Admins and SDP users can use the Cato User Portal to easily manage the Cato Clients. Users can:
-
Change the password for the Cato Client
-
Show the trusted devices which only require MFA once during the set time period
-
Download the most recent version of the Cato Client
-
Download the Cato Certificate
-
Change their MFA settings
Downloading the Cato Client and Cato Certificate
Admins and end-users can also download the Client and Cato certificate for each OS from the Client download portal. No authentication is required.
Log in to the User Portal (myvpn.catonetworks.com) with your Cato Client account name (only lower-case letters), username, and password. The same password is used for the Cato Client and the User Portal.
For Cato resellers and other users that have multiple SDP user accounts with the same username, use the Advanced Settings option to reset the password for a specific account.
To reset the password for a specific account:
-
At the User Portal login window, click Forgot Password?.
The Email window opens.
-
Enter the email for your SDP user account.
-
Click Show Advanced Options.
-
Enter the specific Account that you are resetting the password.
-
Click Send.
The reset password email is sent to the SDP user for the specific account.
When you are logged in to the User Portal, you can change the password for the portal and the Cato Client. The same password is used for the Cato Client and the User Portal.
For accounts or individual users that use Multi-Factor Authentication (MFA) for the Cato Client, the default behavior is to enter the extra authentication code each time they connect to the VPN. Admins can choose to set the time period that the MFA token is valid, during this time the user doesn't require MFA. Users select the Don't ask me again on this device/computer option on the Client to designate that device or computer as trusted.
For more about configuring the MFA settings in the Cato Management Application section, see Configuring the Authentication Policy for Cato Clients.
To configure a Client as a trusted device:
-
Make sure that MFA is enabled and configured in the Cato Management Application for the entire account or specific SDP user.
-
Log in to the Cato Client with the username and password.
-
On the MFA screen, select Don't ask me again on this device.
-
Enter the MFA code and click Sign In. After you are connected to the VPN, the device is trusted and MFA isn't required for the duration of the Token Validity setting.
The User Portal shows all the devices and hosts for a user that are defined as trusted devices.
To show the trusted devices for a user:
-
Log in to the User Portal (myvpn.catonetworks.com).
-
The My Devices window shows the trusted devices.
You can download the newest version of these Cato Clients from the User Portal:
-
Windows
-
Linux distributions:
-
Ubuntu (14, 16, 18)
-
Fedora (also RPM)
-
Debian
-
Centos
-
You can download the newest versions of these Clients from the respective app store:
-
macOS
-
iOS
-
Android
The User Portal has links to the above Cato Clients in their respective stores.
Install the Cato certificate on a device or host to define it as a root CA. This is necessary to let TLS inspection decrypt and then inspect traffic to provide the best threat protection for these endpoints.
When you install the Windows Cato Client on a host, the Cato certificate is installed automatically. For all other hosts and devices, you need to download and manually install the certificate.
You can also download the Cato certificate without logging in to the User Portal from here: https://myvpn.catonetworks.com/certificates
The Cato Portal lets users make changes to the MFA settings for the Cato Client and the same settings are applied to the User Portal. For accounts that are configured for SDP users to use Any Authentication Method (MFA or SMS), they can change the MFA method that they are using. For example, someone who is using SMS to receive the MFA code can choose to use an authentication app (such as Google Authenticator) instead.
Note
Note: The View/Change 2FA Settings link is only shown for accounts that let SDP users choose any MFA option.
To change the MFA settings:
-
From the bottom of the My Devices window, click View/Change 2FA Settings.
The My Account window opens.
-
Click Change Settings.
-
In the pop-up window, enter the Cato Client password and click Send.
The Secure your account window opens and helps you change the MFA settings
-
Follow the steps in the Secure your account window to make the changes to the MFA settings.
-
Click OK.
0 comments
Please sign in to leave a comment.