A computerized method for establishing a secure channel between a virtual private network (VPN) client processing on a network device for a user and a network gateway is disclosed. The computerized method includes operations of the controller of transmitting an authentication request to an identity provider based on receipt of a resource request from the VPN client, receiving an authentication response from the identity provider, generating an authentication token based on the authentication response and transmitting the authentication token to the VPN client, wherein the controller further stores the authentication token. The method includes operations of the network gateway of receiving a secure connection request from the VPN client that includes the authentication token, validating the authentication token by querying the controller, in response to validation of the authentication token, establishing the secure connection with VPN client, and providing the VPN client with access to resources via the secure connection.