NSX DFW offers an Identity Firewall (IdFW) feature, where security policy rules can be created based on a user or a group of users, which works for both virtual and physical desktop systems. In this recipe, we will register NSX Manager to a Microsoft Active Directory and configure a DFW rule based on an AD user/group object.
Before configuring NSX IdFW, make sure you have AD user credentials with read permission for all objects in the domain tree and with read permissions for security logs when using a physical desktop.
NSX IdFW also uses the Guest Introspection VM to do user-to-IP mapping on the virtual desktop; make sure the Guest Introspection services VM's are deployed before or after configuring the security policy.