Access requests are either routed through a PingAccess gateway to the target site or intercepted at the target web application server by a PingAccess agent, which coordinates access policy decisions with a PingAccess policy server.
In either instance, PingAccess evaluates the policies applied to access requests for the target application and makes a policy-based decision to grant or deny access to the requested resource. After access is granted, PingAccess can modify client requests and server responses to provide additional identity information required by the target application.