Configure SecureAuth Arculix for SAML (SP-initiated) Integration

Log in to your Arculix instance and follow these steps:

  1. Create a new Application. Use a recognizable name, such as BeyondTrust Remote Support.
  2. Click SAML Service Provider Configuration.

Complete SAML details from Remote Support in Arculix.

  1. Do not check Upstream IdP or IdP Initiated.
  2. Select Email for the Name Identifier.
  3. For Issuer or Entity ID, use generated Entity ID from the SAML Configuration in Remote Support, in the Service Provider Settings.
  4. For Assertion Consumer Service (ACS) URL, use generated Assertion Consumer Service URL from the SAML Configuration in Remote Support, in the Service Provider Settings.
  5. Include the following Asserted Attributes:
    • Name: e.g. beyondtrust.demo@arculix.xyz
    • EmailAddress
    • GivenName
    • Surname
    • Group: This needs to correspond to a Group Policy in Name in Remote Support.

Enable using SAML in the public portal settings.

  1. For SAML for Public Portals, one more configuration step is required in BeyondTrust Remote Support.
    • Click Public Portals, then click Public Sites.
    • Edit the portal.
    • Ensure Require SAML Authentication and Display Customer Notices are checked.
    • This step does not apply to SAML for Representatives.

 

  1. Assign the new application to a test user.

Arculix portal with Beyond Trust integration.

  1. Test the application:
    1. Click the App in the Arculix portal for the test user.
    2. Single Sign-On authenticates to Remote Support.
    3. The test user should have access to Remote Support as per the Group Policy.

Should you need any assistance, please log into the Customer Portal to chat with Support.