Disclosed herein is a system and method for allowing access to secure resources through a gateway without having to pre-configure the gateway with each specific URL that access is to be granted as well as maintaining the list of resources that are exposed. The gateway is configured to take incoming requests from client devices, such as the URL, and determine from the URL itself what type of authentication is required to gain access to the resource as opposed to comparing the URL with a managed list of URL's. Once the authentication process is identified by the gateway that process is implemented. The gateway analyzes the responses from the resources that may include denials or user authentication requests from the resource to determine the authentication process to use to gain access to the resource. Once authenticated the communications traffic between the client/user and the resource is permitted through the gateway.