Printer Friendly Page

4.3 User-Groups


This activity results in the population of User-ID groups within the Palo Alto Networks Platform to be utilized in security policies. This activity provides the client the ability to further control security access of key infrastructure and applications. User-Groups can add an additional control to SSL decryption and URL Policies.  Tasks include:

  • Group Mapping – Collect User-Group information from the LDAP or equivalent server
  • Apply User-group information in the creation of security, SSL, and URL policies per HLD/TDD
  • Post-Deployment activities - Check Unknown User logs, assist with operationalization and maintenance documentation



  • User-Group specific addendum to the As-Built document
  • Completed User-ID Enforcement Checklist


Consultant Collateral: 

  • User ID Deployment Best Practice
  • User-ID Enforcement Checklist (Template)
Ask Questions Get Answers Join the Live Community
Version history
Revision #:
3 of 3
Last update:
‎07-02-2020 11:21 AM
Updated by: