Restricting GlobalProtect user access rights in security rules

Hello everyone，

There is such a requirement. The customer wants to restrict the access rights of GP users in the security policy, and then the following configuration on firewall

we need to add AD domain control to the firewall, configure server profile and authentication profile. and complete the configuration of gp gateways and portals ,