...
| Table of Contents | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
Logging
...
in for the first time a Staff user
After installation is complete, the initial login occurs automatically.
To log in subsequently, visit httphttps://www.yourdomain.com/[installation_directory]/admin/login and enter the username and password specified during installation.
...
| Info |
|---|
If your hosting provider installed Blesta for you, or provided a VM image to do so, and you did not specify a username and password, they may have already set up a login for you. If the system is installed, and a login has not yet been created, accessing the login page will prompt you to create one. Review their documentation, or contact them to determine what you should use to login if you are prompted. |
Configuring Two-Factor Authentication
Two-Factor authentication is highly recommended as a security precaution against unauthorized access to your account. Blesta supports both MOTP and TOTP. The following mobile applications are recommended for Android and iOS, respectively, and many others are supported as well.
For Android
- Android Token - http://code.google.com/p/androidtoken/
- Google Authenticator - https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en
For iOS (iPhone, iPad)
- OATH Token - http://itunes.apple.com/us/app/oath-token/id364017137?mt=8
- Google Authenticator - https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8
| Note | ||
|---|---|---|
| ||
As of Blesta 3.1, a QR code may be scanned from Google Authenticator to set it up. If you are running an earlier version of Blesta, continue reading. Using Google Authenticator with Blesta is pretty straight forward, but requires a little manipulation to get the key in the correct format. Blesta expects TOTP keys to be in hexadecimal format (base16), but Google Authenticator uses base32. So we have to convert our Google Authenticator keys into hexadecimal before storing in Blesta. There are a number of online utilities to perform this operation. Here’s one:http://www.darkfader.net/toolbox/convert/. As an example, “PEHMPSDNLXIOG65U” (in base32) becomes “790ec7c86d5dd0e37bb4″ in hexadecimal. Simply select Time-based One Time Password as the two factor authentication method in Blesta then enter the converted (hexdecimal) value and you’re good to go. |
For YubiKey
- For instructions on setting up your YubiKey to generate TOTP tokens visit http://www.yubico.com/totp
- If you follow the instructions provided by yubico you will need to convert your Google secret key from base32 into hexadecimal (base16) format before adding it to Blesta. Instructions on doing that are provided in the note above.
To set up Two-Factor Authentication, visit the "My Info" link at the top of any staff page.
If you have access to add additional Staff, you can set up Two-Factor Authentication at account creation under [Settings] > [System Settings] > Staff.
Resetting a Password
Resetting your Password
To reset your Staff password, click the "Reset My Password" link from the login page at http://www.yourdomain.com/[installation_directory]/index.php/admin/login, enter your username, and click "Reset Password". Check your email for a time sensitive link that you will use to choose a new password.
Clients and Staff members alike Clients and Staff members may request to reset their password from their respective log in screens by clicking the Reset Password link. Users are then asked to enter their username, and, if a match is found, an email with a temporarily link is sent to the address on file. Clicking the link will take the user to a page that will allow them to enter a new password.
By default Blesta will display a success message for all reset requests, regardless of whether or not a match is found. This is a security measure designed to not to reveal information about users that may or may not exist within the system. You can disable this feature by modifying the Blesta.default_password_reset_value Configuration Files value.
...