When a user authenticates to a site or an application, the user has access to resources controlled by Policy Enforcement Point (PEP). PEP checks for user access to the desired resource. The user is granted or denied access to the resource. SAML is used as the communication mechanism between PEP and Policy Decision Point (PDP). In Access Manager terminology, PEP could be thought of as NetIQ Access Gateway, and PDP as NetIQ Identity Server.