Configuring Okta SSO for Your Account

This article explains how to configure Okta as the Single Sign-On (SSO) provider for SDP users, clientless users, and Cato Management Application admins in your account.

For more about enabling SSO for the account, see Configuring SSO and the Subdomain for the Account.

Overview of SSO with Your Cato Account

After a chain of trust is established between Cato, the IdP, and your company's user directory, Cato trusts the IdP for user authentication.

Cato SSO supports these Client operating systems:

  • Windows

  • macOS

  • iOS

  • Android

  • Linux

Preparing to Configure SSO with Okta

Before you establish trust with Okta, make sure that you complete these prerequisites:

  • You must have administrator privileges to Okta

  • Okta must be synchronized with your user directory.

  • For manually created SDP users, SSO is supported for Windows v5.x, macOS v5.x, and Linux v5.x Clients

    • For iOS and Android, only users who were imported from your organization to Cato using Directory Services or SCIM provisioning are able to use SSO.

Known Limitations

  • On macOS devices, with the Token validity expires, if the device is restated, the Client does note re-authenticate silently. The SDP user needs to enter their password for the Client to re-authenticate.

Configuring Okta as the SSO Provider

Add the Okta app for Cato Networks SSO, and then configure your Okta Client ID and Client secret. Then configure the Cato Management Application to use Okta as the SSO provider for your account.

For SDP Client users, when you configure the Token validity settings you define in Days or Hours the amount of time that users remain authenticated. Users that are logged in must reauthenticate when the duration you define in Days or Hours (since they last logged in) has been reached. The Always Prompt options means that users must always authenticate to the Client.

To configure Okta as the SSO provider for your account:

  1. Enable the admin permissions for your Okta account, from the Okta portal menu bar click Admin.

  2. From the Okta Applications window, click Add Application and search for Cato Portal.

  3. Click Add.

  4. In the Add Cato Portal window, select these options:

    • Do not display application icon to users

    • Do not display application icon in the Okta Mobile App

  5. Click Done.

  6. In the Assignments tab, assign the People and Groups to the application.

  7. Click Assign.

  8. The Sign On > Settings window, shows the Client ID and the Client secret for your Okta account.


    Keep this window open, you need to copy the Client ID and Client secret to the Cato Management Application.

  9. Click Save. Okta is configured as an SSO provider for your Cato account.

  10. In a new tab or window, open the Cato Management Application.

  11. From the navigation menu, select Access > Single Sign-On.

  12. Select Enable Single Sign-On.

  13. From the Identity Provider drop-down menu, select Okta.

  14. From the Okta window, copy these settings and paste them in the Cato Management Application:

    • Client ID

    • Client Secret

  15. Enter the Okta Domain prefix and suffix for your account.

  16. Select Allow login with Single Sign-On for one or more types of users in your account:

    • SDP Client users (set the Token validity settings)

    • Clientless SDP users

    • Cato Management Application admins

  17. Click Save. Okta is configured as the SSO provider for your account.

Notes for the SDP Portal

When you log in to the SDP Portal, choose to connect with Okta and then enter your Okta credentials. After you successfully log in to Okta, you are redirected to the SDP Portal and can select an SDP application.

Was this article helpful?

1 out of 1 found this helpful


Add your comment