Abstract: A method for enforcing policies used with a computer client, the method including receiving, at policy decision point (PDP) processor, information from a single sign-on (SSO) system indicating an occurrence of an event of interest on the computer client, performing, using the PDP processor, a policy check in response to the occurrence of the event of interest, wherein a policy check result is generated, and providing the generated policy check result to the SSO system.

Abstract: A method for creating an identity map, the method including determining, using a single sign on component, if a user is a presented with a logon screen related to a resource, capturing logon information, using the SSO component, wherein at least a portion of the logon information is received from the user, determining, using the SSO component, if the user successfully accessed the resource using the information received from the user, and determining if an identity map includes an entry corresponding to at least one of the user and the resource.