This article explains how to configure Okta as the Single Sign-On (SSO) provider for SDP users, clientless users, and Cato Management Application admins in your account.
For more about enabling SSO for the account, see Configuring SSO and the Subdomain for the Account.
After a chain of trust is established between Cato, the IdP, and your company's user directory, Cato trusts the IdP for user authentication.
Cato SSO supports these Client operating systems:
-
Windows
-
macOS
-
iOS
-
Android
-
Linux
Before you establish trust with Okta, make sure that you complete these prerequisites:
-
You must have administrator privileges to Okta
-
Okta must be synchronized with your user directory.
-
For manually created SDP users, SSO is supported for Windows v5.x, macOS v5.x, and Linux v5.x Clients
-
For iOS and Android, only users who were imported from your organization to Cato using Directory Services or SCIM provisioning are able to use SSO.
-
Add the Okta app for Cato Networks SSO, and then configure your Okta Client ID and Client secret. Then configure the Cato Management Application to use Okta as the SSO provider for your account.
For SDP Client users, when you configure the Token validity settings you define in Days or Hours the amount of time that users remain authenticated. Users that are logged in must reauthenticate when the duration you define in Days or Hours (since they last logged in) has been reached. The Always Prompt options means that users must always authenticate to the Client.
To configure Okta as the SSO provider for your account:
-
Enable the admin permissions for your Okta account, from the Okta portal menu bar click Admin.
-
From the Okta Applications window, click Add Application and search for Cato Portal.
-
Click Add.
-
In the Add Cato Portal window, select these options:
-
Do not display application icon to users
-
Do not display application icon in the Okta Mobile App
-
-
Click Done.
-
In the Assignments tab, assign the People and Groups to the application.
-
Click Assign.
-
The Sign On > Settings window, shows the Client ID and the Client secret for your Okta account.
Keep this window open, you need to copy the Client ID and Client secret to the Cato Management Application.
-
Click Save. Okta is configured as an SSO provider for your Cato account.
-
In a new tab or window, open the Cato Management Application.
-
From the navigation menu, select Access > Single Sign-On.
-
Select Enable Single Sign-On.
-
From the Identity Provider drop-down menu, select Okta.
-
From the Okta window, copy these settings and paste them in the Cato Management Application:
-
Client ID
-
Client Secret
-
-
Enter the Okta Domain prefix and suffix for your account.
-
To only allow SSO users from specific domains to access your account:
-
In the Allowed domains section, click and in the pop-up window enter a domain. For example: myportal.com.
-
To enter additional domains, click and enter the domain.
-
-
Select Allow login with Single Sign-On for one or more types of users in your account:
-
SDP Client users (set the Token validity settings)
-
Clientless SDP users
-
Cato Management Application admins
-
-
Click Save. Okta is configured as the SSO provider for your account.
0 comments
Please sign in to leave a comment.