OPSWAT MetaAccess (formerly Metadefender Endpoint Management) is a cloud based access control solution that helps organizations enforce endpoint compliance and prevent security threats by blocking potentially compromised or non-compliant devices from accessing corporate resources.
An integration between SAC and OPSWAT MetaAccess (TM) allows organizations to implement Zero Trust Network architecture when accessing any corporate resource deployed in any datacenter (on-premises or in a private or public cloud) from any device.
Both SAC and OPSWAT MetaAccess are cloud-based services, eliminating the need to deploying complex security solutions in the customers' networks.
The following diagram depicts the architecture of an integrated solution:
End-user's workstation needs to run an OPSWAT MetaAccess agent (available for Windows, Mac OS X, iOS and Android). The agent can be centrally deployed on corporate-owned devices, and can be downloaded and deployed easily with non-privileged account on any BYOD or 3rd-Party device.
The complete flow of log-in and device posture check is described in the following diagram:
0. Unrelated to the user flow, OPSWAT MetaAccess agent monitors and reports the security posture of the user's device that is continuously evaluated vs the corporate policy
1. The user attempts connecting to a published corporate resource without an active session
2. SAC redirects the browser to the corporate identity provide for user authentication
3. The user's browser attempts connecting to the corporate identity provider and authenticate the user
4. The corporate identity provide redirects the authenticated user back to SAC. At this point, the device identity is collected to be used in the next step
5. SAC sends a query to OPSWAT MetaAccess requesting the information regarding the device security posture
6. OPSWAT MetaAccess returns the information, that is being evaluated by the SAC Access Policy
7. If approved, User's request gets delivered to the corporate resource