Methods and systems are provided for implementing application layer security. According to one embodiment, security rules applicable to end users of a private IP network and particular resources accessible within the network are maintained by a network appliance. A packet originated within the network is received by the network appliance. An application type associated with the packet is determined based on layer 7 information within the packet. Layer 7 information fields are extracted from the packet that are indicative of an identity of an end user associated with the packet. An SSO process is performed including receiving and authenticating credentials of the end user on behalf of multiple resources within the network based on the identity of the end user. One or more security rules are identified and applied to the packet based on the identity of the end user and the determined application type.