I have a portal and 3 gateways setup working with LDAP and active directory. It is setup to use user-logon with Single Sign On. All this works without issue. What I am having issues with is I have my firewalls intergrated with LDAP and Active directory groups, I use these groups for policy rules. What I am seeing, is that the Global Protect user will sometimes show only userid in the traffic logs, and not domain\userid, at some point it will switch to using domain\userid. This is causing me issues. Any thoughts?