Glossary of Banyan Terms

Terminology Banyan uses to represent and secure users, devices, or applications running in any type of environment

  • Updated on Apr 25, 2022



An Organization is a company, or company division, that has an account on the Banyan Command Center.


A User is a human being who has a relationship with your Organization. They may be an employee, customer, contractor, partner, etc.


Users belong to one or more Groups within an Organization. There can be a large number of Users in any Organization with different changing properties. Groups, on the other hand, are much fewer in number and more permanent in their classifications.

Identity Provider

An Identity Provider (IDP) creates, maintains, and manages identity information for Users in your Organization. It delivers authentication capabilities to reliant applications, such as the Banyan Command Center. Popular IDP providers include Okta, Google Identity, and Azure Active Directory.


A Device is an electronic appliance, such as personal computer, mobile phone, or tablet computer, capable of connecting to a network and processing data. A Device is used by Users to make requests to access protected resources. Devices do not need to be in your Organization’s private network.

Device Manager

An Enterprise Device Manager (abbreviated EDM, and sometimes referred to as MDM or UEM) enables IT administrators to control, secure, and enforce policies on smartphones, tablets, laptops and desktop computers. Popular EDM products include Workspace ONE UEM, JAMF, and Citrix.



A Cluster is a logical grouping of Banyan Access Tiers that are managed together for a given Organization. A Banyan Cluster includes a Private PKI (Public Key Infrastructure) to distribute cryptographic identities (X.509 Certificates) to clients and services in your organization.

Access Tier

An Access Tier is an Identity-aware Proxy that mediates access into a private network segment within which corporate applications and services run. A Banyan Access Tier has a public IP address that is reachable from the internet.


A Connector is a Dial-out Connector that runs in a private network segment within which your corporate applications and services run. A Banyan Connector establishes a secure tunnel with one or more Banyan Access Tiers.

Banyan Services


In Banyan, a Service provides secure connectivity to corporate resources. Once a Service is registered in the Banyan Command Center, access controls can be enforced using a Banyan Access Tier. Policies, which enforce access controls, are attached to Services.

SaaS Application

A SaaS Application is a special type of Service that is NOT hosted in a customer environment. Instead, SaaS Applications are hosted by the SaaS vendor, in the vendor’s datacenters. SaaS Application traffic does not flow though an Access Tier; instead, Banyan has a special enforcement called IDP Chaining for SaaS Applications.

Banyan Roles & Policies


In Banyan, a Role represents a set of access privileges. The specific access privileges of a Role are determined by the Policies that mention the Role.

Roles are assigned to Users based on attributes we’ve gathered during the authentication phase.


In Banyan, a Policy is set of authorization rules that specify which Users can access a given Service.

Note that we write Policies using Roles and not individual Users; Roles simplify policy creation by grouping Users with similar access privileges.