Question 1

Do I have to replace my IdP to use Arcane?

Accepted Answer

No. Arcane federates with your existing identity provider via OIDC or SAML — Okta, Entra, Google Workspace, Auth0, or anything else that speaks the standard — and adds an authorization layer on top. Users still log in where they always have.

Question 2

Is this a credential vault?

Accepted Answer

No. Arcane issues short-lived credentials at request time and signs every decision. It does not store long-lived passwords or static keys. Where downstream services require a vendor token, Arcane brokers a short-lived exchange at request time.

Question 3

How does Arcane reach my agent's tool calls?

Accepted Answer

Two paths. The SDK wraps tool invocations inside your agent process. The transparent proxy sits in front of any HTTP service — MCP servers, internal APIs, third-party SaaS — and evaluates the same policy.

Question 4

What does the audit trail look like?

Accepted Answer

A structured, signed record per decision: timestamp, user, agent, workload, task, resource, matched rule, outcome. Chained for tamper-evidence. Exportable in formats your auditor accepts.

Question 5

Where does Arcane run?

Accepted Answer

In your account. The control plane is VPC-native — policy evaluation, token mint, and audit emission stay inside your perimeter. No round-trip to a third party.

Question 6

How can I work with the team?

Accepted Answer

We're working directly with a small number of teams whose agents touch real data — internal or customer-facing. Request access to start a conversation.

FAQ