Techniques and architecture are described for determining an identity of a client device and utilizing security policies associated with the client device provided by a device identity entity. For example, a tag associated with security policies is created for use in enforcing the security policies by a security policy enforcement entity associated with a cloud network. The techniques and architecture also allow for identification of a particular user on a client device that may be shared by multiple users based at least in part on the user accessing an application. Also, the techniques and architecture described herein provide a generic and agnostic approach to enforcing security policies for users and/or client devices.