# Identity and access management | EUCSEC04: How do you separate end user systems to meet your organization's policies? | | --- | | | When implementing EUC services, your organization may have requirements to separate compute devices accessed directly by end users from others used for infrastructure applications. | EUCSEC05: How do you manage application entitlements in your EUC environments? | | --- | | | Users should be entitled to access individual applications rather than provided access to all applications on end user systems. Apply this in a consistent way so that there is a minimal chance of operational failure or accidental granting of full access to all applications. | EUCSEC06: How do you authenticate and authorize access to your end user applications? | | --- | | | Strong and consistent authentication and authorization are key to the secure operation of an end user system to help prevent unauthorized access. Authentication using multiple factors may be a requirement, and the authentication system in use should satisfy this requirement. **Topics** + [EUCSEC04-BP01 Separate end user systems between different groups of users when required to satisfy policy or regulatory requirements](eucsec04-bp01.md) + [EUCSEC05-BP01 Evaluate applications and data access requirements and implement entitlements accordingly](eucsec05-bp01.md) + [EUCSEC06-BP01 Rely on a centralized authentication system that satisfies security requirements for your EUC environment](eucsec06-bp01.md) + [EUCSEC06 BP02 Strengthen SAML federation to reduce security risks](eucsec06-bp02.md)