Cato Networks Knowledge Base

Configuring Google SSO for Your Account

  • Updated

This article explains how to use configure Google to provide Single Sign-On (SSO) for your Cato account.

For more about enabling SSO for the account, see Configuring SSO and the Subdomain for the Account.

Overview of SSO with Cato

You can configure Google as an Identity Provider (IdP) to use SSO to authenticate users with the Cato Management Application and the Cato Client. The users can then use the IdP credentials to authenticate to the Cato Management Application or to the Client.

The Single-Sign On section in the Cato Management Application highlights each Client OS that supports SSO.

Note

Note: Google as an IdP doesn't support LDAP sync and User Directory features such as only syncing specific groups. All users are enabled for SSO with Google as an IdP.

Configuring Google as an SSO Provider

Configure the Cato settings for the account to use Google as the IdP for SSO. You don't need to make any changes to the settings for your Google account.

For SSO with SDP users, you must configure User Provisioning to NOT send invitation emails to new users that you create in the Cato Management Application. Otherwise, the SDP users need to use the invitation email to activate their account before they can use Google SSO.

In the SDP Client users section, use the following Token validity settings to define the amount of time the SSO token is valid for before the user needs to authenticate again:

  • Always Prompt - SSO is always required whenever the user connects.

  • Duration - Users do not require SSO for the duration you define in Days or Hours. Users that are logged in must be reauthenticated when the defined time duration expires.

Google_SSO.png

To configure Google as an SSO provider for your Cato account:

  1. From the navigation menu, select Access > Single Sign-On.

  2. From the Identity Provider drop-down menu, select Google.

  3. For SDP Client users SSO, configure these settings:

    1. Select Allow login with Single Sign-On.

    2. Configure the Token validity settings to define how often users need to authenticate.

  4. To allow SSO for Clientless SDP Users, select Allow login with Single Sign-On.

  5. To allow SSO for Cato Management Application Admins, select Allow login with Single Sign-On.

  6. In Allowed Domains, enter the hosted domain from the G Suite settings for your account. You can enter multiple domains, and separate each one with a comma.

  7. For SDP Client users SSO, disable invitation emails for new users that you create in the Cato Management Application:

    1. From the navigation menu, click Access > Directory Services.

    2. Expand the User Provisioning section.

    3. Disable this setting: Send invitations to new VPN users created in the Cato Management Application.

      UserProvisioning_Google_NoInvite.png
  8. Click Save. Google is configured as the SSO provider for your Cato account.

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.