Skip to main content

Architecture

Safous ZTA Architecture

Information based on the figure above

Safous ZTA service consists of two main components:

Global POPs
App Gateway

Global POPs

Safous ZTA service POPs are currently available in multiple regions and countries, which customers can leverage for global access and redundancy.

App Gateway

The App Gateway only requires egress traffic to Global POPs via internet access.
No ingress traffic needs to be opened, which helps mitigate the attack surface from the internet.
Acts as a bridge to communicate with various internal business applications residing at customer sites (e.g., Office, Datacenter, or Cloud environments).
Can also connect to SaaS apps and Cloud apps outside the customer premises.

Client Perspective

From the client's point of view, the user is routed to the nearest POP.
Then, the user accesses the respective App Gateway to reach internal or cloud-based resources.

Authentication Support

Safous ZTA service supports a wide range of SSO authentication methods, including:

Traditional directory services such as Microsoft Active Directory (MS AD) and LDAP
External Identity Providers using SAML and OpenID Connect

Global POPs
App Gateway
Client Perspective
Authentication Support