Request Demo

Product


Total Access Control
Inside the Platform

Architecture, capabilities, and technical specifications for the unified zero-trust access platform.

Request a Demo
Explore the Architecture →

Platform Overview

The Complete Access & Identity Management Ecosystem

TAC sits at the center of your access control architecture — governing every identity, device, application, and AI agent through a single policy-driven platform.

Total Access Control Architecture Diagram


Architecture

Secure Virtual Appliance (SVA) Architecture

TAC is built on a single-tenant Secure Virtual Appliance that deploys as a reverse proxy between users and applications. Every customer gets a dedicated, isolated instance — no shared infrastructure, no noisy neighbors, no data co-mingling.

The SVA intercepts all access requests, evaluates identity, device posture, and policy compliance, and enforces access decisions before any traffic reaches the target application. All traffic flows through a single encrypted port (supporting up to TLS 1.3). All other inbound ports can be closed.

TAC scales from a single SVA to an array (multiple SVAs behind a load balancer for high availability) to a global array (SVAs distributed across worldwide locations for global enterprise deployments). All configurations are managed from a single admin console.

SVA Scaling Path

Single SVA
Department / Branch

Array
HA / Load Balanced

Global Array
Worldwide Enterprise

1 Port
Single encrypted port (TLS 1.3) for ALL traffic


How It Works

How Reverse-Proxy Enforcement Works

Unlike agent-based solutions that require software on every endpoint, or tunnel-based solutions that route traffic through a vendor’s cloud, TAC’s reverse proxy sits at the network edge and mediates every connection.

When a user requests access to an application:

1

Encrypted Request

The request hits TAC’s reverse proxy on a single encrypted port

2

Identity Evaluation

TAC evaluates the user’s identity against connected directories (AD, LDAP, SAML, RADIUS, OIDC, SQL, custom)

3

MFA Challenge

TAC challenges the user with the configured MFA method (FIDO2, SafeLogin, SMS, OTP, TOTP, push, or hardware token)

4

Device Posture

TAC evaluates the device’s posture — OS, patches, AV, encryption, firewall, domain join, geolocation

5

Policy Enforcement

TAC applies the unified access policy for that user + device + application combination

6

Proxied Connection

If all checks pass, TAC proxies the connection to the target application — the user never connects directly

Zero application changes required. The application itself never needs to know about TAC. No code changes. No SAML/OIDC integration required. No agents on the application server.


Identity

Multi-Repository Identity Federation

TAC connects simultaneously to multiple identity sources — Active Directory, LDAP, SAML identity providers, RADIUS servers, OIDC providers, SQL databases, and custom directories.

Users from different identity sources are governed by a single, unified policy engine. No middleware required. No identity source limitations.

Whether your identities live in on-prem AD, a cloud SAML provider, a RADIUS server, or a custom SQL database, TAC treats them all as first-class citizens in the same policy framework.

Connected Identity Sources

Active Directory
On-Prem / Azure

LDAP
Directory Services

SAML
Identity Providers

RADIUS
Network Auth

OIDC
OpenID Connect

SQL
Custom Databases

Unified Policy Engine
All identity sources → One policy framework


Policy

One Policy Engine. Every Decision.

TAC’s policy engine evaluates multiple signals in a single decision point. Policies are configured and managed from one admin console — not scattered across multiple products, portals, and admin centers like competing solutions.

Identity
Who is requesting access
Device Posture
OS, patches, AV, encryption
App Context
Which resource is targeted
Network Location
Where the request originates
Time of Day
When access is attempted
Risk Signals
Real-time threat indicators

Competitors: 3–6 Consoles

Zscaler requires ZIA + ZPA consoles. Microsoft needs Entra + Intune + GSA + Defender + Purview. Cisco needs Duo + Secure Access + Identity Intelligence + ISE. Policies fragmented across tools.

TAC: 1 Console

One admin console. One policy engine. Every identity, device, application, and session — governed from a single place with a complete audit trail.

Compatibility

What TAC Protects

TAC provides access control for virtually any application type — no protocol limitations, no “supported app” list to check.

Modern Web Apps
SAML, OIDC, OAuth
Legacy Web Apps
Header-based, forms-based, cookie-based auth
Thick-Client Apps
RDP, SSH, proprietary protocols
Kerberos Apps
Kerberos-authenticated applications
APIs & Microservices
RESTful, GraphQL, SOAP endpoints
IoT & OT
IoT and OT management interfaces
AI Agents
AI agents and automated workflows
Internal Tools
Custom-built and internal applications

No application modification required. No “supported app” list to check. If it runs over a network, TAC can protect it.

TAC Overview Datasheet
One Platform. One Console. One License. Total Control. — 3 pages, PDF

Download PDF

TAC Technical Datasheet
Architecture, traffic flow, integrations, deployment models, and supported protocols. — 8 pages, PDF

Download PDF

See TAC in Action

Schedule a personalized demo to see how Total Access Control can simplify access, close ports, and strengthen security across your entire environment.

Request a Demo
More Info →

This website uses cookies

We use cookies to personalize content, provide social media features, and analyze our traffic. We also share information about your use of our site with our analytics partners. You can change your preferences at any time. For more information, please see our Privacy Policy and Cookie Policy. Privacy Policy Cookie Policy