This article explains how to create User Notification templates that you can apply to security policy rules to provide customized messages when access is blocked or prompted.
When traffic matches a security rule with a Block or Prompt action, users see a browser or Client notification explaining the reason for enforcement. You can create customized User Notifications that let you explain each policy enforcement rule to users at the moment access is blocked or prompted. This improves user knowledge and awareness, reduces friction during security actions, and aligns security enforcement with broader business communication goals. helping reduce confusion and support requests.
Company ABC uses the Internet Firewall to restrict access to Salesforce to a specific group of sales users. Employees outside this group occasionally attempt to access Salesforce and receive a block action. Without context, users are unsure why access is denied and often open support tickets.
The IT team creates a custom user notification template and assigns it to the Internet Firewall rule that blocks Salesforce access. The notification explains that Salesforce is restricted to approved sales users, clarifies that the block is based on company's access policy, and provides a dedicated email address to request access.
As a result, users immediately understand why access to Salesforce is blocked and how to request approval, reducing confusion and frustration. This targeted notification educates employees about the company’s access policy at the moment of enforcement, significantly lowering the number of avoidable helpdesk tickets. For the IT team, this means less time spent on repetitive access requests, more consistent policy communication, and a better overall user experience without compromising security.
The branding of the notification, including the logo, font, and color, can be customized globally across all notifications. For more information, see Customizing the Warning / Block Page Branding.
For each notification template, you can customize the text of the message and for a webpage, decide whether to include additional items.
You can decide whether to include a link to allow end users the ability to report a resource being wrongly categorized. For example, they can report that a news website is incorrectly classified as Social.
When the user clicks the link to report that a website or application has the wrong category, the Cato Management Application (CMA) generates an Event Reference ID , which can be optionally displayed to the end user. In addition, an event is generated for the admins in your account and the Cato Security team. Admins can use the Events screen to review and analyze these events with the Event Reference IDs.
The Cato Security team regularly reviews reported wrong categories and validates that the content for the category is correct. When websites or applications belong to the wrong category, the Cato Security team updates the definition of the category. We recommend that you override the default category for the domain or website.
After a few minutes, the wrong category link is no longer active. Users are able to click the link again after they refresh the webpage.
When a Warning or Block page is displayed, an event is generated. To easily find this event, you can choose to display the Event ID on the page. This enables users to provide the Event ID, which you can add to the Event Reference ID filter on the Events page. For more information, see Analyzing Events in Your Network.
Note: The reference ID is only displayed if a category for the domain can be identified.
You can configure the Warning / Block Page to be displayed in different languages. When you configure support for a language, the default text on the page is shown in the target language but this can be customized.
When you define multiple languages for the page, the browser shows the page according to its language preferences. You can choose to set a Default Language to display when the preferred browser languages aren't supported, or if the browser has no preferred language configured. For example, an admin defines Chinese, Japanese, and Italian language support, and sets Japanese as the Default Language:
- A user whose preferred browser language is Italian sees an Italian message
- A user whose preferred browser languages are Korean and Vietnamese sees the default Japanese message
You can create multiple User Notification Templates to be applied to different security policy rules to help educate users why their action has been blocked. As you customize the template, you can view a preview of the Client notification and Browser page.
Note
Note:
- Client Notifications apply to Application Control (CASB) and DLP rules
- The Block Page applies to Internet and WAN Firewall, Application Control (CASB), and DLP rules
To create User Notification Templates:
- From the navigation menu, select Account > User Notifications.
-
Click New.
-
Use an existing template, e.g. Step Up Re Authenticate
or
- Click User Notification
-
- Choose a Template Name and select the Page Type.
- Customize the notification as required. To edit the text of the Browse Page, click on the text you want to edit.
- Click Save.
Once you have created a template you can add it to specific security policy rule(s).
0 comments
Article is closed for comments.