We recommend using
a Group Include List in
the LDAP server profile, so that you can specify which groups you
want to retrieve, instead of retrieving all group information.
Allow Panorama
to use username-to-user group mapping in security policies by completing
one of the following actions: