--- title: Deploy for gateway web access management description: A PingAccess web access management (WAM) deployment enables an organization to quickly set up an environment that provides a secure method of managing access rights to web-based applications while integrating with existing identity management infrastructure. component: pingaccess version: 9.0 page_id: pingaccess:reference_guides:pa_deploy_for_gateway_wam canonical_url: https://docs.pingidentity.com/pingaccess/9.0/reference_guides/pa_deploy_for_gateway_wam.html revdate: February 6, 2023 --- # Deploy for gateway web access management A PingAccess web access management (WAM) deployment enables an organization to quickly set up an environment that provides a secure method of managing access rights to web-based applications while integrating with existing identity management infrastructure. With growing numbers of internal and external users, and more and more enterprise resources available online, it is important to ensure that qualified users can access only those applications to which they have permission. A WAM environment provides authentication and policy-based access management while integrating with existing infrastructure. Deployed at the perimeter of a protected network between browsers and protected web-based applications, PingAccess Gateway performs the following actions: * Receives inbound calls requesting access to web applications Web session-protected requests contain a previously-obtained PingAccess token in a cookie derived from the user's profile during an OpenID Connect (OIDC) *(tooltip: \
\

An authentication protocol built on top of OAuth that authenticates users and enables clients (relying parties) of all types to request and receive information about authenticated sessions and users. OIDC is extensible, allowing clients to use optional features such as encryption of identity data, discovery of OpenID Providers (OAuth authorization servers), and session management.\

\
)* based sign on at PingFederate. * Evaluates application and resource-level policies and validates the tokens in conjunction with an OIDC Policy configured within PingFederate * Acquires the appropriate target security token (site authenticators) from the PingFederate Security Token Service (STS) *(tooltip: \
\

An entity responsible for responding to WS-Trust requests for validation and issuance of security tokens used for SSO authentication to web services.\

\
)* or from a cache, including attributes and authorized scopes, should a web application require identity mediation * Makes authorized requests to the sites where the web applications reside and responses are received and processed * Relays the responses on to the browsers The following sections describe sample proof of concept and production architectures for a WAM use case deployment: * [WAM Gateway POC Deployment Architecture](pa_wam_gateway_proof_of_concept_deployment_architecture.html) * [WAM Gateway Production Deployment Architecture](pa_wam_gateway_production_deployment_architecture.html)