-
In the LDAP IdP, create a test group (i.e., MS Active Directory group) such as SCIM-TEST on the DC servers that are synced with the CMA.
-
Sync the newly created group to the SCIM IdP (Entra ID).
-
Add the newly created group to the LDAP sync settings:
-
In the CMA, navigate to Access > Directory Services and click the LDAP tab.
-
Select User Groups, add the test group from step 1, and click Save and Close.
-
-
Add the test group from step 1 to the following policies:
-
Client Connectivity Policy
-
WAN Firewall
-
Internet Firewall
-
Always-On Policy
-
-
Create a test block rule on Internet Firewall to validate the newly created group SCIM-TEST to BLOCK traffic to google.com. Then, verify that one of the test users is blocked from Google.
-
Configure the Cato app for the SCIM IdP. For more information, see the relevant article in SCIM User Provisioning.
-
Verify that all the user and user group properties are synced from the LDAP to the SCIM IdP.
-
Assign the SCIM-TEST group to the Cato app for the SCIM IdP.
-
Perform the initial SCIM sync.
-
Ensure test users and the user group (SCIM-TEST) have been updated from LDAP to SCIM in the CMA.
-
For users, go to Access > Users > Users Directory
-
For user groups, go to Access > User Groups, and verify that SCIM-TEST contains all the migrated users
-
-
Test that the block rule (from the previous section) is still blocking traffic for a user in the SCIM-TEST group.
-
Verify that users can sign out of an SSO app or the Cato Client and then authenticate again.
0 comments
Article is closed for comments.