SharePoint application architecture

The SharePoint Access Gateway architecture represent the minimum components required for protecting SharePoint.
In this architecture, a set of applications, referred to as protected web, or SharePoint, resources are served to requesting clients using Access Gateway.

Architecture

Kerberos Architecture

Flow
  1. User signs in.
  2. Okta send user identity to Access Gateway.
  3. Access Gateway accesses the predefined KDC with credentials.
  4. KDC returns a Kerberos ticket.
  5. Access Gateway redirects to backing application.
  6. Application returns completed request.
  7. Access Gateway performs rewrites and returns request to user.
For details see: Kerberos overview