Consider the following example:
The users (User1 ... User4) access three different applications with different access rights.
- Applications:
- Public Portal: A public web application accessible by anyone without prior authentication.
- Customer Portal: A web application only accessible by known customers and selected administrators.
- Admin Portal: A web application only accessible by selected administrators.
- Users with allowed access (access policy):
Username | Public | Customer | Admin |
|---|---|---|---|
User1 |  |  |  |
User2 |  |  |  |
User3 |  |  |  |
User4 |  |  |  |
- This information is stored in Airlock IAM and Airlock Gateway (WAF):
- Airlock IAM as Policy Information Point (PIP)
- Airlock Gateway (WAF) as Access Policy Enforcement Point