Provides personalized access to information, applications & processes from a centralized point Appropriately authenticate users and control access to various kinds of information & applications Accommodates different security requirements and integrates with various security infrastructure components Bundled with LDAP Directory, it can support a number of other LDAPs Can also take advantage of alternate security proxies and PKI.