Skip to main content

Arculix by SecureAuth overview

Introducing Arculix by SecureAuth. Every digital journey is simple, seamless, and secure to support your zero trust initiatives.

The Arculix engine continuously creates and monitors user behavior based on thousands of signals from the device, the browser, the mobile app, and the ingestion of other 3rd party threat data. Our Biobehavioral® AIML approach will continuously adjust the level of assurance of the identity and require step-up authentication when risk demands it. Arculix leverages a mixture of AI & ML, expert systems, and SMEs to classify, detect, and model behavior, and assign real-time risk scores to continuously validate one’s identity prior to, during and post-authentication.


Arculix can run on a hybrid platform as well as in the cloud. The high level architecture of the system is provided below.

Arculix overview architectural diagram


Arculix at its core

Arculix sits between different components of the platform and connects them together. It provides an interface to the Arculix Mobile app and orchestrates the different parts of the system as well as allow third-party applications access to Multi-factor Authentication functionality via REST APIs.


The appliance consists of a set of services and an administrative console (or Admin Console) that provides the following functionality:

  • Integration with an existing user directory such as Active Directory or Azure AD

  • SSO services such as SAML

  • Exposing the RADIUS protocol for VPN authentication

  • User interface to configure the appliance, manage applications, create authentication policies, monitor statistics, and more

The appliance can run both on-premise and in the cloud while providing an out-of-the-box integration with Arculix at its core.

To make it easy for administrators and provide a centralized administrative experience, the admin console on the appliance allows complete control of the appliance and Arculix integration from a single user interface. For example, you can define applications in the appliance in addition to Arculix in the cloud.

Risk Engine

The Risk Engine is part of Arculix. It collects the raw and derived data on each user from a variety of sources and provides a score to the smart MFA module. The Risk Engine in Arculix is extensible, allowing it to easily ingest third-party data from a disparate range of sources to provide enhanced risk scoring using custom data sources. To learn more see Risk engine.

Policy Engine

Policy Engine allows full control of the authentication flow by defining a policy that invokes an action based on the login context and the numerous signals that generate a risk score. To learn more, see Policy engine.

Arculix Mobile app

There are many functionalities offered by Arculix Mobile such as:

  • Authentication factor through push notifications

  • Logging in using QR scanner without username or password

  • Offline TOTP

  • Viewing the transaction history

  • Defining policies to automate things such as automatically approve or rejecting the authentication requests for a give period of time

Arculix Mobile SDK

You can use the Arculix Mobile SDK to incorporate the capabilities of Arculix into your existing, in-house mobile app.

Multi-factor authentication

When it comes to multi-factor authentication (MFA) for web applications, Arculix provides two approaches: API and plugins.

Through API and plugins

Use the Arculix REST APIs to integrate Arculix multi-factor authentication with any other software, whether custom-built or off-the-shelf.

A second approach is to use Arculix plugins to enable Arculix MFA for commonly used software. Find the available plugins from the left side navigation menu.

Note - When there's no user directory Arculix will provide a user directory on it's own.


Arculix provides SSO via SAML


Provided as part of the appliance and can be configured in the admin panel on the appliance.

Installation options

Arculix can be used as a SaaS or deployed fully on-premise, or a combination of the two.


The Arculix platform, including the core and appliance micro-services, can all be deployed on-premise to provide full physical control over the environment.


The Arculix platform is already provided as a SaaS in the cloud and so there is no need to worry about infrastructure, scaling, security, or up-time.


If running a user directory inside the network and you (1) don't want to expose data outside the firewall, and (2) want to avoid the overhead of maintaining infrastructure and security for the whole platform, SecureAuth provides a third approach. The Arculix core can be run as a SaaS in the cloud with the appliance running behind the network firewall. In this case, the appliance securely communicates with the user directory without exposing any identity data to the outside world.