Getting Started with the macOS Client

This article explains how to install the macOS Client on your device and connect to the Cato Cloud.


  1. Download the macOS Client from the Cato Networks website.

  2. Install the Client on your macOS device.

  3. Open the Client, enter your login credentials and then connect to the Cato Cloud.


  • System level notifications must be enabled on the device to authenticate using the browser within the Client (Embedded browser). 

Downloading the macOS Client

You can download the macOS Client onto your device from the Client Portal.

To download the macOS Client from the Cato website:

  1. From a browser, open the Client download portal, and select the macOS tab.

  2. Click Download. The installation file is saved to your device.

Installing the macOS Client

Once you download the Client, you can install it on your macOS device.

To install the macOS Client on your device:

  1. Open the macOS Client installation file.

  2. Follow the steps in the installation wizard.

  3. When the Installer pop up is displayed, enter the device password.

  4. In the System Extension Blocked pop up, click Open System Setting.

    1. For macOS versions Catalina (10.15) to Monterey (12.6.4) :

      1. Click the lock to let you change the security settings.

      2. Click Allow

      3. Close the Security & Privacy window.

    2. For macOS versions Ventura (13.0) and above:

      1. In the Privacy & Security section, click Allow.

      2. Enter the device Username and Password and click Unlock.

    3. Close the Privacy & Security window.

  5. The Client requests your permission to add a new VPN configuration, click Allow.


    The Client is installed on your device.



Note: The Cato Client may ask for permission to access applications and folders on your macOS device. This access is required to establish the device posture and validate correct configurations. 


Adding a User to the Client

Once you have installed the Client, you can add a user and connect to the network. 

For SDP users that authenticate with Username and Password (and MFA):

  • After your system admins create an SDP user for you, an email is sent to you with a link to activate this user. Click the link and create a password, then enter the following login details for the Client:
    • Account name

    • User name

    • Password

This is not required for SDP users that authenticate with SSO. 

To add a new user to the Client:

  1. From the Users page of the Client, click Add User.
  2. Enter your email address.
  3. Sign in with your username and password or SSO credentials 
    Your user is added to the Client and the Client automatically connects to the network.


Connecting to the Network

After you have added a User to the Client, you can connect to the network. 

To connect to the network:

  1. From the Home page of the Client, click the Connect button.

    The Client connects to the network.


    Note: This is the only supported method of connecting to the network. Connecting from System Preferences > Network (or from macOS Ventura System Settings > VPN) on the device is not supported. 

Connecting to a Specific PoP

By default, the Client automatically connects to the optimal PoP based on geolocation and connectivity metrics. For more information on the Client connection process, see ​Installing the Cato Client​​.

You can override this process by manually entering the IP address of a specific PoP you want the Client to connects to. To view the IP addresses of Cato's PoPs, see Production PoP Guide​​.

To select the PoP the Client connects to:

  1. From the navigation menu in the Client, click Users.
  2. Enable PoP Server IP.
  3. Enter the IP address of the PoP you want the Client to connect to.
    The Client connects to the manually selected PoP. 

Was this article helpful?

2 out of 3 found this helpful


Add your comment