Browser Access Portal Overview - Securing Remote Access to Applications

High-Level Overview of Configuring the Browser Access Portal and Applications

This section is a high-level overview of the process to configure the Browser Access Portal for your account. Clientless browser-based SDP uses SSO authentication tokens for the IdP.

You can also use Cato user credentials to authenticate to the Browser Access Portal.


Note: Browser-based remote access doesn't support overlapping IPs between an SNAT IP range and IP range for the site.

  1. (Optional) Configure (or verify) the Single sign-on (SSO) settings for the account (see Configuring SSO and the Subdomain for the Account).

  2. Configure the settings for the Browser Access Portal (see Configuring the Browser Access Portal):

    1. Configure the basic settings for the portal, the URL and logo.

    2. Define the domains that are allowed to connect to the portal.

      The email domains of the clientless SDP users are validated against the allowed domains for the Browser Access Portal.

    3. Configure the SSO provider for your Cato account and define the authentication cookies.

    4. If necessary, define the NAT IP range for the Browser Access applications.

  3. Create the Browser Access applications (see Managing Applications for the Browser Access Portal):

    1. Configure the application name and URL prefix.

    2. Define the host server IP address, port number, and web protocol.

  4. Define the rules for the SDP access policy to control which users are allowed to access the applications (see Defining the Browser Access Policy):

    1. Define the users and groups that are allowed to access the applications for the rule.

    2. Add the applications for the rule.

Analyzing Browser Access Events

The Event window shows all the Browser Access events for your account. The powerful search tools let you drill-down and identify the few events that contain the relevant data that you need.

You can learn more about using Events here.

Explaining the Browser Access Events Fields

To enable Browser Access application activity events for your account, please contact your Cato representative.

Action Name



Successful login

Connectivity - SDP Portal

Users successfully log in to the portal

Access denied

Connectivity - SDP Portal

  • Unauthorized domain - Unauthorized attempt to access the portal

  • Unauthorized application - Unauthorized attempt to access an Browser Access application

Logged out

Connectivity - SDP Portal

Users manually log out from the portal

SDP application activity

Security - SDP Activity

Monitors each flow for Browser Access applications and log in pages

Was this article helpful?

0 out of 0 found this helpful


Add your comment