@@ -349,6 +349,20 @@ There can be multiple devices in the same network, and the NMS provides supporti
**Figure 4.4.2.1-1: Office network**
A typical office network has multpiple service requesting users connecting simultaneously to a shared infrastructure.
There can be multiple sites, that can be interconnected through: internet, dedicated routing infrastructure like IP-MPLS-tunnel, third party service provider, hyperscaler infrastructure, or 5G slicing, to name afew.
Typically a office network is layers of history that is accumulated through out the years of operation.
With modern remote working expectations, these neworks contain some kind of VPN or other remote connectivity options that enable working with the subset of curated services availabe only through this shared environment, intranet.
Each available intranet service has at least a single way to verify the users identity.
This identity pool can be local for the service, shared within the same intranet or provided as a service outside of the network context.
Larger number of pools provides redundancy, but can also complicate the administration of the credentials and reduce response time when leaked and missused credentials needs to be rotated out.
It is possible to maintain the identities of all of available intranet services by hand, but this is often perceived as impractical even with medium sized pools of users.
A modern office network deployment has often some kind of Identity Provider (IDP) available, what most of the services are using.
How the IDP has set up in the network context is relevant to this document as it can become a major risk factor, if the product does not support a relevant integration style or technique.
