Assigning ZTNA Licenses to Users

This article explains how to assign ZTNA Licenses to your users so they can connect to Cato remotely, or in some scenarios be identified behind a site with User Awareness.

Note

Note: SDP licenses have been renamed to ZTNA licenses.

Overview

After users are provisioned or created in your Cato account, they can be assigned a ZTNA license. Only users with a ZTNA license can connect to Cato remotely.

In addition, in these scenarios, a ZTNA license is required for User awareness to identify a user behind a site:

  • On a macOS device

  • On a Linux device

  • Users provisioned with an IdP other than Azure

For more information, see Using Cato Identity Agents for User Awareness.

You can assign licenses to all users or only to specific users, User groups, or System groups. System groups can only be used for assigning licenses and cannot be used in policies.

Each user with a ZTNA license can connect to Cato on up to three devices at the same time.

Use Case - Remote Access

A company has finance, marketing, and product development teams working in its head office in New York. The company also has sales teams working remotely in 20 different states. Teams working in the head office connect to Cato through a Socket and are not assigned a ZTNA license. The sales teams connect to Cato through the Windows Client and are all assigned ZTNA licenses. The company is able to ensure that policies are enforced to all users, and so that all teams are able to securely access network resources.

Use Case - Identifying Users Provisioned with Okta

A company uses Okta as its IdP to manage the identity of over 1,000 employees. So that the company can identify, control access, and monitor the activity of its users, the company assigns ZTNA licenses to all users. After the license is assigned, the Cato Identity Agent identifies each user and the company can enforce relevant identity-based policies.

Prerequisites

  • A license can only be assigned to users with an email address

  • A license can only be assigned to users with Usernames smaller than 57 characters

Assigning ZTNA Licenses

You can manage assigning ZTNA licenses to all your users (whether they are provisioned with SCIM or LDAP, or created manually) from the License Assignment page. You can also monitor how licenses are assigned in your account, for example by viewing how many users have a ZTNA license.

License_Assignment.jpg

To assign ZTNA licenses:

  1. From the navigation menu, click Access > License Assignment.

  2. Define how licenses are assigned to your account. The options are:

    • Assign SDP licenses to all users

    • Assign SDP licenses to a selected group

  3. If you are assigning ZTNA licenses to a selected group, select the users or groups from the drop-down.

    Note: All manually created users are included in the All Manual Users System group. To automatically assign manually created users a ZTNA license, add this System group to the License Assignment table.

  4. Click Save.

Was this article helpful?

2 out of 2 found this helpful

0 comments