SecureAuth IdP

SecureAuth IdP is a workforce access platform that combines SSO (SAML 2.0, OpenID Connect/OAuth 2.0) with MFA (incl. FIDO2/WebAuthn), adaptive risk, RADIUS for VPN/gateway enforcement, and SCIM-based provisioning to downstream apps. Deployments are cloud, hybrid, or on-prem; passwordless and continuous auth features can be added via Arculix by SecureAuth.

Key Capabilities

• Standards-based SSO: Acts as OIDC/OAuth 2.0 and SAML 2.0 IdP for browser and API clients (provider overviews and app setup guides provided).

• FIDO2/WebAuthn & passwordless: Native WebAuthn support for FIDO2 authenticators; global MFA settings and how-it-works guidance are documented

• Adaptive risk engine: Adaptive Authentication analyzes context and can pass, require MFA, or block access; APIs exist to embed these workflows

• RADIUS enforcement: Built-in RADIUS Server and admin console to protect VPNs/Wi-Fi/gateways, with realm integration to the Identity Platform.

• Provisioning (SCIM): SCIM 2.0–based outbound provisioning from SecureAuth to supported apps (e.g., GitHub, AWS, Salesforce) with step-by-step guides.

• Arculix integration: Optional IdP chaining with Arculix by SecureAuth for passwordless/continuous authentication; Acceptto → Arculix rebranding is documented.

Limitations

• Advanced OAuth profiles: Public docs focus on core OAuth/OIDC; not enough public information to confirm support for PAR, DPoP, or mTLS-bound tokens/FAPI

• SCIM directionality: Documentation highlights outbound provisioning from SecureAuth to apps; not enough public information to confirm a general-purpose inbound SCIM 2.0 provider for third parties to manage SecureAuth users.

• Operating model: While cloud/hybrid are available, many features also ship as customer-managed components (e.g., RADIUS, on-prem IdP realms), which adds ops overhead.

• Branding/portfolio: Passwordless/continuous authentication capabilities may be surfaced under Arculix branding; verify versions/features when planning deployments.