Configuring Google SSO for Your Account

This article explains how to use configure Google to provide Single Sign-On (SSO) for your Cato account.

For more about enabling SSO for the account, see Configuring SSO and the Subdomain for the Account.

Overview of SSO with Cato

You can configure Google as an Identity Provider (IdP) to use SSO to authenticate users with the Cato Management Application and the Cato Client. The users can then use the IdP credentials to authenticate to the Cato Management Application or to the Client.

The Single-Sign On section in the Cato Management Application highlights each Client OS that supports SSO.


Note: Google as an IdP doesn't support LDAP sync and User Directory features such as only syncing specific groups. All users are enabled for SSO with Google as an IdP.


Known Limitations

  • Because of a Google limitation, SSO does not support the Always-prompt option

Configuring Google as an SSO Provider

Configure the Cato settings for the account to use Google as the IdP for SSO. You don't need to make any changes to the settings for your Google account.

For SSO with SDP users, you must configure User Provisioning to NOT send invitation emails to new users that you create in the Cato Management Application. Otherwise, the SDP users need to use the invitation email to activate their account before they can use Google SSO.

In the SDP Client users section, use the following Token validity settings to define the amount of time the SSO token is valid for before the user needs to authenticate again:

  • Always Prompt - Due to a Google limitation, this is not supported

  • Duration - Users do not require SSO for the duration you define in Days or Hours. Users that are logged in must be reauthenticated when the defined time duration expires.

To configure Google as an SSO provider for your Cato account:

  1. From the navigation menu, select Access > Single Sign-On.

  2. From the Identity Provider drop-down menu, select Google.

  3. For SDP Client users SSO, configure these settings:

    1. Select Allow login with Single Sign-On.

    2. Configure the Token validity settings to define how often users need to authenticate.

  4. To allow SSO for Clientless SDP Users, select Allow login with Single Sign-On.

  5. To allow SSO for Cato Management Application Admins, select Allow login with Single Sign-On.

  6. Click Save. Google is configured as the SSO provider for your Cato account.

Was this article helpful?

1 out of 1 found this helpful


Add your comment