You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 18 Next »

Table of Contents

Logging In For the First Time

After installation is complete, the initial login occurs automatically. To log in subsequently, visit http://www.yourdomain.com/[installation_directory]/admin/login or http://www.yourdomain.com/[installation_directory]/index.php/admin/login and enter the username and password specified during installation. The URL is determined whether the .htaccess file that ships with Blesta is present. If mod_rewrite is not supported by the webserver, it must be deleted and the URL with "index.php" specified must be used.

If your hosting provider installed Blesta for you, or provided a VM image to do so, and you did not specify a username and password, they may have already set up a login for you. If the system is installed, and a login has not yet been created, accessing the login page will prompt you to create one. Review their documentation, or contact them to determine what you should use to login if you are prompted.

Configuring Two-Factor Authentication

Two-Factor authentication is highly recommended as a security precaution against unauthorized access to your account. Blesta supports both MOTP and TOTP. The following mobile applications are recommended for Android and iOS, respectively, and many others are supported as well.

For Android
  1. Android Token - http://code.google.com/p/androidtoken/
  2. Google Authenticator - https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en
For iOS (iPhone, iPad)
  1. OATH Token - http://itunes.apple.com/us/app/oath-token/id364017137?mt=8
  2. Google Authenticator - https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8

Google Authenticator

Using Google Authenticator with Blesta is pretty straight forward, but requires a little manipulation to get the key in the correct format. Blesta expects TOTP keys to be in hexadecimal format (base16), but Google Authenticator uses base32. So we have to convert our Google Authenticator keys into hexadecimal before storing in Blesta.

There are a number of online utilities to perform this operation. Here’s one:http://www.darkfader.net/toolbox/convert/.

As an example, “PEHMPSDNLXIOG65U” (in base32) becomes “790ec7c86d5dd0e37bb4″ in hexadecimal. Simply select Time-based One Time Password as the two factor authentication method in Blesta then enter the converted (hexdecimal) value and you’re good to go.

To set up Two-Factor Authentication, visit the "My Info" link at the top of the screen.

If you have access to add additional Staff, you can set up Two-Factor Authentication at account creation under [Settings] > [System Settings] > Staff.

 

  • No labels