This article explains the options for how to add users to your Cato account so that they can securely connect to the network.
Note: This article provides information for Single User Identity. For more information about the Single User Identity changes, see .
When users are added to your account, Cato can identify them, ensure they are authenticated (for example using SSO), and enforce policies based on their identity. You can provision users directly from your IdP using SCIM or LDAP. This ensures your IdP remains the central location for managing users and User groups. Any change to a user in your IdP is automatically synced with Cato (with SCIM provisioning this is reflected in real time, with LDAP provisioning this is reflected within 24 hours). You can also use the Cato Management Application to manually add users to your account.
After a user is added to your account, they can be assigned a license and added to policies. After you add a User to a policy, it will be enforced whether the user is located behind a site or remotely.
Cato supports provisioning users from your IdP with SCIM and LDAP as well as adding users manually.
This process explains how users are provisioned from your IdP, and then assigned licenses and added to policies so they can securely connect to the network.
In your IdP, define the users and/or groups to be provisioned to Cato.
Configure automatic user sync with Cato.
Assign licenses to required users
Apply polices to users
Policies are enforced wherever the user connects.
These are the IdPs that are support for provisioning users with SCIM:
For more information on how to configure SCIM provisioning for each IdP, see Provisioning Users with SCIM.
These are the IdPs that are supported for provisioning users with LDAP:
For more information on how to configure LDAP provisioning for each IdP, see Provisioning Users with LDAP.
Users can also be created manually by entering their name and email address. For more information about creating users manually, see Working with SDP Users.