Use Case B: Enterprise-ID Access ======================================= .. include:: /_publication_note.rst Demonstrations in this use case deal with different scenarios using access to enterprise resources as well as non-enterprise resources located on-premises, in the cloud, and on the internet. Each activity demonstrates the capability of authentication from within a given setting. The access is authenticated with an “enterprise-ID” using an enterprise-owned endpoint (EP) as well as a privately owned endpoint (BYOD). Each scenario provides a set of pre-conditions as well as multiple demonstrations. Each scenario could be repeated using different transport protocols (TCP- and UDP-based protocols). Scenario B-1: Full/limited resource access using an enterprise endpoint ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This scenario deals with a request using different Enterprise-ID profiles, one with access to all provided resources and one with access to a limited set of resources (e.g., only RSS1 but not RSS2), or limited functionality while accessing an enterprise-controlled resource (e.g., read-only vs. read/write). **Pre-Condition:** The enterprise provides multiple user accounts with different access levels. The P_FULL access profile specifies access to all resources (RSS) within the enterprise and/or all capabilities (CAP) of resources within the enterprise. Additionally, the P_LIMITED access profile specifies access to a subset of the resources and/or only limited functionality of each resource. Both endpoints' compliance (Compl) is already verified, and systems are authenticated per demonstration policy. **Demonstration:** Each requestor using an enterprise-ID will attempt to successfully access an enterprise resource or a functionality of an enterprise resource. **Purpose and Outcome:** This demonstration focuses on user privilege, authentication/re-authentication, the endpoint and RSS location, and the compliance of endpoints. **Table 1 - Scenario B-1 Demonstrations** +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | Demo ID | UP | Location |Auth |Auth |Auth |Access |Compl |Compl| Desired Outcome | | | | Req. > RSS |Stat |Stat |Stat | | | | | | | | |User |EP |RSS | |EP |RSS | | | | | | | | | | | | | +=========+===+=====+============+==========+=========+=====+========+=======+=====+==========================================+ | B-1.1 | a | E1 | On-Prem 🡪 | A+ | A | A | RSS1 | Y | Y | Access Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.1 | b | E1 | On-Prem 🡪 | A+ | A | A | RSS2 | Y | Y | Access Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.1 | c | E1 | On-Prem 🡪 | A- | A | --- | --- | Y | --- | Access Not Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.1 | d | E2 | On-Prem 🡪 | A+ | A | A | RSS1 | Y | Y | Access Not Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.1 | e | E2 | On-Prem 🡪 | A+ | A | A | RSS2 | Y | Y | Access Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.1 | f | E2 | On-Prem 🡪 | A- | A | --- | --- | Y | --- | Access Not Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.1 | g | E3 | On-Prem 🡪 | A- | A | --- | --- | Y | --- | Access Not Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.1 | h | E1 | On-Prem 🡪 | RA+ | A | A | RSS1 | Y | Y | Access Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.1 | i | E1 | On-Prem 🡪 | RA- | A | --- | --- | Y | --- | Access Not Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.1 | j | E1 | On-Prem 🡪 | RA+ | A | A | RSS1 | N | Y | Access Not Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.1 | k | E1 | On-Prem 🡪 | RA+ | A | A | RSS2 | N | Y | Access Limited | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.1 | l | E1 | On-Prem 🡪 | A+ | A | A | RSS1 | N | Y | Access Not Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.1 | m | E1 | On-Prem 🡪 | A+ | A | A | RSS2 | N | Y | Access Limited | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.1 | n | E1 | On-Prem 🡪 | A+ | A | A | RSS1 | Y | N | Access Not Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.1 | o | E1 | On-Prem 🡪 | A+ | A | A | RSS2 | Y | N | Access Not Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.1 | p | E2 | On-Prem 🡪 | A+ | A | A | RSS2 | Y | N | Access Not Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.2 | a | E1 | Branch 🡪 | A+ | A | A | RSS1 | Y | Y | Access Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.2 | b | E1 | Branch 🡪 | A+ | A | A | RSS2 | Y | Y | Access Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.2 | c | E1 | Branch 🡪 | A- | A | --- | --- | Y | --- | Access Not Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.2 | d | E2 | Branch 🡪 | A+ | A | A | RSS1 | Y | Y | Access Not Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.2 | e | E2 | Branch 🡪 | A+ | A | A | RSS2 | Y | Y | Access Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.2 | f | E2 | Branch 🡪 | A- | A | --- | --- | Y | --- | Access Not Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.2 | g | E3 | Branch 🡪 | A- | A | --- | --- | Y | --- | Access Not Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.2 | h | E1 | Branch 🡪 | RA+ | A | A | RSS1 | Y | Y | Access Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.2 | i | E1 | Branch 🡪 | RA- | A | --- | --- | Y | --- | Access Not Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.2 | j | E1 | Branch 🡪 | RA+ | A | A | RSS1 | N | Y | Access Not Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.2 | k | E1 | Branch 🡪 | RA+ | A | A | RSS2 | N | Y | Access Limited | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.2 | l | E1 | Branch 🡪 | A+ | A | A | RSS1 | N | Y | Access Not Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.2 | m | E1 | Branch 🡪 | A+ | A | A | RSS2 | N | Y | Access Limited | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.2 | n | E1 | Branch 🡪 | A+ | A | A | RSS1 | Y | N | Access Not Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.2 | o | E1 | Branch 🡪 | A+ | A | A | RSS2 | Y | N | Access Not Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.2 | p | E2 | Branch 🡪 | A+ | A | A | RSS2 | Y | N | Access Not Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.3 | a | E1 | Remote 🡪 | A+ | A | A | RSS1 | Y | Y | Access Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.3 | b | E1 | Remote 🡪 | A+ | A | A | RSS2 | Y | Y | Access Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.3 | c | E1 | Remote 🡪 | A- | A | --- | --- | Y | --- | Access Not Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.3 | d | E2 | Remote 🡪 | A+ | A | A | RSS1 | Y | Y | Access Not Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.3 | e | E2 | Remote 🡪 | A+ | A | A | RSS2 | Y | Y | Access Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.3 | f | E2 | Remote 🡪 | A- | A | --- | --- | Y | --- | Access Not Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.3 | g | E3 | Remote 🡪 | A- | A | --- | --- | Y | --- | Access Not Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.3 | h | E1 | Remote 🡪 | RA+ | A | A | RSS1 | Y | Y | Access Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.3 | i | E1 | Remote 🡪 | RA- | A | --- | --- | Y | --- | Access Not Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.3 | j | E1 | Remote 🡪 | RA+ | A | A | RSS1 | N | Y | Access Not Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.3 | k | E1 | Remote 🡪 | RA+ | A | A | RSS2 | N | Y | Access Limited | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.3 | l | E1 | Remote 🡪 | A+ | A | A | RSS1 | N | Y | Access Not Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.3 | m | E1 | Remote 🡪 | A+ | A | A | RSS2 | N | Y | Access Limited | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.3 | n | E1 | Remote 🡪 | A+ | A | A | RSS1 | Y | N | Access Not Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.3 | o | E1 | Remote 🡪 | A+ | A | A | RSS2 | Y | N | Access Not Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.3 | p | E2 | Remote 🡪 | A+ | A | A | RSS2 | Y | N | Access Not Successful | | | | | On-Prem | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.4 | a | E1 | On-Prem 🡪 | A+ | A | A | RSS1 | Y | Y | Access Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.4 | b | E1 | On-Prem 🡪 | A+ | A | A | RSS2 | Y | Y | Access Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.4 | c | E1 | On-Prem 🡪 | A- | A | --- | --- | Y | --- | Access Not Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.4 | d | E2 | On-Prem 🡪 | A+ | A | A | RSS1 | Y | Y | Access Not Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.4 | e | E2 | On-Prem 🡪 | A+ | A | A | RSS2 | Y | Y | Access Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.4 | f | E2 | On-Prem 🡪 | A- | A | --- | --- | Y | --- | Access Not Successful | | | | | Cloud | | | | | | | | +---------+---+-----+ -----------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.4 | g | E3 | On-Prem 🡪 | A- | A | --- | --- | Y | --- | Access Not Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.4 | h | E1 | On-Prem 🡪 | RA+ | A | A | RSS1 | Y | Y | Access Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.4 | i | E1 | On-Prem 🡪 | RA- | A | --- | --- | Y | --- | Access Not Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.4 | j | E1 | On-Prem 🡪 | RA+ | A | A | RSS1 | N | Y | Access Not Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.4 | k | E1 | On-Prem 🡪 | RA+ | A | A | RSS2 | N | Y | Access Limited | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.4 | l | E1 | On-Prem 🡪 | A+ | A | A | RSS1 | N | Y | Access Not Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.4 | m | E1 | On-Prem 🡪 | A+ | A | A | RSS2 | N | Y | Access Limited | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.4 | n | E1 | On-Prem 🡪 | A+ | A | A | RSS1 | Y | N | Access Not Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.4 | o | E1 | On-Prem 🡪 | A+ | A | A | RSS2 | Y | N | Access Not Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.4 | p | E2 | On-Prem 🡪 | A+ | A | A | RSS2 | Y | N | Access Not Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.5 | a | E1 | Branch 🡪 | A+ | A | A | RSS1 | Y | Y | Access Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.5 | b | E1 | Branch 🡪 | A+ | A | A | RSS2 | Y | Y | Access Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.5 | c | E1 | Branch 🡪 | A- | A | --- | --- | Y | --- | Access Not Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.5 | d | E2 | Branch 🡪 | A+ | A | A | RSS1 | Y | Y | Access Not Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.5 | e | E2 | Branch 🡪 | A+ | A | A | RSS2 | Y | Y | Access Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.5 | f | E2 | Branch 🡪 | A- | A | --- | --- | Y | --- | Access Not Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.5 | g | E3 | Branch 🡪 | A- | A | --- | --- | Y | --- | Access Not Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.5 | h | E1 | Branch 🡪 | RA+ | A | A | RSS1 | Y | Y | Access Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.5 | i | E1 | Branch 🡪 | RA- | A | --- | --- | Y | --- | Access Not Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.5 | j | E1 | Branch 🡪 | RA+ | A | A | RSS1 | N | Y | Access Not Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.5 | k | E1 | Branch 🡪 | RA+ | A | A | RSS2 | N | Y | Access Limited | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.5 | l | E1 | Branch 🡪 | A+ | A | A | RSS1 | N | Y | Access Not Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.5 | m | E1 | Branch 🡪 | A+ | A | A | RSS2 | N | Y | Access Limited | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.5 | n | E1 | Branch 🡪 | A+ | A | A | RSS1 | Y | N | Access Not Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.5 | o | E1 | Branch 🡪 | A+ | A | A | RSS2 | Y | N | Access Not Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.5 | p | E2 | Branch 🡪 | A+ | A | A | RSS2 | Y | N | Access Not Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.6 | a | E1 | Remote 🡪 | A+ | A | A | RSS1 | Y | Y | Access Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.6 | b | E1 | Remote 🡪 | A+ | A | A | RSS2 | Y | Y | Access Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.6 | c | E1 | Remote 🡪 | A- | A | --- | --- | Y | --- | Access Not Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.6 | d | E2 | Remote 🡪 | A+ | A | A | RSS1 | Y | Y | Access Not Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.6 | e | E2 | Remote 🡪 | A+ | A | A | RSS2 | Y | Y | Access Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.6 | f | E2 | Remote 🡪 | A- | A | --- | --- | Y | --- | Access Not Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.6 | g | E3 | Remote 🡪 | A- | A | --- | --- | Y | --- | Access Not Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.6 | h | E1 | Remote 🡪 | RA+ | A | A | RSS1 | Y | Y | Access Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.6 | i | E1 | Remote 🡪 | RA- | A | --- | --- | Y | --- | Access Not Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.6 | j | E1 | Remote 🡪 | RA+ | A | A | RSS1 | N | Y | Access Not Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.6 | k | E1 | Remote 🡪 | RA+ | A | A | RSS2 | N | Y | Access Limited | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.6 | l | E1 | Remote 🡪 | A+ | A | A | RSS1 | N | Y | Access Not Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.6 | m | E1 | Remote 🡪 | A+ | A | A | RSS2 | N | Y | Access Limited | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.6 | n | E1 | Remote 🡪 | A+ | A | A | RSS1 | Y | N | Access Not Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.6 | o | E1 | Remote 🡪 | A+ | A | A | RSS2 | Y | N | Access Not Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ | B-1.6 | p | E2 | Remote 🡪 | A+ | A | A | RSS2 | Y | N | Access Not Successful | | | | | Cloud | | | | | | | | +---------+---+-----+------------+----------+---------+-----+--------+-------+-----+------------------------------------------+ Scenario B-2: Full/limited internet access using an enterprise endpoint ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This scenario deals with access from an enterprise-owned device to non-enterprise-managed internet resources using different Enterprise-ID profiles: one with access to the internet, one with limited access to the internet, and one with no access to the internet. This is to simulate an enterprise that may have policies around accessing public Internet resources using enterprise-owned devices. **Pre-Condition:** The enterprise provides multiple user accounts with different access levels to the internet. The internet access will be performed using an enterprise-owned endpoint. RSS types are OK for approved and not OK for not-approved internet resources. The approval depends on the user's policy. User endpoints are checked for compliance (Compl) per demonstration policy. “Out of Hours” refers to the request taking place outside of marked business hours, which would fall outside of normal access behaviors seen for the ID. **Demonstration:** Each requestor using an Enterprise-ID will attempt to successfully access a non-enterprise resource. **Purpose and Outcome:** This demonstration focuses on the endpoint location as well as the resource location. **Table 2 - Scenario B-2 Demonstrations** +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | Demo ID | UP | Location |Auth |Auth| Access |Compl |Compl | Desired Outcome | | | | Req. > RSS |Stat |Stat| |EP |Out of Hours | | | | | |User |EP | | | | | +=========+===+=====+============+==========+====+========+=======+==============+==========================================+ | B-2.1 | a | E4 | On-Prem 🡪 | A+ | A | URL1 | Y | N | Access Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.1 | b | E4 | On-Prem 🡪 | A+ | A | URL2 | Y | N | Access Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.1 | c | E4 | On-Prem 🡪 | A+ | A | URL1 | Y | Y | Access Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.1 | d | E4 | On-Prem 🡪 | A+ | A | URL1 | Y | Y | Access Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.1 | e | E4 | On-Prem 🡪 | A- | A | --- | Y | --- | Access Not Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.1 | f | E5 | On-Prem 🡪 | A+ | A | URL1 | Y | N | Access Not Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.1 | g | E5 | On-Prem 🡪 | A+ | A | URL2 | Y | N | Access Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.1 | h | E5 | On-Prem 🡪 | A+ | A | URL1 | Y | Y | Access Not Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.1 | i | E5 | On-Prem 🡪 | A+ | A | URL1 | Y | Y | Access Not Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.1 | j | E5 | On-Prem 🡪 | A- | A | --- | Y | --- | Access Not Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.1 | k | E4 | On-Prem 🡪 | RA+ | A | URL1 | Y | --- | Access Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.1 | l | E4 | On-Prem 🡪 | RA- | A | --- | Y | --- | Access Not Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.1 | m | E4 | On-Prem 🡪 | A+ | A | URL1 | N | --- | Access Not Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.1 | n | E4 | On-Prem 🡪 | A+ | A | URL2 | N | --- | Access Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.1 | o | E5 | On-Prem 🡪 | A+ | A | URL1 | N | N | Access Not Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.1 | p | E5 | On-Prem 🡪 | A+ | A | URL2 | N | N | Access Not Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.2 | a | E4 | Branch 🡪 | A+ | A | URL1 | Y | N | Access Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.2 | b | E4 | Branch 🡪 | A+ | A | URL2 | Y | N | Access Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.2 | c | E4 | Branch 🡪 | A+ | A | URL1 | Y | Y | Access Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.2 | d | E4 | Branch 🡪 | A+ | A | URL1 | Y | Y | Access Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.2 | e | E4 | Branch 🡪 | A- | A | --- | Y | --- | Access Not Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.2 | f | E5 | Branch 🡪 | A+ | A | URL1 | Y | N | Access Not Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.2 | g | E5 | Branch 🡪 | A+ | A | URL2 | Y | N | Access Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.2 | h | E5 | Branch 🡪 | A+ | A | URL1 | Y | Y | Access Not Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.2 | i | E5 | Branch 🡪 | A+ | A | URL1 | Y | Y | Access Not Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.2 | j | E5 | Branch 🡪 | A- | A | --- | Y | --- | Access Not Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.2 | k | E4 | Branch 🡪 | RA+ | A | URL1 | Y | --- | Access Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.2 | l | E4 | Branch 🡪 | RA- | A | --- | Y | --- | Access Not Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.2 | m | E4 | Branch 🡪 | A+ | A | URL1 | N | --- | Access Not Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.2 | n | E4 | Branch 🡪 | A+ | A | URL2 | N | --- | Access Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.2 | o | E5 | Branch 🡪 | A+ | A | URL1 | N | N | Access Not Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.2 | p | E5 | Branch 🡪 | A+ | A | URL2 | N | N | Access Not Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.3 | a | E4 | Remote 🡪 | A+ | A | URL1 | Y | N | Access Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.3 | b | E4 | Remote 🡪 | A+ | A | URL2 | Y | N | Access Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.3 | c | E4 | Remote 🡪 | A+ | A | URL1 | Y | Y | Access Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.3 | d | E4 | Remote 🡪 | A+ | A | URL1 | Y | Y | Access Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.3 | e | E4 | Remote 🡪 | A- | A | --- | Y | --- | Access Not Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.3 | f | E5 | Remote 🡪 | A+ | A | URL1 | Y | N | Access Not Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.3 | g | E5 | Remote 🡪 | A+ | A | URL2 | Y | N | Access Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.3 | h | E5 | Remote 🡪 | A+ | A | URL1 | Y | Y | Access Not Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.3 | i | E5 | Remote 🡪 | A+ | A | URL1 | Y | Y | Access Not Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.3 | j | E5 | Remote 🡪 | A- | A | --- | Y | --- | Access Not Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.3 | k | E4 | Remote 🡪 | RA+ | A | URL1 | Y | --- | Access Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.3 | l | E4 | Remote 🡪 | RA- | A | --- | Y | --- | Access Not Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.3 | m | E4 | Remote 🡪 | A+ | A | URL1 | N | --- | Access Not Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.3 | n | E4 | Remote 🡪 | A+ | A | URL2 | N | --- | Access Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.3 | o | E5 | Remote 🡪 | A+ | A | URL1 | N | N | Access Not Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ | B-2.3 | p | E5 | Remote 🡪 | A+ | A | URL2 | N | N | Access Not Successful | | | | | Internet | | | | | | | +---------+---+-----+------------+----------+----+--------+-------+--------------+------------------------------------------+ Scenario B-3: Stolen credential using an enterprise endpoint ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This scenario deals with a request using a stolen credential. It does not matter if the access is performed using an enterprise endpoint. **Pre-Condition:** The requestor's credential is stolen and is used to attempt accessing the enterprise resource RSS1 using an enterprise endpoint. The endpoints are compliant and authenticated, and so is the resource. **Demonstration:** Two requests for the same enterprise resource are performed using the same user credentials. The “Real Request” is performed using the latest credentials, which are modified/replaced after being reported stolen. The “Hostile Request” is performed using a stolen enterprise-ID. All authentication methods of the Hostile Request are compromised. Re-authentication always follows a previously successful authentication. **Purpose and Outcome:** This demonstration focuses on the detection of a stolen requester's enterprise-ID and enforcement of isolation. **Table 3 - Scenario B-3 Demonstrations** +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | Demo ID | UP | Location |Auth Stat |Auth Stat | Rep. Stolen | Desired Outcome for Real Request | Desired Outcome for Hostile Request | | | | | | | | | | | | | | Real | | | | | | | | | | Hostile | | | | | | | | | | > RSS |Real Req |Hostile Req | | | | +=========+===+====+=============+==========+=============+=============+==================================+=====================================+ | B-3.1 | a | E6 | On-Prem | A+ | --- | N | Access Successful | --- | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.1 | b | E6 | On-Prem | A- | --- | N | Access Not Successful | --- | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.1 | c | E6 | On-Prem | A | A+ | N | Change to Access Limited | Access Not Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.1 | d | E6 | On-Prem | A | A- | N | Keep Access | Access Not Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.1 | e | E6 | On-Prem | --- | A+ | N | --- | Access Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.1 | f | E6 | On-Prem | --- | A- | N | --- | Access Not Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.1 | g | E6 | On-Prem | A+ | A | N | Access Not Successful | Change to Access Limited | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.1 | h | E6 | On-Prem | A- | A | N | Access Not Successful | Keep Access | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.1 | i | E7 | On-Prem | A+ | --- | Y | Access Successful | --- | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.1 | j | E7 | On-Prem | A | A- | Y | Keep Access | Access Not Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.1 | k | E7 | On-Prem | --- | A- | Y | --- | Access Not Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.1 | l | E7 | On-Prem | RA+ | --- | Y | Access Successful | --- | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.1 | m | E7 | On-Prem | --- | RA- | Y | --- | Access Not Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.1 | n | E7 | On-Prem | --- | A | Y | --- | All Sessions Terminated | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.1 | o | E7 | On-Prem | A | --- | Y | All Sessions Terminated | --- | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.2 | a | E6 | On-Prem | A+ | --- | N | Access Successful | --- | | | | | | | | | | | | | | | | Branch 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.2 | b | E6 | On-Prem | A- | --- | N | Access Not Successful | --- | | | | | | | | | | | | | | | | Branch 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.2 | c | E6 | On-Prem | A | A+ | N | Change to Access Limited | Access Not Successful | | | | | | | | | | | | | | | | Branch 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.2 | d | E6 | On-Prem | A | A- | N | Keep Access | Access Not Successful | | | | | | | | | | | | | | | | Branch 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.2 | e | E6 | On-Prem | --- | A+ | N | --- | Access Successful | | | | | | | | | | | | | | | | Branch 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.2 | f | E6 | On-Prem | --- | A- | N | --- | Access Not Successful | | | | | | | | | | | | | | | | Branch 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.2 | g | E6 | On-Prem | A+ | A | N | Access Not Successful | Change to Access Limited | | | | | | | | | | | | | | | | Branch 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.2 | h | E6 | On-Prem | A- | A | N | Access Not Successful | Keep Access | | | | | | | | | | | | | | | | Branch 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.2 | i | E7 | On-Prem | A+ | --- | Y | Access Successful | --- | | | | | | | | | | | | | | | | Branch 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.2 | j | E7 | On-Prem | A | A- | Y | Keep Access | Access Not Successful | | | | | | | | | | | | | | | | Branch 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.2 | k | E7 | On-Prem | --- | A- | Y | --- | Access Not Successful | | | | | | | | | | | | | | | | Branch 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.2 | l | E7 | On-Prem | RA+ | --- | Y | Access Successful | --- | | | | | | | | | | | | | | | | Branch 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.2 | m | E7 | On-Prem | --- | RA- | Y | --- | Access Not Successful | | | | | | | | | | | | | | | | Branch 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.2 | n | E7 | On-Prem | --- | A | Y | --- | Change to Access Limited | | | | | | | | | | | | | | | | Branch 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.2 | o | E7 | On-Prem | A | --- | Y | Change to Access Limited | --- | | | | | | | | | | | | | | | | Branch 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.3 | a | E6 | Branch | A+ | --- | N | Access Successful | --- | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.3 | b | E6 | Branch | A- | --- | N | Access Not Successful | --- | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.3 | c | E6 | Branch | A | A+ | N | Change to Access Limited | Access Not Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.3 | d | E6 | Branch | A | A- | N | Keep Access | Access Not Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.3 | e | E6 | Branch | --- | A+ | N | --- | Access Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.3 | f | E6 | Branch | --- | A- | N | --- | Access Not Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.3 | g | E6 | Branch | A+ | A | N | Access Not Successful | Change to Access Limited | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.3 | h | E6 | Branch | A- | A | N | Access Not Successful | Keep Access | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.3 | i | E7 | Branch | A+ | --- | Y | Access Successful | --- | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.3 | j | E7 | Branch | A | A- | Y | Keep Access | Access Not Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.3 | k | E7 | Branch | --- | A- | Y | --- | Access Not Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.3 | l | E7 | Branch | RA+ | --- | Y | Access Successful | --- | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.3 | m | E7 | Branch | --- | RA- | Y | --- | Access Not Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.3 | n | E7 | Branch | --- | A | Y | --- | Change to Access Limited | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.3 | o | E7 | Branch | A | --- | Y | Change to Access Limited | --- | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | | | | | | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.4 | a | E6 | Remote | A+ | --- | N | Access Successful | --- | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.4 | b | E6 | Remote | A- | --- | N | Access Not Successful | --- | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.4 | c | E6 | Remote | A | A+ | N | Change to Access Limited | Access Not Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.4 | d | E6 | Remote | A | A- | N | Keep Access | Access Not Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.4 | e | E6 | Remote | --- | A+ | N | --- | Access Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.4 | f | E6 | Remote | --- | A- | N | --- | Access Not Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.4 | g | E6 | Remote | A+ | A | N | Access Not Successful | Change to Access Limited | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.4 | h | E6 | Remote | A- | A | N | Access Not Successful | Keep Access | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.4 | i | E7 | Remote | A+ | --- | Y | Access Successful | --- | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.4 | j | E7 | Remote | A | A- | Y | Keep Access | Access Not Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.4 | k | E7 | Remote | --- | A- | Y | --- | Access Not Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.4 | l | E7 | Remote | RA+ | --- | Y | Access Successful | --- | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.4 | m | E7 | Remote | --- | RA- | Y | --- | Access Not Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.4 | n | E7 | Remote | --- | A | Y | --- | Change to Access Limited | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.4 | o | E7 | Remote | A | --- | Y | Change to Access Limited | --- | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.5 | a | E6 | On-Prem | A+ | --- | N | Access Successful | --- | | | | | | | | | | | | | | | | Remote 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.5 | b | E6 | On-Prem | A- | --- | N | Access Not Successful | --- | | | | | | | | | | | | | | | | Remote 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.5 | c | E6 | On-Prem | A | A+ | N | Change to Access Limited | Access Not Successful | | | | | | | | | | | | | | | | Remote 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.5 | d | E6 | On-Prem | A | A- | N | Keep Access | Access Not Successful | | | | | | | | | | | | | | | | Remote 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.5 | e | E6 | On-Prem | --- | A+ | N | --- | Access