1. End user requests access to a Kubernetes API server. The user's request is routed to Cloud Secure Edge (CSE).
2. CSE runs a device trust check via user's org's device manager, which is integrated with the app.
3. Once verified, the device is then authenticated via their org's identity provider.
4. Once authenticated, user's device is issued a Trust Cert. Banyanproxy adds the Trust Cert to the user's request.
5. User's request is passed to the Global Edge Network, relayed to the Connector inside the org's private network, and then sent to the Kubernetes API server.