Adding Users to Your Cato Account

This article explains the options for how to add users to your Cato account so that they can securely connect to the network.


Note: This article provides information for Single User Identity. For more information about the Single User Identity changes, see Understanding the Single User Identity​.


When users are added to your account, Cato can identify them, ensure they are authenticated (for example using SSO), and enforce policies based on their identity. You can provision users directly from your IdP using SCIM or LDAP. This ensures your IdP remains the central location for managing users and User groups. Any change to a user in your IdP is automatically synced with Cato (with SCIM provisioning this is reflected in real time, with LDAP provisioning this is reflected within 24 hours). You can also use the Cato Management Application to manually add users to your account.

After a user is added to your account, they can be assigned a license and added to policies. After you add a User to a policy, it will be enforced whether the user is located behind a site or remotely.

Provisioning Users

Cato supports provisioning users from your IdP with SCIM and LDAP as well as adding users manually.

Provisioning Users Process Flow

This process explains how users are provisioned from your IdP, and then assigned licenses and added to policies so they can securely connect to the network.



  1. In your IdP, define the users and/or groups to be provisioned to Cato.

  2. Configure automatic user sync with Cato.

    After users are synced they can be viewed from the Users Directory page and can be identified with User Awareness.

  3. Assign licenses to required users

  4. Apply polices to users

    Policies are enforced wherever the user connects.

Provisioning Users with SCIM

These are the IdPs that are support for provisioning users with SCIM:

For more information on how to configure SCIM provisioning for each IdP, see Provisioning Users with SCIM.

Provisioning Users with LDAP

These are the IdPs that are supported for provisioning users with LDAP:

  • Azure

  • Okta

  • One Login

  • Jump Cloud

For more information on how to configure LDAP provisioning for each IdP, see Provisioning Users with LDAP.

Manually Creating User

Users can also be created manually by entering their name and email address. For more information about creating users manually, see Working with SDP Users.

Was this article helpful?


Add your comment