To ensure a secure environment, BlueConic uses a two-step process to authenticate users and grant them access to BlueConic.
How authentication works in BlueConic
The first step of the authentication process requires a valid username/password combination. The second step of the authentication process requires a unique verification code. The first time a user logs in to BlueConic, they enter their username and password. A username in BlueConic must be a valid email address. If the username assigned to a new user is not in the form of an email address, they will be asked to enter a valid email address the first time they attempt to log in. Once that step is completed, the user's username will be their email address from that point on. After the user clicks Submit on the Login screen, a message appears indicating that a verification code for BlueConic access is being sent to their email address.
BlueConic verification code
After the verification code is sent to the user, the user must then enter that verification code in the "Verification Code" field when prompted. For example:
Once the correct verification code has been entered, the user is authenticated to access BlueConic. This step needs to be performed just once initially, and then after that, every 30 days. The user also receives a new verification code via email if they attempt to log in to BlueConic using a different browser, from a different location or if logging in fails 3 times or more.
When a user receives their verification code, they must submit it in BlueConic within one hour. After that, the verification code is no longer valid and the user will receive a new verification code when attempting to log in.
Configure BlueConic email settings
After you install BlueConic but before you add any users, configure the email settings in the Settings > General tab. This is important because before new users can be authenticated, BlueConic must be able to send them an email message containing their verification code. Enter a valid email address in the "Default Mail Sender" field. If you do not enter an email address in the "Default Mail Sender" field, the default sender "support@blueconic.com" will be used. It is strongly recommended that you enter the email address of the user responsible for BlueConic user management in this field so that users experiencing problems logging in can contact the right person.
If you are running a local version of BlueConic, enter a valid server name in the "Mail Server Hostname" field. If you are running an On-Demand version of BlueConic and want to use a mail server other than the On-Demand mail service, enter a valid server name in the "Optional Own Mail Server" field.
Verification code expiration
For security reasons, the verification code that authorizes a user to log into BlueConic expires every 30 days. The first time a user attempts to log in to BlueConic after their verification code has expired, they are informed that their verification code is no longer valid and that a new one has been sent to their email address. After the user enters the new verification code when logging into BlueConic, their access is restored.
Additional notes on BlueConic authentication
- If your site uses single sign-on for authentication (OneLogin, OKTA, Google G-Suite, Azure AD, etc.), passwords are controlled by your single sign-on provider, not by BlueConic. Contact your site administrator for help with single sign-on.
- SSO is enabled or disabled through BlueConic Settings > Access management, along with other access-related configurations such as Users, Roles, and Applications (to authorize external applications to use BlueConic public REST APIs).
- BlueConic offers a password reset process. See Resetting or changing your BlueConic password for details.
- Authentication for external applications that communicate with BlueConic is handled via the REST API authentication process.