Is it possible to block the user web access by an AD OU object (not group a membership) with the Web Gateway?I mean all of the domain users can access the internet except the users in the defined OU.
Hope you are doing well.
LDAP is the only way as far as I know which can help to achieve this requirement.
You can use any other authentication and then retrieve LDAP attributes using user name as the key using Authentication.GetUserGroups property.
e.g. NTLM -> user name is xyz -> Authentication.GetUserGroups(<AD LDAP Config>) -> list of OU objects
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center