Authenticating VPN Users with Corporate Identity


This article details the User-workflow required to connect to the Cato Cloud using a Corporate Identity provider.


This article applies to Client SDP (VPN) users attempting to authenticate to a corporate network using Single Sign-On (SSO) providers. For more information regarding configuring SSO providers, please view this article

The Authentication Process

The following steps detail the process and steps experienced by an end-user attempting to connect to the Cato Cloud using Microsoft as the SSO provider. The process is similar for Google, OneLogin and Okta.


1. The user opens the Cato Client desktop application and clicks on the Use Corporate Identity button:




2. A web browser will open on the user machine, and you will be presented with the option of selecting which SSO provider is relevant for your account.

In this example scenario, we will be clicking Sign In with Microsoft to start the authentication process.


3. After clicking on the SSO provider of choice, you will be directed to a webpage where you are asked to enter your Microsoft login.

Note: This step will be required once at the initial login. This step will be required again if your token expires, or if your account has the 'Always Prompt' rule enabled.


4. The Microsoft authentication workflow would begin, and you will be prompted to enter the password associated with your Active Directory account:


5. If you have multi-factor authentication configured on your Azure account, you will be presented with the following screen to enter your one-time-passcode or multi-factor token:


6. Once the Microsoft authentication verification has completed, you will be presented with the following screen confirming that the connection was successful. You can now close your browser:


Was this article helpful?


Add your comment