Arculix by SecureAuth overview
Introducing Arculix by SecureAuth. Every digital journey is simple, seamless, and secure to support your zero trust initiatives.
The Arculix engine continuously creates and monitors user behavior based on thousands of signals from the device, the browser, the mobile app, and the ingestion of other 3rd party threat data. Our Biobehavioral® AIML approach will continuously adjust the level of assurance of the identity and require step-up authentication when risk demands it. Arculix leverages a mixture of AI & ML, expert systems, and SMEs to classify, detect, and model behavior, and assign real-time risk scores to continuously validate one’s identity prior to, during and post-authentication.
Architecture
Arculix can run on a hybrid platform as well as in the cloud. The high level architecture of the system is provided below.
Modules
Arculix at its core
Arculix sits between different components of the platform and connects them together. It provides an interface to the Arculix Mobile app and orchestrates the different parts of the system as well as allow third-party applications access to Multi-factor Authentication functionality via REST APIs.
Appliance
The appliance consists of a set of services and an administrative console (or Admin Console) that provides the following functionality:
Integration with an existing user directory such as Active Directory or Azure AD
SSO services such as SAML
Exposing the RADIUS protocol for VPN authentication
User interface to configure the appliance, manage applications, create authentication policies, monitor statistics, and more
The appliance can run both on-premise and in the cloud while providing an out-of-the-box integration with Arculix at its core.
To make it easy for administrators and provide a centralized administrative experience, the admin console on the appliance allows complete control of the appliance and Arculix integration from a single user interface. For example, you can define applications in the appliance in addition to Arculix in the cloud.
Risk Engine
The Risk Engine is part of Arculix. It collects the raw and derived data on each user from a variety of sources and provides a score to the smart MFA module. The Risk Engine in Arculix is extensible, allowing it to easily ingest third-party data from a disparate range of sources to provide enhanced risk scoring using custom data sources. To learn more see Risk engine.
Policy Engine
Policy Engine allows full control of the authentication flow by defining a policy that invokes an action based on the login context and the numerous signals that generate a risk score. To learn more, see Policy engine.
Arculix Mobile app
There are many functionalities offered by Arculix Mobile such as:
Authentication factor through push notifications
Logging in using QR scanner without username or password
Offline TOTP
Viewing the transaction history
Defining policies to automate things such as automatically approve or rejecting the authentication requests for a give period of time
Arculix Mobile SDK
You can use the Arculix Mobile SDK to incorporate the capabilities of Arculix into your existing, in-house mobile app.
Multi-factor authentication
When it comes to multi-factor authentication (MFA) for web applications, Arculix provides two approaches: API and plugins.
Through API and plugins
Use the Arculix REST APIs to integrate Arculix multi-factor authentication with any other software, whether custom-built or off-the-shelf.
A second approach is to use Arculix plugins to enable Arculix MFA for commonly used software. Find the available plugins from the left side navigation menu.
Note - When there's no user directory Arculix will provide a user directory on it's own.
SSO
Arculix provides SSO via SAML
SAML
Provided as part of the appliance and can be configured in the admin panel on the appliance.
Installation options
Arculix can be used as a SaaS or deployed fully on-premise, or a combination of the two.
On-premise
The Arculix platform, including the core and appliance micro-services, can all be deployed on-premise to provide full physical control over the environment.
Cloud
The Arculix platform is already provided as a SaaS in the cloud and so there is no need to worry about infrastructure, scaling, security, or up-time.
Hybrid
If running a user directory inside the network and you (1) don't want to expose data outside the firewall, and (2) want to avoid the overhead of maintaining infrastructure and security for the whole platform, SecureAuth provides a third approach. The Arculix core can be run as a SaaS in the cloud with the appliance running behind the network firewall. In this case, the appliance securely communicates with the user directory without exposing any identity data to the outside world.