Arculix role-based access control
Role-based access control (RBAC) in Arculix has several defined roles to help you manage access within Arculix.
By default, Arculix provides the following roles:
User
A user is the lowest level allowed to log in to Arculix. They can see and manage their own information:
View Audit logs
Manage their Offline Authenticator secret
Manage WebAuthn Credentials
Access their user details
Change their mobile phone number
Manage secondary email addresses
View and unpair devices
View and unpair workstations
The user role is automatically assigned to all users in the system; no additional action is required.
Help desk
In addition to the privileges of a normal user, a user with help desk access can view the organization's IdP settings and general information. They can view audit logs for members of the organization and do the following:
Manage secondary email addresses
Update mobile phone number
Lock the user
Unpair devices and workstations
This role can be granted or revoked via the Object Management API or by SecureAuth personnel.
Organization admin
An organization admin is the highest level of access within an organization. They can do everything a help desk user can plus the following:
Edit organization settings
IdP configuration
User directory configuration
Add or remove organization administrators
Manage organization domains
Manage policies
Manage applications
Add and assign certificates
Manually confirm member email addresses and mobile phone numbers
Unlock member users
An organization admin can add another user as an organization admin from the Organization Settings page. Additionally, the role can be granted or revoked via the API or by SecureAuth personnel.