To ensure a secure environment, BlueConic uses a two-step process to authenticate users and grant them access to BlueConic. The first step of the authentication process requires a valid username/password combination. The second step of the authentication process requires a unique verification code. The first time a user logs in to BlueConic, they enter their username and password. A username in BlueConic must be a valid e-mail address. If the username assigned to a new user is not in the form of an e-mail address, they will be asked to enter a valid e-mail address the first time they attempt to log in. Once that step is completed, the user's username will be their e-mail address from that point on. After the user clicks [Submit] on the Login screen, a message appears indicating that a verification code for BlueConic access is being sent to their e-mail address.
After the verification code is sent to the user, they must then enter that verification code in the "Verification Code" field when prompted. For example:
Once the correct verification code has been entered, the user is authenticated to access BlueConic. This step needs to be performed just once initially, and then after that, every 30 days. The user also receives a new verification code via e-mail if they attempt to log in to BlueConic using a different browser, from a different location or if logging in fails 3 times or more.
When a user receives their verification code, they must submit it in BlueConic within one hour. After that, the verification code is no longer valid and the user will receive a new verification code when attempting to log in.
Configure the BlueConic e-mail settings
After you install BlueConic but before you add any users, configure the e-mail settings in the Settings > General tab. This is important because before new users can be authenticated, BlueConic must be able to send them an e-mail message containing their verification code. Enter a valid e-mail address in the "Default Mail Sender" field. If you do not enter an e-mail address in the "Default Mail Sender" field, the default sender "firstname.lastname@example.org" will be used. It is strongly recommended that you enter the e-mail address of the user responsible for BlueConic user management in this field so that users experiencing problems logging in can contact the right person.
If you are running a local version of BlueConic, enter a valid server name in the "Mail Server Hostname" field. If you are running an On-Demand version of BlueConic and want to use a mail server other than the On-Demand mail service, enter a valid server name in the "Optional Own Mail Server" field.
Verification code expiration
For security reasons, the verification code that authorizes a user to log in to BlueConic expires every 30 days. The first time the user attempts to log in to BlueConic after their verification code has expired, they will be informed that their verification code is no longer valid and that a new one has been sent to their e-mail address. After the user enters the new verification code when logging in to the BlueConic, their access will be restored.