A. It controls whether or not a user can sign-in, based on role membership.
B. It controls which options are available on the login screen, based on the user's permissions.
C. It controls who can access the login page, based on IP address, certificate information, Host Checker and other criteria.
D. It defines the URLs that users and administrators can use to access the IVE and what Sign-in Page is associated with those URLs.