Arculix Mobile app admin guide
Intended audience: Administrators
Welcome to the Arculix Mobile app! The mobile app connects with the Arculix multi-factor authentication (MFA) service to make logins more secure. Aruclix Mobile sends push notifications for one-tap authentication and can generate login passcodes on your mobile device.
As an Arculix administrator for your organization, you can set some Arculix Mobile configurations to meet your organization needs. For example, you can force the use of App Lock, set the passcode (PIN) length, enable workstation pairing for Arculix Device Trust, and so on.
Supported authenticators include push, symbol-to-accept, time-based one-time passcode (TOTP), security keys (like YubiKey, RFID, etc.), biometrics, SMS, email, security questions, FIDO authenticators, and passwords.
To learn more about all the end user features and functions in the Arculix Mobile app, see Arculix Mobile app user guide. The remainder of this topic will focus on the administrative settings in Arculix that defines the user experience and security settings for your organization as it relates to Arculix Mobile.
![]() |
Push notification view

Arculix Mobile configurations
You can set some Arculix Mobile configurations specific to your organization, like forcing an App Lock or not allowing rooted or jailbroken devices to pair, and so on.
All of these configurations are done in Arculix Core.
Log in to Arculix and go to Organization Settings.
Select the Arculix Mobile Application tab.
Set the applicable configuration.
See the sections below in this topic for certain functions of Arculix Mobile that you want to apply.
Arculix Device Trust
If your organization uses Arculix Device Trust on workstations, you will need to set the following configuration.
- Enable workstation pairing
To use Arculix Device Trust, you need to enable the setting to allow end users to pair their workstation with their account in Arculix Mobile app.
In Arculix Core, select the check box for
Enable Workstation pairing on Arculix Mobile app
.
More security
You can add another layer of security in Arculix Mobile to approve login requests.
- Turn on App Lock
You can show or hide the App Lock feature in Arculix Mobile app. With this feature, end users can go to Settings in Arculix Mobile app and turn on App Lock and create a passcode (PIN). This allows them use a PIN to unlock Arculix Mobile app to approve login requests. After they create a PIN, they can optionally turn on biometric MFA.
In Arculix, select the check box for
Show App Lock (Passcode) Menu on Settings
.- Enforce App Lock
You can require end users to provide passcode (PIN) or biometric MFA to unlock the Arculix Mobile app to approve login requests. End users cannot approve login requests until they create a PIN. After they create a PIN, they can optionally turn on biometric MFA like Face ID.
Prerequisite: You must have this setting enabled:
Show App Lock (Passcode) Menu on Settings
.In Arculix, select the check box for
User should use Passcode or Biometric to approve the MFA request
.- Enforce App Lock for offline codes
You can require end users to provide passcode (PIN) or biometric MFA to unlock the Arculix Mobile app to view offline codes (TOTP).
Prerequisite: You must have this setting enabled:
Show App Lock (Passcode) Menu on Settings
.In Arculix, select the check box for
Force the user to authenticate with Biometric/Passcode before showing the TOTP codes on the mobile app
.- Specify passcode (PIN) length
Requires Arculix Mobile app version 5.0.5 or later
By default, the passcode (PIN) length for the App Lock in Arculix Mobile is 4-digits. You can change this setting to require users to create an 8-digit PIN.
Prerequisite: You must have this setting enabled:
Show App Lock (Passcode) Menu on Settings
.In Arculix, select the check box for
Force the user to set up 8-digit Passcode, instead of 4-digit
.This setting impacts existing users who have set up a passcode (PIN) in Arculix Mobile. If you change this policy, it will ask users to update their passcode to match the policy from 4-digits to 8-digits or vice versa.
With multi-accounts, the 8-digit policy will override any account that only requires 4-digits.
Note
If end users forget their passcode (PIN), they will need to pair their account again.
- Require hardware security module checks
Requires Arculix Mobile app version 5.0.5 or later
For mobile authenticator devices, there is a hardware security module check setting that prevents pairing of mobile devices that do not have Secure Enclave (iOS) and TPM 2.0 (Windows).
When this policy setting is enabled, the server will check for TPM or Secure Enclave on the mobile device, and reject the pairing process as applicable to the policy.
In Arculix, select the check box for
Requires mobile devices to have a hardware security module to pair and use Arculix Mobile
.Tip
Be sure to enable this configuration in Arculix before end users pair their mobile devices.
Warning message displays when trying to pair a device that does not have TPM or Secure Enclave
- Reject rooted or jailbroken devices
There is a security check in the Arculix Mobile app for rooted or jailbroken devices. When the Arculix Mobile app opens and detects that the mobile device is rooted or jailbroken, the app will not work at all.
This setting works at the app level, and does not require a flag or configuration setting in Arculix Core.
Device settings
The following configurations relate to pairing and use of Arculix Mobile app on devices.
- FIDO devices
You can indicate whether to show the FIDO tab in the Arculix Mobile app under Settings. This setting allows end users to register FIDO-compliant security keys and devices.
In Arculix, select the check box for
Show/Hide FIDO Tab on Arculix Mobile App
.
Arculix Mobile app functions
The following configurations relate to the functions of the Arculix Mobile app on devices.
- Open on Workstations view
In the Arculix Mobile app, automatically open the Workstations view instead of the Dashboard view.
In Arculix, select the check box for
Automatically open on the workstation screen
.- Dashboard refresh
In the Arculix Mobile app, periodically refresh the Dashboard for any pending transactions of login requests. This setting is for organizations who do not want to use push notifications.
In Arculix, set the the number of seconds to refresh the Dashboard in this setting:
Let's the app know that Dashboard should be refreshed every X seconds
.The default setting of
-1
indicates no polling.
Use device camera
Requires Arculix Mobile app version 5.0.5 or later
Coming soon! A new feature allows you to scan Arculix QR codes using the camera on your mobile device without first opening the Arculix Mobile app.
When you scan an Arculix QR code using your device camera, it will suggest opening the Arculix Mobile app. After the Arculix Mobile app opens, it automatically switches to the QR scan view in the app and seamlessly processes the QR code.
![]() |
Use device camera to scan Arculix QR code
This feature will work with the following QR codes:
Arculix pairing QR code
Arculix web SSO QR code
Arculix Device Trust QR code
Implementation
To implement the Use Device Camera feature, it requires the following:
End users must first install or update to Arculix Mobile app version 5.0.5 or later
To turn on this feature in Arculix, contact Support.