Skip to main content

Arculix

Documentation for Arculix by SecureAuth.

Arculix by SecureAuth overview

Introducing Arculix by SecureAuth. Every digital journey is simple, seamless, and secure to support your zero trust initiatives.

The Arculix engine continuously creates and monitors user behavior profiles based on user interaction with the Arculix Mobile authenticator. Every time an activity occurs, actionable intelligence is gathered and used to optimize the user profile. Arculix is capable of autonomously and continually learning new behaviors and adapting existing ones. While policies can still be manually defined and contribute to the computation, our Biobehavioral® AIML approach automatically finds the abnormalities in users behaviour. Arculix leverages a mixture of AI & ML, expert systems and SMEs to classify, detect, and model behavior, and assign real-time risk scores to continuously validate one’s identity prior to, during and post-authentication.

Architecture

Arculix can run on a hybrid platform as well as in the cloud. The high level architecture of the system is provided below.

Arculix overview architectural diagram

Modules

Arculix at its core

Arculix sits between different components of the platform and connects them together. It provides an interface to the Arculix Mobile app and orchestrates the different parts of the system as well as allow third-party applications access to Multi-factor Authentication functionality via REST APIs.

Appliance

The appliance consists of a set of services and an administrative console (or Admin Console) that provides the following functionality:

  • Integration with an existing user directory such as Active Directory or Azure AD

  • SSO services such as SAML (CAS, OpenID, OAuth 2.0 are to be added soon)

  • Exposing the RADIUS protocol for VPN authentication

  • User interface to configure the appliance, manage applications, create authentication policies, monitor statistics, and more

The appliance can run both on-premise and in the cloud while providing an out-of-the-box integration with Arculix at its core.

To make it easy for administrators and provide a centralized administrative experience, the admin console on the appliance allows complete control of the appliance and Arculix integration from a single user interface. For example, you can define applications in the appliance in addition to Arculix in the cloud.

Risk Engine

The Risk Engine is part of Arculix. It collects the raw and derived data on each user from a variety of sources and provides a score to the smart MFA module. The Risk Engine in Arculix is extensible, allowing it to easily ingest third-party data from a disparate range of sources to provide enhanced risk scoring using custom data sources. To learn more see Risk engine.

Policy Engine

Policy Engine allows full control of the authentication flow by defining a policy that invokes an action based on the login context and the numerous signals that generate a risk score. To learn more, see Policy engine.

Arculix Mobile app

There are many functionalities offered by Arculix Mobile such as:

  • Authentication factor through push notifications

  • Logging in using QR scanner without username or password

  • Offline TOTP

  • Viewing the transaction history

  • Defining policies to automate things such as automatically approve or rejecting the authentication requests for a give period of time

Arculix Mobile SDK

You can use the Arculix Mobile SDK to incorporate the capabilities of Arculix into your existing, in-house mobile app.

Multi-factor authentication

When it comes to multi-factor authentication (MFA) for web applications, Arculix provides two approaches: API and plugins.

Through API and plugins

Use the Arculix REST APIs to integrate Arculix multi-factor authentication with any other software, whether custom-built or off-the-shelf.

A second approach is to use Arculix plugins to enable Arculix MFA for commonly used software. Find the available plugins from the left side navigation menu.

Note - When there's no user directory Arculix will provide a user directory on it's own.

SSO

Arculix provides SSO via SAML (OpenID and CAS will be added soon).

SAML

It's provided as part of the appliance and can be configured in the admin panel on the appliance.

Installation options

Arculix can be used as a SaaS or deployed fully on-premise, or a combination of the two.

On-premise

The Arculix platform, including the core and appliance micro-services, can all be deployed on-premise to provide full physical control over the environment.

Cloud

The Arculix platform is already provided as a SaaS in the cloud and so there is no need to worry about infrastructure, scaling, security, or up-time.

Hybrid

If running a user directory inside the network and you (1) don't want to expose data outside the firewall, and (2) want to avoid the overhead of maintaining infrastructure and security for the whole platform, SecureAuth provides a third approach. The Arculix core can be run as a SaaS in the cloud with the appliance running behind the network firewall. In this case, the appliance securely communicates with the user directory without exposing any identity data to the outside world.