Cato Networks lets you import the LDAP users from Okta directories instead of Active Directory. It requires you integrate the Cato Directory Services with Okta.
The following diagram shows the authentication flow with Okta using the LDAP interface:
To enable the Cato Directory Services with Okta LDAP you must:
- Add an LDAP Interface to your Okta account.
- Configure the Directory Services in the Cato Management Application.
Note: Okta for Directory Services is disabled by default. Please contact Cato support to enable it.
Adding the Okta LDAP Interface
The LDAP Interface is a cloud proxy that LDAP commands and translates them to Okta API calls. This provides a straightforward path to authenticate legacy LDAP apps in the cloud.
To enable the Okta LDAP Interface:
- Log in to your Okta account and go to Your Org.
- In the Admin area, go to Directory > Directory Integrations and click Add LDAP Interface
The following screenshot shows the settings of an LDAP interface:
These settings are required to complete the integration with the Cato Management Application.
Configuring the Cato Management Application and Syncing Users
To configure the Cato Directory Services to integrate with the Okta LDAP Interface:
- Go to Configuration > Global Settings > Directory Services.
- In the LDAP Authentication Connection section, add the following settings:
- Login DN: <Okta username>, <base DN of the Okta LDAP interface>. For example: firstname.lastname@example.org, dc=interface,dc=okta,dc=com
- Base DN: the Base DN of the Okta LDAP interface. For example: dc=interface,dc=okta,dc=com
- In the Domain Controllers section add the following settings:
- Host of the Okta LDAP interface. For example: interface.ldap.okta.com
- Port from of the Okta LDAP interface. If you are using SSL, use port 636 otherwise use the StartTLS port.
Note: Cato recommends that you enable the SSL and use port 636 for authentication.
4. Click OK and Save.
Your account is configured to import your LDAP users from Okta.