Enterprise resources cannot be protected by Access Manager until you install Access Manager client APIs on the Web Server or Application Server that you want to protect. The client APIs mirror the APIs and functionality contained in the Access Manager core components: Authentication, Authorization (Policy), SAML, Identity Federation, and User Session.