DocumentationRelease Notes
Log In
Documentation

SecureAuth Arculix

Arculix by SecureAuth allows BeyondTrust customers to securely enable efficient access to Privileged Remote Access, while providing a flexible and frictionless user experience.

This integration is based on Arculix SAML (SP-initiated) integration.

This integration requires a working Arculix test User with the Arculix mobile App that can connect to the Arculix SAML Applications portal.

Before setting up the integration, create a Group Policy in BeyondTrust Privileged Remote Access for Arculix users to authenticate to Privileged Remote Access.

ℹ️

Note

For more information, see:

Configure BeyondTrust for integration with Arculix

Go to the administrative /login interface of your BeyondTrust Privileged Remote Access instance and follow these steps:

  1. Click Users & Security, then click Security Providers.

  2. Click +ADD.

  3. Select SAML2.

  4. Enter your desired name, such as Arculix.

  5. Refer to the Arculix documentation (link above) to obtain the Entity ID, Single Sign-on Service URL, and the Certificate.

  6. Note the information in the Service Provider Settings. This is required when configuring Arculix.

  7. Verify that User Attribute Settings match the information in Arculix.

  8. Configure Authorization Settings to match Arculix and assign the default Group Policy.

Configure SecureAuth Arculix for SAML (SP-initiated) integration

Log in to your Arculix instance and follow these steps:

  1. Create a new Application. Use a recognizable name, such as BeyondTrustPrivileged Remote Access.

  2. Click SAML Service Provider Configuration.

  3. Do not check Upstream IdP or IdP Initiated.

  4. Select Email for the Name Identifier.

  5. For Issuer or Entity ID, use generated Entity ID from the SAML Configuration in Privileged Remote Access, in the Service Provider Settings.

  6. For the Assertion Consumer Service (ACS) URL, use the generated Assertion Consumer Service URL from the SAML Configuration in Privileged Remote Access, in the Service Provider Settings.

  7. Include the following Asserted Attributes:

    • Name: e.g. [email protected]
    • EmailAddress
    • GivenName
    • Surname
    • Group: This needs to correspond to a Group Policy in Name in Privileged Remote Access.
  8. Assign the new application to a test user.

  9. Test the application:

    1. Click the App in the Arculix portal for the test user.
    2. Single Sign-On authenticates to Privileged Remote Access.
    3. The test user should have access to Privileged Remote Access as per the Group Policy.

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.