Overview of the Cato User Portal
Admins and end-users can use the Cato User Portal to easily manage the Cato Clients. Users can:
- Change the password for the Cato Client
- Show the trusted devices which only require MFA once during the set time period
- Download the most recent version of the Cato Client
- Download the Cato Certificate
- Change their MFA settings
At the end of this article, there is a link to a PDF that you can send to endusers to help them with the User Portal.
Downloading the Cato Client and Cato Certificate
Admins and end-users can also download the Client and Cato certificate for each OS from the Client download portal. No authentication is required.
Logging In to the User Portal
Log in to the User Portal (myvpn.catonetworks.com) using one of the following authentication methods. The same password is used for the Cato Client and the User Portal.
- Cato Client account name (only lower-case letters), username, and password
- SSO with Microsoft credentials
- SSO with Okta credentials
This screenshot is an example of logging in to the User portal with account, username, and password:
Resetting the Password with Multiple Accounts
For Cato resellers and other users that have multiple SDP user accounts with the same username, use the Advanced Settings option to reset the password for a specific account.
To reset the password for a specific account:
- At the User Portal login window, click Forgot Password?.
The Email window opens.
- Enter the email for your SDP user account.
- Click Show Advanced Options.
- Enter the specific Account that you are resetting the password.
- Click Send.
The reset password email is sent to the SDP user for the specific account.
Changing the Password for the User Portal and Cato Clients
When you are logged in to the User Portal, you can change the password for the portal and the Cato Client. The same password is used for the Cato Client and the User Portal.
To change the User Portal and Cato Client password:
From the bottom of the My Devices window, click Change Password.
- Enter your Cato Client Current Password and the new Password.
- Click Save.
Working with Trusted Devices
For accounts or individual users that use Multi-Factor Authentication (MFA) for the Cato Client, the default behavior is to enter the extra authentication code each time they connect to the VPN. Admins can choose to set the time period that the MFA token is valid, during this time the user doesn't require MFA. Users select the Don't ask me again on this device/computer option on the Client to designate that device or computer as trusted.
For more about configuring the MFA settings in the Cato Management Application section, see Configuring the Authentication Policy for Cato Clients.
To configure a Client as a trusted device:
- Make sure that MFA is enabled and configured in the Cato Management Application for the entire account or specific SDP user.
- Log in to the Cato Client with the username and password.
- On the MFA screen, select Don't ask me again on this device.
- Enter the MFA code and click Sign In. After you are connected to the network, the device is trusted and MFA isn't required for the duration of the Token Validity setting.
Showing the Trusted Devices
The User Portal shows all the devices and hosts for a user that are defined as trusted devices.
To show the trusted devices for a user:
- Log in to the User Portal (myvpn.catonetworks.com).
- The My Devices window shows the trusted devices.
Downloading the Cato Clients
You can download the newest version of these Cato Clients from the User Portal:
- Linux distributions:
- Ubuntu (16, 18)
- Fedora (also RPM)
You can download the newest versions of these Clients from the respective app store:
The User Portal has links to the above Cato Clients in their respective stores.
To download the newest version of the Cato Client:
- From the User Portal, click Download Cato Client.
- Click the tab for your operating system.
- Click Download VPN Client.
Downloading the Cato Certificates
Install the Cato certificate on a device or host to define it as a root CA. This is necessary to let TLS inspection decrypt and then inspect traffic to provide the best threat protection for these endpoints.
When you install the Windows Cato Client on a host, the Cato certificate is installed automatically. For all other hosts and devices, you need to download and manually install the certificate.
You can also download the Cato certificate without logging in to the User Portal from here: https://myvpn.catonetworks.com/certificates
To download the Cato certificate:
- From the User Portal, click Download Cato Certificates.
- Click the tab for your operating system.
- Click Download Certificate.
For more about installing the certificate on the device or host, click More info.
Changing the MFA Settings
The Cato Portal lets users make changes to the MFA settings for the Cato Client and the same settings are applied to the User Portal. For accounts that are configured for VPN users to use Any Authentication Method (MFA or SMS), they can change the MFA method that they are using. For example, someone who is using SMS to receive the MFA code can choose to use an authentication app (such as Google Authenticator) instead.
Note: The View/Change 2FA Settings link is only shown for accounts that let VPN users choose any MFA option.
To change the MFA settings:
- From the bottom of the My Devices window, click View/Change 2FA Settings.
The My Account window opens.
- Click Change Settings.
- In the pop-up window, enter the Cato Client password and click Send.
The Secure your account window opens and helps you change the MFA settings
- Follow the steps in the Secure your account window to make the changes to the MFA settings.
- Click OK.
- MyVPN_UserPortal.pdf300 KB