A method of using an access manager server to establish a communication session between a resource and a user device may include receiving a request from the user device to access the resource, determining that the client system is registered as a trusted partner, sending the client system a first encrypted token that includes a resource identifier where the client system has access to a first cryptographic key that decrypts the first encrypted token. The method may also include receiving a second encrypted token that signifies that access to the resource has been granted by the client system where the second token comprises a user identifier and the access manager server has access to a second cryptographic key that decrypts the second token. The method may additionally include decrypting the second token and establishing the communication session between the user device and the resource using the user identifier.