Managing users and enforcing policies is a key component of an administrator's role in controlling user access and Cato implements this with a single user identity. To simplify operations for administrators and increase visibility when applying policies, there is a single user for User Awareness users and remote access with a Cato Client.
- The single user identity in the Cato Management Application (CMA) is referred to as a User
- All users in your account are shown on the Users Directory page with a clear indication of remote users that have a ZTNA license
- With the single user identity, after you add a User to a policy, it is enforced whether the user is located behind a site or remotely
- All existing user groups only include a single user identity.
-
These are the different system user groups:
- All Remote Users - policies are only enforced when working remotely. The policies are NOT enforced when the users are located at the office.
- All Users - policies are enforced whether users in this group are located at the office or working remotely.
- All Manual Users - Users created manually in the CMA (only for assigning licenses, can't use in policies)
- All SCIM Users - Users provisioned from an IdP using SCIM (only for assigning licenses, can't use in policies)
- All LDAP Users - Users provisioned from an IdP using LDAP (only for assigning licenses, can't use in policies)
For more information, see Working with User and System Groups.
In an Internet Firewall policy, you want to block access to gambling sites and apps for specific users.
- Users behind a Socket are automatically blocked when the rule is implemented.
- To include remote users in this rule, you should add the Users entity as a source.
A license is required for a user to connect to the network remotely. Licenses are assigned and managed from the Access > License Assignment page. This increases visibility for administrators as they can manage licenses from a single page.
Users must be provisioned with an email address to be assigned a license.
Also, see Defining Remote Access for Users.
Identifying Manually Created Users
You can get the identity for manually created users behind a site using the Cato Identity Agent. Users are required to authenticate once.
0 comments
Please sign in to leave a comment.