This service is used as the organization-facing entry point for workspace sessions, enrolled devices, and access policy checks.
User identity is verified before any workspace inventory or device scope is exposed.
Organizations can apply route, approval, and session controls centrally.
Workspace access is released only after tenant and session posture checks pass.