User Authentication:

1. Users initiate the authentication process by accessing resources protected by MicroZAccess.

2. Users' authentication requests are redirected to the Identity Provider (IdP) for verification.

3. The IdP performs authentication using SAML SSO or OpenID Connect protocols.

4. Upon successful authentication, the user receives an authentication token.

Device Trust and Security Context:

1. Users' devices, installed with the MicroZAccess App, establish a connection with MicroZAccess Orchestrator.

2. MicroZAccess Orchestrator verifies the trustworthiness and security posture of the device based on configured policies.

3. If required, additional security posture verification can be performed by integrating with third-party EPP/EDR providers.

4. MicroZAccess Orchestrator updates the device's security context and grants initial access to the device.

Secure Encrypted Micro-Tunnel Establishment:

1. The MicroZAccess App, running on the user's device, initiates a request to establish a secure micro-tunnel.

2. The request is sent to the MicroZAccess TURN Mediator, which acts as an intermediary component.

3. The MicroZAccess TURN Mediator facilitates the establishment and management of micro-tunnels between the user's device and the target resource.

4. MicroZAccess Orchestrator provides the necessary information, such as the target resource's IP address and port, to establish the micro-tunnel.

5. The micro-tunnel is established, enabling secure and encrypted communication between the user's device and the target resource.

Policy Enforcement Workflow:

1. Once the micro-tunnel is established, traffic flows between the user's device and the target resource.

2. MicroZAccess App on the user's device performs enhanced identity checks on the packet source, including group memberships and allowed ports/apps.

3. MicroZAccess Orchestrator enforces policy-based access controls at each agent level, ensuring that appropriate permissions are applied to the traffic.

4. Traffic is securely routed through the micro-tunnel, and access to resources is granted based on the defined policies.