Hi, thanks for your reply. I supossed that, but the strange think is that I can select my groups in security policy but not in allow list of authentication Profile. Do I need to configure LDAP profile to have user-group mappings in allow list of Authentication Profile?. It seems strange to have groups in policies without LDAP profile and need it to use groups in Authentication Profile. EDIT: Hi, I've configured LDAP server profile and install User-ID (not pan-agent) in domain controller. All seems to work fine, I can create policies with users and make the filter of groups in firewall (Device, User Identification, Group Mappings), BUT I cannot select the active directory groups in Authentication Profile. How could I filter the users of Active Directory that can login in captive portal?, at the moment I only can select my local users. Thanks Samuel
... View more