Skip to main content

Arculix role-based access control

Role-based access control (RBAC) in Arculix has several defined roles to help you manage access within Arculix.

By default, Arculix provides the following roles:


A user is the lowest level allowed to log in to Arculix. They can see and manage their own information:

The user role is automatically assigned to all users in the system; no additional action is required.

Help desk

In addition to the privileges of a normal user, a user with help desk access can view the organization's IdP settings and general information. They can view audit logs for members of the organization and do the following:

This role can be granted or revoked via the Object Management API or by SecureAuth personnel.

Organization admin

An organization admin is the highest level of access within an organization. They can do everything a help desk user can plus the following:

  • Edit organization settings

    • IdP configuration

    • User directory configuration

    • Add or remove organization administrators

    • Manage organization domains

  • Manage policies

  • Manage applications

  • Add and assign certificates

  • Manually confirm member email addresses and mobile phone numbers

  • Unlock member users

An organization admin can add another user as an organization admin from the Organization Settings page. Additionally, the role can be granted or revoked via the API or by SecureAuth personnel.