This article explains the changes regarding unifying User Awareness users and SDP users into a single user identity.
Managing users and enforcing policies is a key component of an administrator's role in controlling user access and Cato implements this with a single user identity. To simplify operations for administrators and increase visibility when applying policies, there is a single user for User Awareness users and remote access with a Cato Client.
-
The single user identity in the Cato Management Application (CMA) is referred to as a User
-
All users in your account are shown on the Users Directory page with a clear indication of remote users that have an SDP license
-
With the single user identity, after you add a User to a policy, it is enforced whether the user is located behind a site or remotely
-
All existing user groups only include a single user identity.
-
These are the different system user groups:
-
All SDP Users - policies are only enforced when working remotely. The policies are NOT enforced when the users are located at the office.
-
All Users - policies are enforced whether users in this group are located at the office or working remotely.
-
All Manual Users - Users created manually in the CMA (only for assigning licenses, can't use in policies)
-
All SCIM Users - Users provisioned from an IdP using SCIM (only for assigning licenses, can't use in policies)
-
All LDAP Users - Users provisioned from an IdP using LDAP (only for assigning licenses, can't use in policies)
-
For more information, see Working with User and System Groups.
In an Internet Firewall policy, you want to block access to gambling sites and apps for specific users.
-
Users behind a Socket are automatically blocked when the rule is implemented.
-
To include remote users in this rule, you should add the Users entity as a source.
A license is required for a user to connect to the network remotely. Licenses are assigned and managed from the Access > License Assignment page. This increases visibility for administrators as they can manage licenses from a single page.
Users must be provisioned with an email address to be assigned a license.
You can get the identity for manually created users behind a site using the Cato Identity Agent. Users are required to authenticate once.
0 comments
Please sign in to leave a comment.