Configure SecureAuth Arculix for SAML (SP-initiated) Integration
Log in to your Arculix instance and follow these steps:
- Create a new Application. Use a recognizable name, such as BeyondTrust Remote Support.
- Click SAML Service Provider Configuration.
- Do not check Upstream IdP or IdP Initiated.
- Select Email for the Name Identifier.
- For Issuer or Entity ID, use generated Entity ID from the SAML Configuration in Remote Support, in the Service Provider Settings.
- For Assertion Consumer Service (ACS) URL, use generated Assertion Consumer Service URL from the SAML Configuration in Remote Support, in the Service Provider Settings.
- Include the following Asserted Attributes:
- Name: e.g. beyondtrust.demo@arculix.xyz
- EmailAddress
- GivenName
- Surname
- Group: This needs to correspond to a Group Policy in Name in Remote Support.
- For SAML for Public Portals, one more configuration step is required in BeyondTrust Remote Support.
- Click Public Portals, then click Public Sites.
- Edit the portal.
- Ensure Require SAML Authentication and Display Customer Notices are checked.
- This step does not apply to SAML for Representatives.
- Assign the new application to a test user.
- Test the application:
- Click the App in the Arculix portal for the test user.
- Single Sign-On authenticates to Remote Support.
- The test user should have access to Remote Support as per the Group Policy.
Should you need any assistance, please log into the Customer Portal to chat with Support.