Global Protect portal Config selection criteria combination of User group/device check/custom check?

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Global Protect portal Config selection criteria combination of User group/device check/custom check?

L4 Transporter

I'm guessing others are combining these together, but is it possible to specify these together mix/match?    Specifically, We have configs without a custom check (custom checkmark box UNchecked-portal/agent/configs/config selection criteria custom checks), and that are only based on AD group. But when I turn on custom checks for a different agent config that includes both AD group and Custom Check (portal/agent/config/config selection criteria/custom checks) , the configs with only an AD group specified (and NO custom checks) don't match.  Almost like once you turn on Custom checks in one config, the portal uses that against all other agent configs regardless of if that "custom checks" box is marked or not.


This is all on the same portal.  


Cyber Elite
Cyber Elite


Are you attempting to utilize the same group in both agent configurations? 

different groups even.   It's kind of like it prioritizes the registry custom check for every agent config you have, and starts to check that first before checking your AD group. 


This actually seems to be related to using different auth profiles.   I can't replicate when using the same auth profile (simple ldap).   When getting a username back from SAML (we are sending back domain\username) it's failing to match any config -  but it only fails when I select the "custom check" to match against reg key.  If I remove that check, everything works normally.   Odd that I can cause a failure, simply by editing that box.  It's like it's changing the way that the portal looks at the username and domain?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!