an agent configured to accept queries from the application running on said external network and pass said queries to a relay with a dynamic filter running on said external network;

said relay configured to i) establish a secure connection with a local connector through a firewall to protect said organization's internal server resources running on said internal network, and ii) pass requests from said application via said agent to a cloud authentication service running on said external network, said cloud authentication service to confirm that a user of said application is authorized to access said internal network and if authorized, issue an authentication ticket,

a cloud connector running on said external network configured to receive said issued authentication ticket and pass said issued authentication ticket via said relay for receipt by said application via said agent;

said relay further configured to receive from said application via said agent a request to access a specific internal server resource based on said issued authentication ticket, and pass said request through said secure connection to said connector if said user is authenticated, said connector further configured to pass said request to a ticket granting service running on said internal network, said ticket granting service to verify that said user is authorized to access the specific internal server, and if authorized to issue a service ticket provided to said connector to pass said service ticket via said relay and said agent to said application, wherein said application, based on said service ticket, is granted access to said specific internal server.