Arthur has role-based access control (RBAC) to restrict system access. To authenticate, a client application must provide a unique API key. This key should be kept secure and rotated often. Users can login to the dashboard UI with their username and password. Alternatively, the dashboard also supports SAML 2.0 authentication if your organization has an Identity Provider (IdP).