Assigning SDP Licenses to Users

This article explains how to assign SDP Licenses to your users so they can connect to Cato remotely, or in some scenarios be identified behind a site with User Awareness


After users are provisioned or created in your Cato account, they can be assigned a SDP license. Only users with a SDP license can connect to Cato remotely.

In addition, in these scenarios, a SDP license is required for User awareness to identify a user behind a site:

  • On a macOS device

  • On a Linux device

  • Windows users provisioned with an IdP other than Azure or On-premise Active Directory

For more information, see Using Cato Identity Agents for User Awareness.

You can assign licenses to all users or only assigned to specific users, User groups, or System groups. A user with an SDP license can connect to Cato on up to three devices.  

System groups can only be used for assigning licenses and cannot be used in policies. 

Use Case - Remote Access

A company has finance, marketing and product development teams working in its head office in New York. The company also has sales teams working remotely in 20 different states. Teams working in the head office connect to Cato through a Socket and are not assigned an SDP license. The sales teams connect to Cato through the Windows Client and are all assigned SDP licenses. The company is able to ensure that policies are enforced to all users, and so that all teams are able to securely access network resources.

Use Case - Identifying Users Provisioned with Okta

A company uses Okta as its IdP to manage the identity of over 1,000 employees. So that the company can identify, control access, and monitor the activity of their users, the company assigns SDP licenses to all users. After the license is assigned, the Cato Identity Agent identifies each user and the company can enforce relevant identity based policies.


  • A license can only be assigned to users with an email address

  • A license can only be assigned to users with a Username less than 57 characters 

Assigning SDP Licenses

You can manage assigning SDP licenses to all your users (whether they are provisioned with SCIM or LDAP, or created manually) from the License Assignment page. You can also monitor how licenses are assigned in your account, for example by viewing how many users have a SDP license.

License Assignment.png

To assign SDP licenses:

  1. From the navigation menu, click Access > License Assignment.

  2. Define how licenses are assigned in your account. The options are:

    • Assign SDP licenses to all users

    • Assign SDP licenses to a selected group

  3. If you are assigning SDP licenses to a selected group, select the users or groups from the drop down.

    Note: All manually created users are included in the All Manual Users System group. To automatically assign manually created users a SDP license, add this System group to the License Assignment table.

  4. Click Save.

Was this article helpful?

0 out of 0 found this helpful


Add your comment