This article discusses how to configure different authentication settings for Cato Management Application administrators.
To best fit the requirements of your organization, you can define the authentication methods for the Cato Management Application. These are the different methods:
-
SSO provider - Authenticate with the Single-Sign On (SSO) provider that is configured for the account in Access > Single-Sign On
-
Cato user credentials - Log in with the username (admin email) and password that you configure in the Cato Management Application
-
MFA - Admins are also required to use Multi-Factor Authentication (MFA) with an authentication app when they log in to the Cato Management Application
-
MFA is only supported for Cato user credentials
-
We recommend that you configure only MFA or SSO authentication for Cato Management Application admin accounts to provide secure access and prevent account takeover and possible compromise.
For more about working with Cato Management Application admins, see Managing Administrators.
You can choose to allow Cato Management Application admins to use one or both of these methods to log in:
-
SSO with the Identity Provider (IdP) for the account (Access > Single Sign-On)
-
Username and password for the admin defined in the Cato Management Application (Administration > Login Restrictions)
The Login Restrictions screen also shows if admins are allowed to log in with SSO.
The admin authentication settings are defined for all admins in the account.
To configure the authentication methods for Cato Management Application admins:
-
To allow admins to authenticate with SSO:
-
From the navigation menu, click Access > Single Sign-On.
-
In the Cato Management Application Admins section, select Allow login with Single Sign-On.
-
Click Save.
-
-
To allow admins to authenticate with username and password:
-
From the navigation menu, select Administration > Login Restrictions.
-
In the Login Authentication Method for Cato Management Application section, select Allow login with Cato user credentials.
-
Click Save.
-
To provide additional security, you can configure admins to use Multi-Factor Authentication (MFA) when they log in to the Cato Management Application. MFA uses an authentication app (such as Google Authenticator) to generate secure One-Time-Passwords (OTP) that the admin enters as part of the login process. Otherwise, the admin can't authenticate and log in to the Cato Management Application.
Note
Note: MFA is only supported for Cato user credentials. When admins log in with SSO, you can't require them to enter an MFA code.
After you create an admin, you can enable MFA for that admin. If MFA is enabled, the first time that the admin logs in to the Cato Management Application, he is redirected to a web page with a QR code. The admin uses the authentication app to scan the QR code and the Cato Management Application MFA is added to the authentication app.
You can reset the MFA permissions for an admin. After you reset the MFA permissions, the admin can no longer use the current authenticator app to log in to the Cato Management Application. The next time that the admin logs in to the Cato Management Application, he is redirected to a web page with a QR code. The admin uses the authentication app to scan the QR code and the Cato Management Application MFA is added to the authentication app.
Comments
0 comments
Please sign in to leave a comment.