SecureAuth Arculix
Arculix by SecureAuth allows BeyondTrust customers to securely enable efficient access to Privileged Remote Access, while providing a flexible and frictionless user experience.
This integration is based on Arculix SAML (SP-initiated) integration.
This integration requires a working Arculix test User with the Arculix mobile App that can connect to the Arculix SAML Applications portal.
Before setting up the integration, create a Group Policy in BeyondTrust Privileged Remote Access for Arculix users to authenticate to Privileged Remote Access.
Note
For more information, see:
- Arculix SAML (SP-initiated) integration.
- Manage users in Acrulix.
- Arculix by SecureAuth overview.
- Use SAML for Single Sign-On Authentication in BeyondTrust Privileged Remote Access.
Configure BeyondTrust for integration with Arculix
Go to the administrative /login interface of your BeyondTrust Privileged Remote Access instance and follow these steps:
-
Click Users & Security, then click Security Providers.
-
Click +ADD.
-
Select SAML2.
-
Enter your desired name, such as Arculix.
-
Refer to the Arculix documentation (link above) to obtain the Entity ID, Single Sign-on Service URL, and the Certificate.
-
Note the information in the Service Provider Settings. This is required when configuring Arculix.
-
Verify that User Attribute Settings match the information in Arculix.
-
Configure Authorization Settings to match Arculix and assign the default Group Policy.
Configure SecureAuth Arculix for SAML (SP-initiated) integration
Log in to your Arculix instance and follow these steps:
-
Create a new Application. Use a recognizable name, such as BeyondTrustPrivileged Remote Access.
-
Click SAML Service Provider Configuration.
-
Do not check Upstream IdP or IdP Initiated.
-
Select Email for the Name Identifier.
-
For Issuer or Entity ID, use generated Entity ID from the SAML Configuration in Privileged Remote Access, in the Service Provider Settings.
-
For the Assertion Consumer Service (ACS) URL, use the generated Assertion Consumer Service URL from the SAML Configuration in Privileged Remote Access, in the Service Provider Settings.
-
Include the following Asserted Attributes:
- Name: e.g. [email protected]
- EmailAddress
- GivenName
- Surname
- Group: This needs to correspond to a Group Policy in Name in Privileged Remote Access.
-
Assign the new application to a test user.
-
Test the application:
- Click the App in the Arculix portal for the test user.
- Single Sign-On authenticates to Privileged Remote Access.
- The test user should have access to Privileged Remote Access as per the Group Policy.
Updated 7 days ago