GlobalProtect Portal Config Selection Criteria Settings
User/User Group tab
Addone or more endpoint operating system (OS) to specify which endpoints receive this configuration. The portal automatically learns the OS of the endpoint and incorporates details for that OS in the client configuration. You can select
AnyOS or a specific OS (
Addthe specific users or user groups to which this configuration applies.
You must configure group mapping (
) before you can select user groups.
Group Mapping Settings
To deploy this configuration to all users, select
User/User Groupdrop-down. To deploy this configuration only to users with GlobalProtect apps in pre-logon mode, select
Machine account exists with device serial number
Configure matching criteria based on whether the endpoint serial number exists in the Active Directory. The serial number check is supported on Windows and Mac operating systems.
Select the certificate profile that the GlobalProtect portal uses to match the machine certificate sent by the GlobalProtect app. The machine certificate check is supported on Windows and Mac operating systems.
Select this option to define custom host information to match.
To check Windows endpoints for a specific registry key,
Registry Keyfor which to match. To match only the endpoints that lack the specified registry key or key value, enable the
Key does not exist or match the specified value dataoption. To match on specific values,
Value Data. To match endpoints that explicitly do not have the specified value or value data, select
To check macOS endpoints for a specific entry in the property list (plist),
Plistname. To match only the endpoints that do not have the specified plist, enable the
Plist does not existoption. To match on specific key-value pairs within the plist,
Value. To match endpoints that explicitly do not have the specified key or value, select