Successful | | | | | | | | | | | | | | | | Remote 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.5 | f | E6 | On-Prem | --- | A- | N | --- | Access Not Successful | | | | | | | | | | | | | | | | Remote 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.5 | g | E6 | On-Prem | A+ | A | N | Access Not Successful | Change to Access Limited | | | | | | | | | | | | | | | | Remote 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.5 | h | E6 | On-Prem | A- | A | N | Access Not Successful | Keep Access | | | | | | | | | | | | | | | | Remote 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.5 | i | E7 | On-Prem | A+ | --- | Y | Access Successful | --- | | | | | | | | | | | | | | | | Remote 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.5 | j | E7 | On-Prem | A | A- | Y | Keep Access | Access Not Successful | | | | | | | | | | | | | | | | Remote 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.5 | k | E7 | On-Prem | --- | A- | Y | --- | Access Not Successful | | | | | | | | | | | | | | | | Remote 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.5 | l | E7 | On-Prem | RA+ | --- | Y | Access Successful | --- | | | | | | | | | | | | | | | | Remote 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.5 | m | E7 | On-Prem | --- | RA- | Y | --- | Access Not Successful | | | | | | | | | | | | | | | | Remote 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.5 | n | E7 | On-Prem | --- | A | Y | --- | Change to Access Limited | | | | | | | | | | | | | | | | Remote 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-3.5 | o | E7 | On-Prem | A | --- | Y | Change to Access Limited | --- | | | | | | | | | | | | | | | | Remote 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+----------+-------------+-------------+----------------------------------+-------------------------------------+ Scenario B-4: Full/limited resource access using BYOD ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This scenario deals with requests using different Enterprise-ID profiles, one with access to all provided resources and one with access to a limited set of resources (e.g., only RSS1 but not RSS2) or limited functionality while accessing an enterprise-controlled resource (e.g., read-only vs. read/write). In this scenario, the device used is BYOD. **Pre-Condition:** The enterprise provides multiple User accounts with different access levels. The P_FULL access profile specifies access to either all resources (RSS) within the enterprise and/or all capabilities (CAP) of resources within the enterprise. Additionally, the P_LIMITED access profile specifies access to either a subset of the resources and/or limited functionality of each resource. Both endpoints' compliance (Compl) is already verified, and systems are authenticated per demonstration policy. **Demonstration:** Each requestor using an enterprise-ID will attempt to successfully access an enterprise resource or a functionality of an enterprise resource. **Purpose and Outcome:** This demonstration focuses on user privilege, authentication/re-authentication, the endpoint and RSS location, and the compliance of endpoints. **Table 4 - Scenario B-4 Demonstrations** +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | Demo ID | UP | Location |Auth |Auth|Auth | Access |Compl |Compl| Desired Outcome | | | | |Stat |Stat|Stat | |EP |RSS | | | | | Req. > RSS |User |EP |RSS | | | | | +=========+===+====+============+==========+====+=====+========+=======+=====+======================+ | B-4.1 | a | E1 | On-Prem 🡪 | A+ | A | A | RSS1 | Y | Y | Access Successful | | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.1 | b | E1 | On-Prem 🡪 | A+ | A | A | RSS2 | Y | Y | Access Successful | | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.1 | c | E1 | On-Prem 🡪 | A- | A | --- | --- | Y | --- | Access Not Successful| | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.1 | d | E2 | On-Prem 🡪 | A+ | A | A | RSS1 | Y | Y | Access Not Successful| | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.1 | e | E2 | On-Prem 🡪 | A+ | A | A | RSS2 | Y | Y | Access Successful | | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.1 | f | E2 | On-Prem 🡪 | A- | A | --- | --- | Y | --- | Access Not Successful| | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.1 | g | E3 | On-Prem 🡪 | A- | A | --- | --- | Y | --- | Access Not Successful| | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.1 | h | E1 | On-Prem 🡪 | RA+ | A | A | RSS1 | Y | Y | Access Successful | | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.1 | i | E1 | On-Prem 🡪 | RA- | A | --- | --- | Y | --- | Access Not Successful| | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.1 | j | E1 | On-Prem 🡪 | RA+ | A | A | RSS1 | N | Y | Access Not Successful| | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.1 | k | E1 | On-Prem 🡪 | RA+ | A | A | RSS2 | N | Y | Access Limited | | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.1 | l | E1 | On-Prem 🡪 | A+ | A | A | RSS1 | N | Y | Access Not Successful| | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.1 | m | E1 | On-Prem 🡪 | A+ | A | A | RSS2 | N | Y | Access Limited | | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.1 | n | E1 | On-Prem 🡪 | A+ | A | A | RSS1 | Y | N | Access Not Successful| | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.1 | o | E1 | On-Prem 🡪 | A+ | A | A | RSS2 | Y | N | Access Not Successful| | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.1 | p | E2 | On-Prem 🡪 | A+ | A | A | RSS2 | Y | N | Access Not Successful| | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.2 | a | E1 | Branch 🡪 | A+ | A | A | RSS1 | Y | Y | Access Successful | | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.2 | b | E1 | Branch 🡪 | A+ | A | A | RSS2 | Y | Y | Access Successful | | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.2 | c | E1 | Branch 🡪 | A- | A | --- | --- | Y | --- | Access Not Successful| | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.2 | d | E2 | Branch 🡪 | A+ | A | A | RSS1 | Y | Y | Access Not Successful| | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.2 | e | E2 | Branch 🡪 | A+ | A | A | RSS2 | Y | Y | Access Successful | | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.2 | f | E2 | Branch 🡪 | A- | A | --- | --- | Y | --- | Access Not Successful| | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.2 | g | E3 | Branch 🡪 | A- | A | --- | --- | Y | --- | Access Not Successful| | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.2 | h | E1 | Branch 🡪 | RA+ | A | A | RSS1 | Y | Y | Access Successful | | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.2 | i | E1 | Branch 🡪 | RA- | A | --- | --- | Y | --- | Access Not Successful| | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.2 | j | E1 | Branch 🡪 | RA+ | A | A | RSS1 | N | Y | Access Not Successful| | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.2 | k | E1 | Branch 🡪 | RA+ | A | A | RSS2 | N | Y | Access Limited | | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.2 | l | E1 | Branch 🡪 | A+ | A | A | RSS1 | N | Y | Access Not Successful| | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.2 | m | E1 | Branch 🡪 | A+ | A | A | RSS2 | N | Y | Access Limited | | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.2 | n | E1 | Branch 🡪 | A+ | A | A | RSS1 | Y | N | Access Not Successful| | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.2 | o | E1 | Branch 🡪 | A+ | A | A | RSS2 | Y | N | Access Not Successful| | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.2 | p | E2 | Branch 🡪 | A+ | A | A | RSS2 | Y | N | Access Not Successful| | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.3 | a | E1 | Remote 🡪 | A+ | A | A | RSS1 | Y | Y | Access Successful | | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.3 | b | E1 | Remote 🡪 | A+ | A | A | RSS2 | Y | Y | Access Successful | | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.3 | c | E1 | Remote 🡪 | A- | A | --- | --- | Y | --- | Access Not Successful| | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.3 | d | E2 | Remote 🡪 | A+ | A | A | RSS1 | Y | Y | Access Not Successful| | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.3 | e | E2 | Remote 🡪 | A+ | A | A | RSS2 | Y | Y | Access Successful | | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.2 | f | E2 | Remote 🡪 | A- | A | --- | --- | Y | --- | Access Not Successful| | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.3 | g | E3 | Remote 🡪 | A- | A | --- | --- | Y | --- | Access Not Successful| | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.3 | h | E1 | Remote 🡪 | RA+ | A | A | RSS1 | Y | Y | Access Successful | | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.3 | i | E1 | Remote 🡪 | RA- | A | --- | --- | Y | --- | Access Not Successful| | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.3 | j | E1 | Remote 🡪 | RA+ | A | A | RSS1 | N | Y | Access Not Successful| | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.3 | k | E1 | Remote 🡪 | RA+ | A | A | RSS2 | N | Y | Access Limited | | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.3 | l | E1 | Remote 🡪 | A+ | A | A | RSS1 | N | Y | Access Not Successful| | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.3 | m | E1 | Remote 🡪 | A+ | A | A | RSS2 | N | Y | Access Limited | | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.3 | n | E1 | Remote 🡪 | A+ | A | A | RSS1 | Y | N | Access Not Successful| | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.3 | o | E1 | Remote 🡪 | A+ | A | A | RSS2 | Y | N | Access Not Successful| | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.3 | p | E2 | Remote 🡪 | A+ | A | A | RSS2 | Y | N | Access Not Successful| | | | | On-Prem | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.4 | a | E1 | On-Prem 🡪 | A+ | A | A | RSS1 | Y | Y | Access Successful | | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.4 | b | E1 | On-Prem 🡪 | A+ | A | A | RSS2 | Y | Y | Access Successful | | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.4 | c | E1 | On-Prem 🡪 | A- | A | --- | --- | Y | --- | Access Not Successful| | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.4 | d | E2 | On-Prem 🡪 | A+ | A | A | RSS1 | Y | Y | Access Not Successful| | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.4 | e | E2 | On-Prem 🡪 | A+ | A | A | RSS2 | Y | Y | Access