# Cloudbrink connection flow The below given flow provides a high-level overview of how a user can access their enterprise applications - SaaS, cloud-hosted, and on-prem - with Cloudbrink. **Flow** 1\) User installs the Cloudbrink Agent on the endpoint device 2\) Cloudbrink Agent will start immediately after installation and prompts user for their enterprise email address 3\) The Cloudbrink Agent sends the user’s email to the Cloudbrink SaaS 4\) Based on domain info from the email, Cloudbrink SaaS will determine the MFA scheme that the administrator has configured and redirects the end user to the appropriate cloud IDP or to the one-time password (OTP) based authentication that Cloudbrink provides natively on the product itself 5\) The user performs MFA through the cloud IDP within the Cloudbrink Agent 6\) After successful user authentication, Cloudbrink Agent performs the device posture checks configured by the administrator to determine if the endpoint device meets the security policies of the enterprise a) Note: The device posture assessment checks are run periodically even after successful login so that any time the device goes out of compliance, Cloudbrink can take remediation action immediately 7\) After successful device posture assessment, the Cloudbrink SaaS receives authorization token from the IDP 8\) Based on the authorization token and the user’s group information, the Cloudbrink SaaS will determine the resource-template (set of applications) that are allowed for the user 9\) The resource-template and application-profiles information are sent to the Cloudbrink Agent by the Cloudbrink SaaS 10\) Cloudbrink Agent establishes secure connections with the Cloudbrink Edge infrastructure based on Edge proximity 11\) The user can access allowed enterprise applications in the same manner as if they were in their office 12\) Based on the split tunnel configurations set by administrators, the Cloudbrink Agent steers traffic to its destination 13\) Users have complete transparency over how the traffic flows to their applications, without any changes in access methods. 14\) Users can access applications hosted on multiple clouds or datacenters without switching between Gateways as it is done with VPN. This eliminates significant overhead for end users as well. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.cloudbrink.com/cloudbrink-overview/cloudbrink-connection-flow.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.