Skip to main content

Architecture

Safous I-SRA Architecture

Information based on the figure above

Safous I-SRA service consists of two main components:

Private POP
Private App Gateway

Private POPs

Customer-managed POP that can be deployed in the in-premise organization environment.
Acts as a dedicated entry point to the I-SRA system - tailored to meet the organization's specific security, compliance, and infrastructure needs.
Complete offline deployment - ideal for secure facilities

Private App Gateway

The App Gateway only requires egress traffic to Private POPs.
No ingress traffic needs to be opened, which helps mitigate the attack surface from outside of the isolated network.
Acts as a bridge to communicate with various internal business applications residing at customer sites (e.g., Office or Datacenter).
Complete offline deployment - ideal for secure facilities

Client Perspective

From the client's point of view, the internal user is routed to the nearest POP.
Then, the user accesses the respective App Gateway to reach internal resources.

Authentication Support

Safous I-SRA service supports a wide range of SSO authentication methods, including:

Traditional directory services such as Microsoft Active Directory (MS AD) and LDAP
Offline Identity Providers using SAML and OpenID Connect

Private POPs
Private App Gateway
Client Perspective
Authentication Support