Glossary of Banyan Terms

Terminology Banyan uses to represent and secure users, devices, or applications running in any type of environment

  • Updated on Apr 19, 2023

Directory

Organization

An Organization is a company, or company division, that has an account on the Banyan Command Center.

User

A User is a human being who has a relationship with your Organization. They may be an employee, customer, contractor, partner, etc.

Groups

Users belong to one or more Groups within an Organization. There can be a large number of Users in any Organization with different changing properties. Groups, on the other hand, are much fewer in number and more permanent in their classifications.

Identity Provider

An Identity Provider (IDP) creates, maintains, and manages identity information for Users in your Organization. It delivers authentication capabilities to reliant applications, such as the Banyan Command Center. Popular IDP providers include Okta, Google Identity, and Azure Active Directory.

Device

A Device is an electronic appliance, such as personal computer, mobile phone, or tablet computer, capable of connecting to a network and processing data. A Device is used by Users to make requests to access protected resources. Devices do not need to be in your Organization’s private network.

Device Manager

An Enterprise Device Manager (abbreviated EDM, and sometimes referred to as MDM or UEM) enables IT administrators to control, secure, and enforce policies on smartphones, tablets, laptops and desktop computers. Popular EDM products include Workspace ONE UEM, JAMF, and Citrix.


Infrastructure

Cluster

A Cluster is a logical grouping of Banyan Access Tiers that are managed together for a given Organization. A Banyan Cluster includes a Private PKI (Public Key Infrastructure) to distribute cryptographic identities (X.509 Certificates) to clients and services in your organization.

Access Tier

An Access Tier is an identity-aware proxy and gateway that mediates access into a private network segment within which corporate applications and services run. A Banyan Access Tier has a public IP address that is reachable from the internet.

Connector

A Connector is a Dial-out Connector that runs in a private network segment within which your corporate applications and services run. A Banyan Connector establishes a secure tunnel with one or more Banyan Access Tiers.


Banyan Services

Service

In Banyan, a Service provides secure connectivity to corporate resources. Once a Service is registered in the Banyan Command Center, access controls can be enforced using a Banyan Access Tier. Policies, which enforce access controls, are attached to Services.

SaaS Application

A SaaS Application is a special type of Service that is NOT hosted in a customer environment. Instead, SaaS Applications are hosted by the SaaS vendor, in the vendor’s datacenters. SaaS Application traffic does not flow though an Access Tier; instead, Banyan has a special enforcement called IDP Chaining for SaaS Applications.


Banyan Roles & Policies

Role

In Banyan, a Role represents a set of access privileges. The specific access privileges of a Role are determined by the Policies that mention the Role.

Roles are assigned to Users based on attributes we’ve gathered during the authentication phase.

Policy

In Banyan, a Policy is set of authorization rules that specify which Users can access a given Service.

Note that we write Policies using Roles and not individual Users; Roles simplify policy creation by grouping Users with similar access privileges.


Device Trust Scoring

Trust Scoring

The calculation of a device’s Trust Level by evaluating the Effect of each Trust Factor.

Trust Factor

An attribute (visible to end users on their devices) that is evaluated against admin-defined criteria, used as input in the device Trust Scoring calculation.

Effect

The weight assigned to each particular Trust Factor (i.e., Low Trust Level, Medium Trust Level, Always Deny, No Effect, Not Evaluated).

Example: An admin assigns a Low Trust Level Effect to the Trust Factor, Firewall Enabled. If the firewall is not enabled on the device, the device’s Trust Level will drop to Low. If the firewall is enabled on the device, the Trust Factor is satisfied and there is no negative impact on the device’s Trust Level.

  • Always Deny: If this factor is not satisfied, the device will be denied authorization into all Banyan services.

  • Not Evaluated: This factor will not be used in the Trust Level calculation, and it will not be displayed in the app.

  • Low Trust Level: If this factor is not satisfied, the device’s Trust Level will be set to low.

  • Medium Trust Level: If this factor is not satisfied, the device’s Trust level will be set to medium.

  • No Effect: If this factor is not satisfied, it will have no effect on the device’s Trust Level, but will be displayed in the app. | This is primarily used for testing purposes.

Trust Profile

A profile in Banyan’s Command Center that applies admin-defined Trust Factors to a specific subset of devices within an org. Trust Profiles allow admins to assign a specific set of Trust Factors (with designated Trust Effects) to custom user groups, device serial numbers, and operating systems.

Granular Trust Scoring

A feature that allows Trust Factors to be assigned an Effect, used to evaluate admin-defined groups of registered devices. This feature was designed to give admins more fine-tuned control over the Trust Scoring process.


Internet Threat Protection

Internet Threat Protection (ITP)

A feature that allows Banyan to evaluate which URLs (being searched by end users) pose a threat and need to be blocked from access. The URLs are mapped to content categories, providing further content filtering against the URL.

Internet Threat Protection (ITP) Policy

A policy page in Banyan’s Command Center that applies admin-defined configurations of threats and URLs to block on a specific subset of devices (via roles within an org).

Block Page

An admin-configured webpage that presents itself when an end user attempts to reach a URL that is not permitted via the ITP Policy associated with the device.

Threat Protection

A section within the ITP Policy page, in which an admin can block threats from end users’ reach. Threats are placed in categories such as Malware, Phishing, Spyware, New Domains, Proxy & Tunnel Avoidance, etc.

Content Filtering

A section within the ITP Policy page, in which an admin can block categories of domains and specific URLs from end users’ reach. Domain categories include Dating & Personals, Drugs, Social Networking, etc.


Can’t find what you’re looking for?

We’re happy to help. Contact our team.