![safous-logo.png]](https://support.safous.com/hs-fs/hubfs/website%20assets/logos%20and%20background/safous-logo.png?height=30&name=safous-logo.png){kind=logo}
Information based on the figure above:
- Safous ZTA service consists of two main components - Global POPs and App Gateway.
- Currently, Safous ZTA service POPs reside in multiple regions and countries that customers can leverage.
- App Gateway only needs egress traffic to Global POPs using internet access and does not require any ingress traffic to be opened, which mitigates the attack surface from the internet.
- App Gateway serves as a bridge to communicate with various internal business apps that reside in customer sites such as Office, Datacenter, or Cloud Environment.
- It can accommodate not only internal business apps in customer sites but also SaaS Apps and Cloud Apps.
- From the client's perspective, the user will be routed to the nearest POP and access the respective App Gateway.
- Safous ZTA service supports various authentication methods for SSO, ranging from traditional methods like using Directory Service (MS AD / LDAP) to External Identity Providers based on SAML and OpenID.