Configuring Authentication Settings for Administrators

This article discusses how to configure different authentication settings for Cato Management Application administrators.

Overview of Authenticating Administrators

To best fit the requirements of your organization, you can define the authentication methods for the Cato Management Application. These are the different methods:

  • SSO provider - Authenticate with the Single-Sign On (SSO) provider that is configured for the account in Access > Single-Sign On

  • Cato user credentials - Log in with the username (admin email) and password that you configure in the Cato Management Application

    • MFA - Admins are also required to use Multi-Factor Authentication (MFA) with an authentication app when they log in to the Cato Management Application

      • This option is enabled by default for new admins

      • For accounts created after December 10th 2023, MFA is always enabled for admins

    • MFA is only supported for Cato user credentials

We recommend that you configure only MFA or SSO authentication for Cato Management Application admin accounts to provide secure access and prevent account takeover and possible compromise.

For more about working with Cato Management Application admins, see Managing Administrators.

Configuring the Cato Management Application Authentication Methods

You can choose to allow Cato Management Application admins to use one or both of these methods to log in:

  • SSO with the Identity Provider (IdP) for the account (Access > Single Sign-On)

  • Username and password for the admin defined in the Cato Management Application (Administration > Login Restrictions)

    The Login Restrictions screen also shows if admins are allowed to log in with SSO.

The admin authentication settings are defined for all admins in the account.

To configure the authentication methods for Cato Management Application admins:

  1. To allow admins to authenticate with SSO:

    1. From the navigation menu, click Access > Single Sign-On.

    2. In the Cato Management Application Admins section, select Allow login with Single Sign-On.

    3. Click Save.

  2. To allow admins to authenticate with username and password:

    1. From the navigation menu, select Administration > Login Restrictions.

    2. In the Login Authentication Method for Cato Management Application section, select Allow login with Cato user credentials.

    3. Click Save.

Using Multi-Factor Authentication for Administrators

To provide additional security, you can configure admins to use Multi-Factor Authentication (MFA) when they log in to the Cato Management Application. MFA uses an authentication app (such as Google Authenticator) to generate secure One-Time-Passwords (OTP) that the admin enters as part of the login process. Otherwise, the admin can't authenticate and log in to the Cato Management Application.

Note

Notes:

  • MFA is only supported for Cato user credentials. When admins log in with SSO, you can't require them to enter an MFA code.

  • For accounts created after December 10th 2023, MFA is always enabled for admins that use Cato User Credentials authentication.

Enabling Multi-Factor Authentication for an Administrator

After you create an admin, MFA is enabled by default for that admin. If MFA is enabled, the first time that the admin logs in to the Cato Management Application, he is redirected to a web page with a QR code. The admin uses the authentication app to scan the QR code and the Cato Management Application MFA is added to the authentication app.

Admin_General.png

To enable MFA for an admin:

  1. From the navigation menu, select Administration > Administrators.

  2. Select the admin.

  3. In the Login Details section, select MFA enabled.

  4. Click Save.

Resetting Multi-Factor Authentication

You can reset the MFA permissions for an admin. After you reset the MFA permissions, the admin can no longer use the current authenticator app to log in to the Cato Management Application. The next time that the admin logs in to the Cato Management Application, he is redirected to a web page with a QR code. The admin uses the authentication app to scan the QR code and the Cato Management Application MFA is added to the authentication app.

To reset the MFA permissions for an admin:

  1. From navigation pane, select Administration > Administrators.

  2. Select one or more administrators.

  3. From the Actions drop-down menu, select Reset MFA.

  4. In the confirmation window, click OK. An email notification is sent to the admin.

Was this article helpful?

1 out of 1 found this helpful

0 comments

Add your comment