Documentation Index

Fetch the complete documentation index at: https://knowledge.catonetworks.com/llms.txt

Use this file to discover all available pages before exploring further.

Supported IdPs for SSO Authentication

Prev Next

This article summarizes the officially supported Identity Providers (IdPs) for Cato’s Single Sign-On (SSO) features.

Overview

Cato supports a wide range of OIDC-compatible IdPs to securely authenticate users and admins. These are the features that support SSO:

  • Remote Users – User authentication to the Cato Client

  • CMA Admins – Admin login to the Cato Management Application

  • Browser Access – Authentication flows through the Application Portal

  • Browser Extension – Authentication via browser extension (where applicable)

  • Enterprise Browser - Authentication via enterprise browser

  • Headless Authentication – Automated authentication flows without user interaction (for Linux OS)

For more about using SSO with your Cato account, see Configuring SSO and the Subdomain for the Account.

IdP Support Matrix

The table below shows which SSO authentication capabilities are supported for each Identity Provider (IdP).

Identity Provider

Remote Users

CMA Admins

Browser Access

Browser Extension

Enterprise Browser

Headless Auth

Azure

Yes

Yes

Yes

Yes

Yes

Yes

CyberArk

Yes

No

Yes

Yes

Yes

No

DTS

Yes

Yes

Yes

Yes

Yes

No

DUO

Yes

Yes

Yes

Yes

Yes

No

Forgerock

Yes

No

Yes

Yes

Yes

No

Google

Yes

Yes

Yes

Yes

Yes

No

Hennge

Yes

No

Yes

Yes

Yes

No

JumpCloud

Yes

No

Yes

No

No

No

Keycloak

Yes

Yes

Yes

Yes

Yes

No

Okta

Yes

Yes

Yes

Yes

Yes

Yes

OneLogin

Yes

Yes

Yes

No

No

No

OneWelcome

Yes

Yes

No

No

No

No

PingFederate

Yes

Yes

No

No

No

No

PingOne

Yes

Yes

Yes

Yes

Yes

No

SafeNet (Classic)

Yes

No

Yes

No

No

No

SafeNet (EU)

Yes

No

Yes

No

No

No