In either instance, policies applied to access requests for the target application are evaluated, and PingAccess makes a policy-based decision to grant or deny access to the requested resource. When access is granted, PingAccess can modify client requests and server responses to provide additional identity information required by the target application.