https://live.paloaltonetworks.com/t5/general-topics/user-id-policies/m-p/321819#M82339 <P>Hi,</P><P>&nbsp;</P><P>I have a few questions regarding policies using user-id for access.</P><P>&nbsp;</P><P>When I select add, to add a source user into a policy I can start typing a name and it will give me a list of users with thoses names to add in, like a prepopulation.</P><P>Is there a limit as to how many it will display?</P><P>for example, if i type the domain first it will give me a long list of users, but its clearly not the full domain users list? is this by design? can it be changed?</P><P>&nbsp;</P><P>I'm also trying to add groups to make it alittle easier to read the rules and amalgamate single users, but it never prepopulates groups.</P><P>Even if I add ad groups manually this doesnt work, the rule denies access.</P><P>&nbsp;</P><P>The authentication profile for the LDAP query is setup as default. I have viewed a video regarding using groups for policies, my configuration looks correct, so drawing a blank with this.</P><P>&nbsp;</P><P>Kind Regards</P><P>Ian</P> Thu, 09 Apr 2020 09:27:39 GMT IanBroadway 2020-04-09T09:27:39Z https://live.paloaltonetworks.com/t5/general-topics/user-id-policies/m-p/321819#M82339 <P>Hi,</P><P>&nbsp;</P><P>I have a few questions regarding policies using user-id for access.</P><P>&nbsp;</P><P>When I select add, to add a source user into a policy I can start typing a name and it will give me a list of users with thoses names to add in, like a prepopulation.</P><P>Is there a limit as to how many it will display?</P><P>for example, if i type the domain first it will give me a long list of users, but its clearly not the full domain users list? is this by design? can it be changed?</P><P>&nbsp;</P><P>I'm also trying to add groups to make it alittle easier to read the rules and amalgamate single users, but it never prepopulates groups.</P><P>Even if I add ad groups manually this doesnt work, the rule denies access.</P><P>&nbsp;</P><P>The authentication profile for the LDAP query is setup as default. I have viewed a video regarding using groups for policies, my configuration looks correct, so drawing a blank with this.</P><P>&nbsp;</P><P>Kind Regards</P><P>Ian</P> Thu, 09 Apr 2020 09:27:39 GMT https://live.paloaltonetworks.com/t5/general-topics/user-id-policies/m-p/321819#M82339 IanBroadway 2020-04-09T09:27:39Z https://live.paloaltonetworks.com/t5/general-topics/user-id-policies/m-p/321860#M82351 <P>hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/95468">@IanBroadway</a>&nbsp;</P><P>&nbsp;</P><P>yes there's a limit to the number of items listed, this cannot be changed</P><P>&nbsp;(because if you have a million objects the firewall needs to query it's database every time you add or delete a letter to repopulate the list)</P><P>&nbsp;</P><P>for the groups: did you set up group mapping? this is a separate tab in the user identification configuration (device &gt; user identification &gt; group mapping), the authentication profile only provides authentication and a connector to the ldap for the group mapping profile</P> Thu, 09 Apr 2020 12:12:41 GMT https://live.paloaltonetworks.com/t5/general-topics/user-id-policies/m-p/321860#M82351 reaper 2020-04-09T12:12:41Z https://live.paloaltonetworks.com/t5/general-topics/user-id-policies/m-p/322000#M82382 <P>Hello,</P><P>Save your sanity and use groups. This will make it easier to add/remove users in the future and help the policies look cleaner.</P><P>&nbsp;</P><P>Regards,</P> Thu, 09 Apr 2020 21:27:43 GMT https://live.paloaltonetworks.com/t5/general-topics/user-id-policies/m-p/322000#M82382 OtakarKlier 2020-04-09T21:27:43Z https://live.paloaltonetworks.com/t5/general-topics/user-id-policies/m-p/322856#M82536 <P>Thanks all</P> Wed, 15 Apr 2020 11:27:58 GMT https://live.paloaltonetworks.com/t5/general-topics/user-id-policies/m-p/322856#M82536 IanBroadway 2020-04-15T11:27:58Z