionality, you must create an LDAP server profile that instructs the firewall how to connect
and authenticate to the directory server and how to search the directory for the user and group information.
After the firewall successfully connects to the LDAP server retrieves the group mappings, you will be able to
select groups when defining your client configurations and security policies. The firewall supports a variety of
LDAP directory servers, including Microsoft Active Directory (AD), Novell eDirectory, and Sun ONE
Directory Server.
Use the following procedure to connect to your LDAP directory to enable the firewall to retrieve user-to-group
mapping information: