The System Administrators screen lets you add and configure the system admins for your account.
There are different types roles for the Cato Management Application: Editor, Viewer, and Regional Viewer. Editors have full read/write permissions and can configure all the settings for the account. Viewers have read-only permissions, they can see all the screens in the account but can't change any of the settings. By default, new users are assigned the viewer role.
You can choose the configure these options for each admin account:
-
Password never expires
-
MFA enabled
Admin Password Options
By default, admins are required to change their passwords for the Cato Management Application every 90 days and they receive email notifications 14 days and 3 days before the password expiration date. When you enable the Password never expires option for an admin, that admin is never required to change his password.
You can use the Password Expiration setting to configure how often admins are required to change their passwords for the Cato Management Application.
Admin MFA Options
You can choose to enable Multi-Factor Authentication (MFA) to provide extra security for the Cato Management Application admin that uses the Cato username and password credentials. For more about using MFA, see Configuring Authentication Settings for Administrators.
To add an admin:
-
From the navigation menu, click Administration > Administrators.
-
Click New.
The Create Administrator panel opens.
-
Enter these General settings for the admin:
-
First name and Last name
-
Email - Admins use this email address as the username when logging in to the Cato Management Application
-
Select an existing admin - For Cato resellers, you can add an admin that is already configured in the Cato Management Application
Select this option and choose the admin from the drop-down list with all the admins in the customer accounts
-
-
Select the permissions Role for this admin: Editor, Regional Viewer, or Viewer
-
-
(Optional) To require additional MFA for this admin, select MFA enabled.
-
(Optional) To exclude this admin from the password expiration policy, select Password never expires.
-
Click Apply. The admin is added to the Administrators screen.
-
Click Save. The admin is saved to the Cato Management Application and an email invitation is sent to the admin with instructions for how to activate the account.
When multiple admins are logged in to the Cato Management Application at the same time (concurrently), occasionally there can be an issue if they try to configure the same setting at the same time. To manage these types of issues, the Cato Management Application shows a warning message when there is a possibility of saving a configuration which can overwrite changes that were recently made by a different admin.
This is an example of the warning message shown to concurrent admins.
-
Admin1 is editing the New York site at the same time as Admin2 is editing the same site.
-
Admin1 saves the changes to the site.
-
Admin2 tries to save changes to the site.
-
Admin2 sees a pop-up window, which states that saving the changes may overwrite the recently configured changes made by a different admin.
-
Admin2 can choose to overwrite and save these changes, or discard the changes.
If Admin2 discards the changes, the Cato Management Application refreshes and shows the configuration saved by Admin1 (in step 2).
Issues related to concurrent admins only occur when they are working on the same entity type. Otherwise, admins can make changes at the same. These are the entity types in the Cato Management Application:
-
Account settings (such as security and network settings)
-
Sites
-
SDP users
-
Groups
-
Admins
Example of Changes to Different Entity Types
Admin1 saves changes to the New York site, and then admin2 saves changes to an SDP user. The admins can successfully save the changes.
Example of Changes to the Same Entity Type
Admin1 saves changes to a firewall rule and then Admin2 saves changes to a network rule. Admin2 is shown the warning message about saving the changes or discarding them.
You can choose to restrict all administrators to log in only from specific IP addresses.
For accounts that use egress IP addresses (NATed IPs), you can allow admins to log in from these IP addresses.
For more information about login settings for admins, see Configuring Authentication Settings for Administrators.
To configure admin login restrictions:
-
From the navigation menu, select Administration > Login Restrictions.
-
To only allow admins to log in to the Cato Management Application from specific IP addresses:
-
In the Login Restrictions for Cato Management Application section, in Allowed Login IPs, enter the IP address to allow.
-
Click .
The IP address is added to the Allowed Login IPs list.
-
To remove an allowed IP address, select the IP address and then click (Delete).
-
-
(Optional) To allow admins to log in from a translated IP, select Also allow logins from the NATed IPs.
-
Click Save.
You can disable or enable admin accounts. For example, you can enable accounts that are disabled or locked.
After adding a new administrator to the Cato Management Application, an activation invitation e-mail is sent to the new administrator's email address. If the account has not yet been activated, or if there is a need to repeat the process for any reason, it is possible to resend the invitation.
You can manage the password settings for Cato Management Application admins. Configure the number of days that the admin password is valid for, and manually reset the password for an admin.
Use the Password Expiration setting in the Login Restrictions screen to define how long the Cato Management Application password is valid for, before the admin is required to change it. The password can be valid for 14 to 730 days.
This setting doesn't apply when the Password never expires option is enabled for an admin.
If an administrator is locked out of the account, use the Reset Passwords option to let them log in again.
To reset an administrator's password:
-
From the navigation menu, click Administration > Administrators.
-
Select one or more administrators.
-
Click Actions and then from the drop-down menu, select Reset Password.
-
In the confirmation window, click OK.
The administrator receives an email with a link to change the password.
-
In the email, the admin can click the here link to go to the Change Password window.
If the admin receives this email, but did not initiate the request, click the It wasn't me link.
Note
Important! You cannot undo an administrator deletion.
To delete an admin account from the Cato Management Application:
-
From the navigation menu, click Administration > Administrators.
-
Select one or more administrators.
-
Click Actions, and then from the drop-down menu, select Delete Admin.
-
In the confirmation window, click Delete.
The selected admins are removed from the Cato Management Application.
0 comments
Please sign in to leave a comment.