Supported IdPs for SSO Authentication

This article summarizes the officially supported Identity Providers (IdPs) for Cato’s Single Sign-On (SSO) features.

Overview

Cato supports a wide range of OIDC-compatible IdPs to securely authenticate users and admins. These are the features that support SSO:

  • Remote Users – User authentication to the Cato Client
  • CMA Admins – Admin login to the Cato Management Application
  • Browser Access – Authentication flows through the Application Portal
  • Browser Extension – Authentication via browser extension (where applicable)
  • Enterprise Browser - Authentication via enterprise browser
  • Headless Authentication – Automated authentication flows without user interaction (for Linux OS)

For more about using SSO with your Cato account, see Configuring SSO and the Subdomain for the Account.

IdP Support Matrix

The table below shows which SSO authentication capabilities are supported for each Identity Provider (IdP).

Identity Provider Remote Users CMA Admins Browser Access Browser Extension Enterprise Browser Headless Auth
Azure Yes Yes Yes Yes Yes Yes
CyberArk Yes No Yes Yes Yes No
DTS Yes Yes Yes Yes Yes No
DUO Yes Yes Yes Yes Yes No
Forgerock Yes No Yes Yes Yes No
Google Yes Yes Yes Yes Yes No
Hennge Yes No Yes Yes Yes No
JumpCloud Yes No Yes No No No
Keycloak Yes Yes Yes Yes Yes No
Okta Yes Yes Yes Yes Yes Yes
OneLogin Yes Yes Yes No No No
OneWelcome Yes Yes No No No No
PingFederate Yes Yes No No No No
PingOne Yes Yes Yes Yes Yes No
SafeNet (Classic) Yes No Yes No No No
SafeNet (EU) Yes No Yes No No No

Was this article helpful?

0 out of 0 found this helpful

0 comments