This article explains how to use configure Google to provide Single Sign-On (SSO) for your Cato account.
For more about enabling SSO for the account, see Configuring SSO and the Subdomain for the Account.
You can configure Google as an Identity Provider (IdP) to use SSO to authenticate users with the Cato Management Application and the Cato Client. The users can then use the IdP credentials to authenticate to the Cato Management Application or to the Client.
The Single-Sign On section in the Cato Management Application highlights each Client OS that supports SSO.
Note
Note: Google as an IdP doesn't support LDAP sync and User Directory features such as only syncing specific groups. All users are enabled for SSO with Google as an IdP.
Configure the Cato settings for the account to use Google as the IdP for SSO. You don't need to make any changes to the settings for your Google account.
For SSO with SDP users, you must configure User Provisioning to NOT send invitation emails to new users that you create in the Cato Management Application. Otherwise, the SDP users need to use the invitation email to activate their account before they can use Google SSO.
In the SDP Client users section, use the following Token validity settings to define the amount of time the SSO token is valid for before the user needs to authenticate again:
-
Always Prompt - SSO is always required whenever the user connects.
-
Duration - Users do not require SSO for the duration you define in Days or Hours. Users that are logged in must be reauthenticated when the defined time duration expires.
To configure Google as an SSO provider for your Cato account:
-
From the navigation menu, select Access > Single Sign-On.
-
From the Identity Provider drop-down menu, select Google.
-
For SDP Client users SSO, configure these settings:
-
Select Allow login with Single Sign-On.
-
Configure the Token validity settings to define how often users need to authenticate.
-
-
To allow SSO for Clientless SDP Users, select Allow login with Single Sign-On.
-
To allow SSO for Cato Management Application Admins, select Allow login with Single Sign-On.
-
In Allowed Domains, enter the hosted domain from the G Suite settings for your account. You can enter multiple domains, and separate each one with a comma.
-
Click Save. Google is configured as the SSO provider for your Cato account.
0 comments
Please sign in to leave a comment.