Adding Users to Your Cato Account

When users are added to your account, Cato can identify them, ensure they are authenticated (for example using SSO), and enforce policies based on their identity. You can provision users directly from your IdP using SCIM or LDAP. This ensures your IdP remains the central location for managing users and User groups. Any change to a user in your IdP is automatically synced with Cato (with SCIM provisioning this is reflected in real time, with LDAP provisioning this is reflected within 24 hours). You can also use the Cato Management Application to manually add users to your account.

After a user is added to your account, they can be assigned a license and added to policies. After you add a User to a policy, it will be enforced whether the user is located behind a site or remotely.

Cato supports provisioning users from your IdP with SCIM and LDAP as well as adding users manually.

Provisioning Users Process Flow

This process explains how users are provisioned from your IdP, and then assigned licenses and added to policies so they can securely connect to the network.

 

1. In your IdP, define the users and/or groups to be provisioned to Cato.

2. Configure automatic user sync with Cato.

   After users are synced they can be viewed from the Users Directory page and can be identified with User Awareness.

3. Assign licenses to required users

4. Apply polices to users

   Policies are enforced wherever the user connects.

Users can also be created manually by entering their name and email address. For more information about creating users manually, see Working with SDP Users.