Successful | | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.4 | f | E2 | On-Prem 🡪 | A- | A | --- | --- | Y | --- | Access Not Successful| | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.4 | g | E3 | On-Prem 🡪 | A- | A | --- | --- | Y | --- | Access Not Successful| | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.4 | h | E1 | On-Prem 🡪 | RA+ | A | A | RSS1 | Y | Y | Access Successful | | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.4 | i | E1 | On-Prem 🡪 | RA- | A | --- | --- | Y | --- | Access Not Successful| | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.4 | j | E1 | On-Prem 🡪 | RA+ | A | A | RSS1 | N | Y | Access Not Successful| | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.4 | k | E1 | On-Prem 🡪 | RA+ | A | A | RSS2 | N | Y | Access Limited | | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.4 | l | E1 | On-Prem 🡪 | A+ | A | A | RSS1 | N | Y | Access Not Successful| | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.4 | m | E1 | On-Prem 🡪 | A+ | A | A | RSS2 | N | Y | Access Limited | | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.4 | n | E1 | On-Prem 🡪 | A+ | A | A | RSS1 | Y | N | Access Not Successful| | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.4 | o | E1 | On-Prem 🡪 | A+ | A | A | RSS2 | Y | N | Access Not Successful| | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.4 | p | E2 | On-Prem 🡪 | A+ | A | A | RSS2 | Y | N | Access Not Successful| | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.5 | a | E1 | Branch 🡪 | A+ | A | A | RSS1 | Y | Y | Access Successful | | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.5 | b | E1 | Branch 🡪 | A+ | A | A | RSS2 | Y | Y | Access Successful | | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.5 | c | E1 | Branch 🡪 | A- | A | --- | --- | Y | --- | Access Not Successful| | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.5 | d | E2 | Branch 🡪 | A+ | A | A | RSS1 | Y | Y | Access Not Successful| | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.5 | e | E2 | Branch 🡪 | A+ | A | A | RSS2 | Y | Y | Access Successful | | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.5 | f | E2 | Branch 🡪 | A- | A | --- | --- | Y | --- | Access Not Successful| | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.5 | g | E3 | Branch 🡪 | A- | A | --- | --- | Y | --- | Access Not Successful| | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.5 | h | E1 | Branch 🡪 | RA+ | A | A | RSS1 | Y | Y | Access Successful | | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.5 | i | E1 | Branch 🡪 | RA- | A | --- | --- | Y | --- | Access Not Successful| | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.5 | j | E1 | Branch 🡪 | RA+ | A | A | RSS1 | N | Y | Access Not Successful| | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.5 | k | E1 | Branch 🡪 | RA+ | A | A | RSS2 | N | Y | Access Limited | | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.5 | l | E1 | Branch 🡪 | A+ | A | A | RSS1 | N | Y | Access Not Successful| | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.5 | m | E1 | Branch 🡪 | A+ | A | A | RSS2 | N | Y | Access Limited | | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.5 | | | Branch 🡪 | | | | | | | | | | n | E1 | Cloud | A+ | A | A | RSS1 | Y | N | Access Not Successful| +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.5 | o | E1 | Branch 🡪 | A+ | A | A | RSS2 | Y | N | Access Not Successful| | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.5 | p | E2 | Branch 🡪 | A+ | A | A | RSS2 | Y | N | Access Not Successful| | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.6 | a | E1 | Remote 🡪 | A+ | A | A | RSS1 | Y | Y | Access Successful | | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.6 | b | E1 | Branch 🡪 | A+ | A | A | RSS2 | Y | Y | Access Successful | | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.6 | c | E1 | Branch 🡪 | A- | A | --- | --- | Y | --- | Access Not Successful| | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.6 | d | E2 | Branch 🡪 | A+ | A | A | RSS1 | Y | Y | Access Not Successful| | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.6 | e | E2 | Branch 🡪 | A+ | A | A | RSS2 | Y | Y | Access Successful | | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.6 | f | E2 | Branch 🡪 | A- | A | --- | --- | Y | --- | Access Not Successful| | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.6 | g | E3 | Branch 🡪 | A- | A | --- | --- | Y | --- | Access Not Successful| | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.6 | h | E1 | Branch 🡪 | RA+ | A | A | RSS1 | Y | Y | Access Successful | | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.6 | i | E1 | Branch 🡪 | RA- | A | --- | --- | Y | --- | Access Not Successful| | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.6 | j | E1 | Branch 🡪 | RA+ | A | A | RSS1 | N | Y | Access Not Successful| | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.6 | k | E1 | Branch 🡪 | RA+ | A | A | RSS2 | N | Y | Access Limited | | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.6 | l | E1 | Branch 🡪 | A+ | A | A | RSS1 | N | Y | Access Not Successful| | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.6 | m | E1 | Branch 🡪 | A+ | A | A | RSS2 | N | Y | Access Limited | | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.6 | n | E1 | Branch 🡪 | A+ | A | A | RSS1 | Y | N | Access Not Successful| | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.6 | o | E1 | Branch 🡪 | A+ | A | A | RSS2 | Y | N | Access Not Successful| | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ | B-4.6 | p | E2 | Branch 🡪 | A+ | A | A | RSS2 | Y | N | Access Not Successful| | | | | Cloud | | | | | | | | +---------+---+----+------------+----------+----+-----+--------+-------+-----+----------------------+ Scenario B-5: Full/limited internet access based on ID attributes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This scenario deals with access from an enterprise-owned device to non-enterprise-managed internet resources using different Enterprise-ID profiles: one with access to the internet, one with limited access to the internet, and one with no access to the internet. **Pre-Condition:** The enterprise provides multiple user accounts with different access levels to the internet. Internet access will be performed using an enterprise-owned endpoint. RSS types are OK for approved and not OK for not-approved internet resources. The approval depends on the user's policy. User endpoints are checked for compliance (Compl) per demonstration policy. **Demonstration:** Each requestor using an enterprise-ID will attempt to successfully access a non-enterprise resource. **Purpose and Outcome:** This demonstration focuses on the endpoint location and the resource location. **Table 5 - Scenario B-5 Demonstrations** +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | Demo ID | UP | Location |Auth |Auth| Access |Compl |Compl | Desired Outcome | | | | |Stat |Stat| |EP |Out of Hours | | | | | Req. > RSS |User |EP | | | | | +=========+===+====+============+===========+====+========+=======+==============+========================+ | B-5.1 | a | E4 | On-Prem 🡪 | A+ | A | URL1 | Y | N | Access Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.1 | b | E4 | On-Prem 🡪 | A+ | A | URL2 | Y | N | Access Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.1 | c | E4 | On-Prem 🡪 | A+ | A | URL1 | Y | Y | Access Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.1 | d | E4 | On-Prem 🡪 | A+ | A | URL1 | Y | Y | Access Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.1 | e | E4 | On-Prem 🡪 | A- | A | --- | Y | --- | Access Not Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.1 | f | E5 | On-Prem 🡪 | A+ | A | URL1 | Y | N | Access Not Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.1 | g | E5 | On-Prem 🡪 | A+ | A | URL2 | Y | N | Access Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.1 | h | E5 | On-Prem 🡪 | A+ | A | URL1 | Y | Y | Access Not Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.1 | i | E5 | On-Prem 🡪 | A+ | A | URL1 | Y | Y | Access Not Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.1 | j | E5 | On-Prem 🡪 | A- | A | --- | Y | --- | Access Not Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.1 | k | E4 | On-Prem 🡪 | RA+ | A | URL1 | Y | --- | Access Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.1 | l | E4 | On-Prem 🡪 | RA- | A | --- | Y | --- | Access Not Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.1 | m | E4 | On-Prem 🡪 | A+ | A | URL1 | N | --- | Access Not Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.1 | n | E4 | On-Prem 🡪 | A+ | A | URL2 | N | --- | Access Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.1 | o | E5 | On-Prem 🡪 | A+ | A | URL1 | N | N | Access Not Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.1 | p | E5 | On-Prem 🡪 | A+ | A | URL2 | N | N | Access Not Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.2 | a | E4 | Branch 🡪 | A+ | A | URL1 | Y | N | Access Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.2 | b | E4 | Branch 🡪 | A+ | A | URL2 | Y | N | Access Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.2 | c | E4 | Branch 🡪 | A+ | A | URL1 | Y | Y | Access Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.2 | d | E4 | Branch 🡪 | A+ | A | URL1 | Y | Y | Access Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.2 | e | E4 | Branch 🡪 | A- | A | --- | Y | --- | Access Not Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.2 | f | E5 | Branch 🡪 | A+ | A | URL1 | Y | N | Access Not Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.2 | g | E5 | Branch 🡪 | A+ | A | URL2 | Y | N | Access Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.2 | h | E5 | Branch 🡪 | A+ | A | URL1 | Y | Y | Access Not Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.2 | i | E5 | Branch 🡪 | A+ | A | URL1 | Y | Y | Access Not Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.2 | j | E5 | Branch 🡪 | A- | A | --- | Y | --- | Access Not Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.2 | k | E4 | Branch 🡪 | RA+ | A | URL1 | Y | --- | Access Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.2 | l | E4 | Branch 🡪 | RA- | A | --- | Y | --- | Access Not Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.2 | m | E4 | Branch 🡪 | A+ | A | URL1 | N | --- | Access Not Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.2 | n | E4 | Branch 🡪 | A+ | A | URL2 | N | --- | Access Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.2 | o | E5 | Branch 🡪 | A+ | A | URL1 | N | N | Access Not Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.2 | p | E5 | Branch 🡪 | A+ | A | URL2 | N | N | Access Not Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.3 | a | E4 | Remote 🡪 | A+ | A | URL1 | Y | N | Access Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.3 | b | E4 | Remote 🡪 | A+ | A | URL2 | Y | N | Access Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.3 | c | E4 | Remote 🡪 | A+ | A | URL1 | Y | Y | Access Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.3 | d | E4 | Remote 🡪 | A+ | A | URL1 | Y | Y | Access Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.3 | e | E4 | Remote 🡪 | A- | A | --- | Y | --- | Access Not Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.3 | f | E5 | Remote 🡪 | A+ | A | URL1 | Y | N | Access Not Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.3 | g | E5 | Remote 🡪 | A+ | A | URL2 | Y | N | Access Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.3 | h | E5 | Remote 🡪 | A+ | A | URL1 | Y | Y | Access Not Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.3 | i | E5 | Remote 🡪 | A+ | A | URL1 | Y | Y | Access Not Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.3 | j | E5 | Remote 🡪 | A- | A | --- | Y | --- | Access Not Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.3 | k | E4 | Remote 🡪 | RA+ | A | URL1 | Y | --- | Access Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.3 | l | E4 | Remote 🡪 | RA- | A | --- | Y | --- | Access Not Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.3 | m | E4 | Remote 🡪 | A+ | A | URL1 | N | --- | Access Not Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.3 | n | E4 | Remote 🡪 | A+ | A | URL2 | N | --- | Access Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.3 | o | E5 | Remote 🡪 | A+ | A | URL1 | N | N | Access Not Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ | B-5.3 | p | E5 | Remote 🡪 | A+ | A | URL2 | N | N | Access Not Successful | | | | | Internet | | | | | | | +---------+---+----+------------+-----------+----+--------+-------+--------------+------------------------+ Scenario B-6: Stolen credential using BYOD ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This scenario deals with a request using a stolen credential. It does not matter if the access is performed using an enterprise endpoint or BYOD device. **Pre-Condition:** The requestor's credential is stolen and is used to attempt accessing the enterprise resource RSS1 using an enterprise endpoint. The endpoints are compliant and authenticated, and so is the resource. **Demonstration:** Two requests for the same enterprise resource are performed using the same user credentials. The “Real Request” is performed using the latest credentials, which are modified/replaced after being reported stolen, and that request can succeed. The “Hostile Request” is performed using a stolen enterprise-ID. All authentication methods are compromised for the Hostile Request. Re-authentication always follows a previously successful authentication. **Purpose and Outcome:** This demonstration focuses on the detection of a stolen enterprise-ID and enforcement of isolation. **Table 6 - Scenario B-6 Demonstrations** +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | Demo ID | UP | Location |Auth Stat |Auth Stat | Rep. Stolen | Desired Outcome for Real Request | Desired Outcome for Hostile Request | | | | |Real Req |Hostile Req | | | | | | | | Real | | | | | | | | | | Hostile | | | | | | | | | | > RSS | | | | | | +=========+===+====+=============+===========+=============+=============+==================================+=====================================+ | B-6.1 | a | E6 | On-Prem | A+ | --- | N | Access Successful | --- | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.1 | b | E6 | On-Prem | A- | --- | N | Access Not Successful | --- | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.1 | c | E6 | On-Prem | A | A+ | N | Change to Access Limited | Access Not Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.1 | d | E6 | On-Prem | A | A- | N | Keep Access | Access Not Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.1 | e | E6 | On-Prem | --- | A+ | N | --- | Access Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.1 | f | E6 | On-Prem | --- | A- | N | --- | Access Not Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.1 | g | E6 | On-Prem | A+ | A | N | Access Not Successful | Change to Access Limited | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.1 | h | E6 | On-Prem | A- | A | N | Access Not Successful | Keep Access | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.1 | i | E6 | On-Prem | A+ | --- | Y | Access Successful | --- | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.1 | j | E6 | On-Prem | A | A- | Y | Keep Access | Access Not Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.1 | k | E6 | On-Prem | --- | A- | Y | --- | Access Not Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.1 | l | E6 | On-Prem | RA+ | --- | Y | Access Successful | --- | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.1 | m | E6 | On-Prem | --- | RA- | Y | --- | Access Not Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.1 | n | E6 | On-Prem | --- | A | Y | --- | All Sessions Terminated | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.1 | o | E6 | On-Prem | A | --- | Y | All Sessions Terminated | --- | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.2 | a | E6 | On-Prem | A+ | --- | N | Access Successful | --- | | | | | | | | | | | | | | | | Branch 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.2 | b | E6 | On-Prem | A- | --- | N | Access Not Successful | --- | | | | | | | | | | | | | | | | Branch 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.2 | c | E6 | On-Prem | A | A+ | N | Change to Access Limited | Access Not Successful | | | | | | | | | | | | | | | | Branch 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.2 | d | E6 | On-Prem | A | A- | N | Keep Access | Access Not Successful | | | | | | | | | | | | | | | | Branch 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.2 | e | E6 | On-Prem | --- | A+ | N | --- | Access Successful | | | | | | | | | | | | | | | | Branch 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.2 | f | E6 | On-Prem | --- | A- | N | --- | Access Not Successful | | | | | | | | | | | | | | | | Branch 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.2 | g | E6 | On-Prem | A+ | A | N | Access Not Successful | Change to Access Limited | | | | | | | | | | | | | | | | Branch 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.2 | h | E6 | On-Prem | A- | A | N | Access Not Successful | Keep Access | | | | | | | | | | | | | | | | Branch 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.2 | i | E7 | On-Prem | A+ | --- | Y | Access Successful | --- | | | | | | | | | | | | | | | | Branch 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.2 | j | E7 | On-Prem | A | A- | Y | Keep Access | Access Not Successful | | | | | | | | | | | | | | | | Branch 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.2 | k | E7 | On-Prem | --- | A- | Y | --- | Access Not Successful | | | | | | | | | | | | | | | | Branch 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.2 | l | E7 | On-Prem | RA+ | --- | Y | Access Successful | --- | | | | | | | | | | | | | | | | Branch 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.2 | m | E7 | On-Prem | --- | RA- | Y | --- | Access Not Successful | | | | | | | | | | | | | | | | Branch 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.2 | n | E7 | On-Prem | --- | A | Y | --- | Change to Access Limited | | | | | | | | | | | | | | | | Branch 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+ +-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.2 | o | E7 | On-Prem | A | --- | Y | Change to Access Limited | --- | | | | | | | | | | | | | | | | Branch 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.3 | a | E6 | Branch | A+ | --- | N | Access Successful | --- | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.3 | b | E6 | Branch | A- | --- | N | Access Not Successful | --- | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.3 | c | E6 | Branch | A | A+ | N | Change to Access Limited | Access Not Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.3 | d | E6 | Branch | A | A- | N | Keep Access | Access Not Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.3 | e | E6 | Branch | --- | A+ | N | --- | Access Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.3 | f | E6 | Branch | --- | A- | N | --- | Access Not Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.3 | g | E6 | Branch | A+ | A | N | Access Not Successful | Change to Access Limited | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.3 | h | E6 | Branch | A- | A | N | Access Not Successful | Keep Access | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.3 | i | E7 | Branch | A+ | --- | Y | Access Successful | --- | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.3 | j | E7 | Branch | A | A- | Y | Keep Access | Access Not Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.3 | k | E7 | Branch | --- | A- | Y | --- | Access Not Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.3 | l | E7 | Branch | RA+ | --- | Y | Access Successful | --- | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.3 | m | E7 | Branch | --- | RA- | Y | --- | Access Not Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.3 | n | E7 | Branch | --- | A | Y | --- | Change to Access Limited | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.3 | o | E7 | Branch | A | --- | Y | Change to Access Limited | --- | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.4 | a | E6 | Remote | A+ | --- | N | Access Successful | --- | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.4 | b | E6 | Remote | A- | --- | N | Access Not Successful | --- | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.4 | c | E6 | Remote | A | A+ | N | Change to Access Limited | Access Not Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.4 | d | E6 | Remote | A | A- | N | Keep Access | Access Not Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.4 | e | E6 | Remote | --- | A+ | N | --- | Access Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.4 | f | E6 | Remote | --- | A- | N | --- | Access Not Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.4 | g | E6 | Remote | A+ | A | N | Access Not Successful | Change to Access Limited | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.4 | h | E6 | Remote | A- | A | N | Access Not Successful | Keep Access | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.4 | i | E7 | Remote | A+ | --- | Y | Access Successful | --- | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.4 | j | E7 | Remote | A | A- | Y | Keep Access | Access Not Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.4 | k | E7 | Remote | --- | A- | Y | --- | Access Not Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.4 | l | E7 | Remote | RA+ | --- | Y | Access Successful | --- | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.4 | m | E7 | Remote | --- | RA- | Y | --- | Access Not Successful | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.4 | n | E7 | Remote | --- | A | Y | --- | Change to Access Limited | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.4 | o | E7 | Remote | A | --- | Y | Change to Access Limited | --- | | | | | | | | | | | | | | | | On-Prem 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.5 | a | E6 | On-Prem | A+ | --- | N | Access Successful | --- | | | | | | | | | | | | | | | | Remote 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.5 | b | E6 | On-Prem | A- | --- | N | Access Not Successful | --- | | | | | | | | | | | | | | | | Remote 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.5 | c | E6 | On-Prem | A | A+ | N | Change to Access Limited | Access Not Successful | | | | | | | | | | | | | | | | Remote 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.5 | d | E6 | On-Prem | A | A- | N | Keep Access | Access Not Successful | | | | | | | | | | | | | | | | Remote 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.5 | e | E6 | On-Prem | --- | A+ | N | --- | Access Successful | | | | | | | | | | | | | | | | Remote 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.5 | f | E6 | On-Prem | --- | A- | N | --- | Access Not Successful | | | | | | | | | | | | | | | | Remote 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.5 | g | E6 | On-Prem | A+ | A | N | Access Not Successful | Change to Access Limited | | | | | | | | | | | | | | | | Remote 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.5 | h | E6 | On-Prem | A- | A | N | Access Not Successful | Keep Access | | | | | | | | | | | | | | | | Remote 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.5 | i | E7 | On-Prem | A+ | --- | Y | Access Successful | --- | | | | | | | | | | | | | | | | Remote 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.5 | j | E7 | On-Prem | A | A- | Y | Keep Access | Access Not Successful | | | | | | | | | | | | | | | | Remote 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.5 | k | E7 | On-Prem | --- | A- | Y | --- | Access Not Successful | | | | | | | | | | | | | | | | Remote 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.5 | l | E7 | On-Prem | RA+ | --- | Y | Access Successful | --- | | | | | | | | | | | | | | | | Remote 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.5 | m | E7 | On-Prem | --- | RA- | Y | --- | Access Not Successful | | | | | | | | | | | | | | | | Remote 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.5 | n | E7 | On-Prem | --- | A | Y | --- | Change to Access Limited | | | | | | | | | | | | | | | | Remote 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ | B-6.5 | o | E7 | On-Prem | A | --- | Y | Change to Access Limited | --- | | | | | | | | | | | | | | | | Remote 🡪 | | | | | | | | | | | | | | | | | | | | On-Prem | | | | | | +---------+---+----+-------------+-----------+-------------+-------------+----------------------------------+-------------------------------------+ Scenario B-7: Just-in-Time Access Privileges ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In this demonstration, an enterprise provisions access privileges to a resource based on a single business process flow. Temporary privileges are granted to perform a portion of a business process, then revoked when the process is complete. **Pre-Condition**: There are no active sessions from a subject to the resource. Both the subject endpoint and resource are in compliance with enterprise security posture or expected to be in compliance after the session is completed. **Demonstration**: A subject is granted privileges to access a resource. The subject then establishes a session with an endpoint to perform some administrative task, then closes the connection. Privilege to access that resource is then removed. **Purpose and Outcome**: The enterprise can provide just-in-time (JIT) access privileges to resources. **Table 7 - Scenario B-7 Demonstrations** +---------+----+------------------+-------------------+-------------------+-----------------------------+ | Demo ID | Subject Location | Resource Location | Priv. Provisioned | Desired Outcome | +=========+====+==================+===================+===================+=============================+ | B-7.1 | a | On-Prem | On-Prem | No | Access Not Successful | +---------+----+------------------+-------------------+-------------------+-----------------------------+ | B-7.1 | b | On-Prem | On-Prem | Yes | Access Successful | +---------+----+------------------+-------------------+-------------------+-----------------------------+ | B-7.1 | c | On-Prem | Branch | No | Access Not Successful | +---------+----+------------------+-------------------+-------------------+-----------------------------+ | B-7.1 | d | On-Prem | Branch | Yes | Access Successful | +---------+----+------------------+-------------------+-------------------+-----------------------------+ | B-7.1 | e | On-Prem | Remote | No | Access Not Successful | +---------+----+------------------+-------------------+-------------------+-----------------------------+ | B-7.1 | f | On-Prem | Remote | Yes | Access Successful | +---------+----+------------------+-------------------+-------------------+-----------------------------+ | B-7.1 | g | On-Prem | IaaS | No | Access Not Successful | +---------+----+------------------+-------------------+-------------------+-----------------------------+ | B-7.1 | h | On-Prem | IaaS | Yes | Access Successful | +---------+----+------------------+-------------------+-------------------+-----------------------------+ | B-7.1 | i | On-Prem | PaaS | No | Access Not Successful | +---------+----+------------------+-------------------+-------------------+-----------------------------+ | B-7.1 | j | On-Prem | PaaS | Yes | Access Successful | +---------+----+------------------+-------------------+-------------------+-----------------------------+ | B-7.1 | k | On-Prem | SaaS | No | Access Not Successful | +---------+----+------------------+-------------------+-------------------+-----------------------------+ | B-7.1 | l | On-Prem | SaaS | Yes | Access Successful | +---------+----+------------------+-------------------+-------------------+-----------------------------+ | B-7.1 | m | Branch | On-Prem | No | Access Not Successful | +---------+----+------------------+-------------------+-------------------+-----------------------------+ | B-7.1 | n | Branch | On-Prem | Yes | Access Successful | +---------+----+------------------+-------------------+-------------------+-----------------------------+ | B-7.1 | o | Branch | Branch | No | Access Not Successful | +---------+----+------------------+-------------------+-------------------+-----------------------------+ | B-7.1 | p | Branch | Branch | Yes | Access Successful | +---------+----+------------------+-------------------+-------------------+-----------------------------+ | B-7.1 | q | Branch | Remote | No | Access Not Successful | +---------+----+------------------+-------------------+-------------------+-----------------------------+ | B-7.1 | r | Branch | Remote | Yes | Access Successful | +---------+----+------------------+-------------------+-------------------+-----------------------------+ | B-7.1 | s | Branch | IaaS | No | Access Not Successful | +---------+----+------------------+-------------------+-------------------+-----------------------------+ | B-7.1 | t | Branch | IaaS | Yes | Access Successful | +---------+----+------------------+-------------------+-------------------+-----------------------------+ | B-7.1 | u | Branch | PaaS | No | Access Not Successful | +---------+----+------------------+-------------------+-------------------+-----------------------------+ | B-7.1 | v | Branch | PaaS | Yes | Access Successful | +---------+----+------------------+-------------------+-------------------+-----------------------------+ | B-7.1 | w | Branch | SaaS | No | Access Not Successful | +---------+----+------------------+-------------------+-------------------+-----------------------------+ | B-7.1 | x | Branch | SaaS | Yes | Access Successful | +---------+----+------------------+-------------------+-------------------+-----------------------------+ | B-7.1 | y | Remote | On-Prem | No | Access Not Successful | +---------+----+------------------+-------------------+-------------------+-----------------------------+ | B-7.1 | z | Remote | On-Prem | Yes | Access Successful | +---------+----+------------------+-------------------+-------------------+-----------------------------+ | B-7.1 | aa | Remote | Branch | No | Access Not Successful | +---------+----+------------------+-------------------+-------------------+-----------------------------+ | B-7.1 | ab | Remote | Branch | Yes | Access Successful | +---------+----+------------------+-------------------+-------------------+-----------------------------+ | B-7.1 | ac | Remote | Remote | No | Access Not Successful | +---------+----+------------------+-------------------+-------------------+-----------------------------+ | B-7.1 | ad | Remote | Remote | Yes | Access Successful | +---------+----+------------------+-------------------+-------------------+-----------------------------+ | B-7.1 | ae | Remote | IaaS | No | Access Not Successful | +---------+----+------------------+-------------------+-------------------+-----------------------------+ | B-7.1 | af | Remote | IaaS | Yes | Access Successful | +---------+----+------------------+-------------------+-------------------+-----------------------------+ | B-7.1 | ag | Remote | PaaS | No | Access Not Successful | +---------+----+------------------+-------------------+-------------------+-----------------------------+ | B-7.1 | ah | Remote | PaaS | Yes | Access Successful | +---------+----+------------------+-------------------+-------------------+-----------------------------+ | B-7.1 | ai | Remote | SaaS | No | Access Not Successful | +---------+----+------------------+-------------------+-------------------+-----------------------------+ | B-7.1 | aj | Remote | SaaS | Yes | Access Successful | +---------+----+------------------+-------------------+-------------------+-----------------------------+ Scenario B-8: Enterprise-ID Step-Up Authentication ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In this demonstration, the subject has an open session to the resource, but requests to perform an action that requires additional authentication checks. If successful, the subject session proceeds as normal; if failed, the session is terminated. **Pre-Condition**: The subject has a current session with the resource and has successfully authenticated for the current action. The subject is authorized to perform higher security action. Both the subject endpoint and resource are in compliance with the enterprise security posture. **Demonstration**: The subject has an open session to the resource and desires to perform a different action that is considered more sensitive. The system prompts the subject to re-authenticate or perform a higher level of authentication (e.g., additional factor of MFA or similar). **Purpose and Outcome**: The system can request additional authentication mechanisms to match with an increased sensitive action during an active session. **Table 8 - Scenario B-8 Demonstrations** +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | Demo ID | Subj Type | Subject Location | Auth Success | RSS | Desired Outcome | | | | | | Loc | | +=========+===+===========+==================+==============+=========+=============================+ | B-8.1 | a | EP | On-Prem | Yes | On-Prem | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.1 | b | BYOD | On-Prem | Yes | On-Prem | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.1 | c | Guest | On-Prem | Yes | On-Prem | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.1 | d | EP | On-Prem | No | On-Prem | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.1 | e | BYOD | On-Prem | No | On-Prem | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.1 | f | Guest | On-Prem | No | On-Prem | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.1 | g | EP | Branch | Yes | On-Prem | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.1 | h | BYOD | Branch | Yes | On-Prem | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.1 | i | Guest | Branch | Yes | On-Prem | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.1 | j | EP | Branch | No | On-Prem | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.1 | k | BYOD | Branch | No | On-Prem | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.1 | l | Guest | Branch | No | On-Prem | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.1 | m | EP | Remote | Yes | On-Prem | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.1 | n | BYOD | Remote | Yes | On-Prem | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.1 | o | Guest | Remote | Yes | On-Prem | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.1 | p | EP | Remote | No | On-Prem | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.1 | q | BYOD | Remote | No | On-Prem | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.1 | r | Guest | Remote | No | On-Prem | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.2 | a | EP | On-Prem | Yes | Branch | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.2 | b | BYOD | On-Prem | Yes | Branch | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.2 | c | Guest | On-Prem | Yes | Branch | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.2 | d | EP | On-Prem | No | Branch | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.2 | e | BYOD | On-Prem | No | Branch | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.2 | f | Guest | On-Prem | No | Branch | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.2 | g | EP | Branch | Yes | Branch | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.2 | h | BYOD | Branch | Yes | Branch | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.2 | i | Guest | Branch | Yes | Branch | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.2 | j | EP | Branch | No | Branch | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.2 | k | BYOD | Branch | No | Branch | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.2 | l | Guest | Branch | No | Branch | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.2 | m | EP | Remote | Yes | Branch | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.2 | n | BYOD | Remote | Yes | Branch | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.2 | o | Guest | Remote | Yes | Branch | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.2 | p | EP | Remote | No | Branch | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.2 | q | BYOD | Remote | No | Branch | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.2 | r | Guest | Remote | No | Branch | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.3 | a | EP | On-Prem | Yes | IaaS | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.3 | b | BYOD | On-Prem | Yes | IaaS | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.3 | c | Guest | On-Prem | Yes | IaaS | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.3 | d | EP | On-Prem | No | IaaS | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.3 | e | BYOD | On-Prem | No | IaaS | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.3 | f | Guest | On-Prem | No | IaaS | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.3 | g | EP | Branch | Yes | IaaS | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.3 | h | BYOD | Branch | Yes | IaaS | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.3 | i | Guest | Branch | Yes | IaaS | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.3 | j | EP | Branch | No | IaaS | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.3 | k | BYOD | Branch | No | IaaS | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.3 | l | Guest | Branch | No | IaaS | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.3 | m | EP | Remote | Yes | IaaS | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.3 | n | BYOD | Remote | Yes | IaaS | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.3 | o | Guest | Remote | Yes | IaaS | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.3 | p | EP | Remote | No | IaaS | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.3 | q | BYOD | Remote | No | IaaS | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.3 | r | Guest | Remote | No | IaaS | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.4 | a | EP | On-Prem | Yes | PaaS | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.4 | b | BYOD | On-Prem | Yes | PaaS | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.4 | c | Guest | On-Prem | Yes | PaaS | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.4 | d | EP | On-Prem | No | PaaS | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.4 | e | BYOD | On-Prem | No | PaaS | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.4 | f | Guest | On-Prem | No | PaaS | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.4 | g | EP | Branch | Yes | PaaS | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.4 | h | BYOD | Branch | Yes | PaaS | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.4 | i | Guest | Branch | Yes | PaaS | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.4 | j | EP | Branch | No | PaaS | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.4 | k | BYOD | Branch | No | PaaS | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.4 | l | Guest | Branch | No | PaaS | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.4 | m | EP | Remote | Yes | PaaS | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.4 | n | BYOD | Remote | Yes | PaaS | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.4 | o | Guest | Remote | Yes | PaaS | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.4 | p | EP | Remote | No | PaaS | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.4 | q | BYOD | Remote | No | PaaS | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.4 | r | Guest | Remote | No | PaaS | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.5 | a | EP | On-Prem | Yes | SaaS | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.5 | b | BYOD | On-Prem | Yes | SaaS | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.5 | c | Guest | On-Prem | Yes | SaaS | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.5 | d | EP | On-Prem | No | SaaS | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.5 | e | BYOD | On-Prem | No | SaaS | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.5 | f | Guest | On-Prem | No | SaaS | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.5 | g | EP | Branch | Yes | SaaS | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.5 | h | BYOD | Branch | Yes | SaaS | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.5 | i | Guest | Branch | Yes | SaaS | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.5 | j | EP | Branch | No | SaaS | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.5 | k | BYOD | Branch | No | SaaS | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.5 | l | Guest | Branch | No | SaaS | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.5 | m | EP | Remote | Yes | SaaS | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.5 | n | BYOD | Remote | Yes | SaaS | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.5 | o | Guest | Remote | Yes | SaaS | Session Continues | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.5 | p | EP | Remote | No | SaaS | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.5 | q | BYOD | Remote | No | SaaS | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+ | B-8.5 | r | Guest | Remote | No | SaaS | Session Terminated | +---------+---+-----------+------------------+--------------+---------+-----------------------------+