SharePoint application architecture

The SharePoint Access Gateway architecture represent the minimum components required for protecting SharePoint.

In this architecture, a set of applications, referred to as protected web, or SharePoint, resources are served to requesting clients using Access Gateway.

Architecture

Kerberos Architecture

Flow
  1. The user signs in.
  2. Okta sends the user's identity to Access Gateway.
  3. Access Gateway accesses the predefined Key Distribution Center (KDC) with credentials.
  4. KDC returns a Kerberos ticket.
  5. Access Gateway redirects to a backing application.
  6. The application returns a completed request.
  7. Access Gateway performs rewrites and returns the request to the user.
For details see: Kerberos overview