We do everything we can to make working with Blue10 as easy as possible, but also as secure as possible. Various authentication methods are available for accessing Blue10 environments, such as logging in with a combination of email address and password, with a Microsoft or Google account and Azure AD/Microsoft Entra in combination with an Enterprise subscription.
The email address and password login method now also has an additional security option: Blue10 multi-factor authentication (MFA). In addition to the password, Blue10 asks the user to enter an additional code after a preset interval. This unique code is generated randomly each time by an authentication app. In this blog, we explain what MFA is, what the benefits are and how you can use it to make your Blue10 account extra secure.
Do you work in an Enterprise environment where Microsoft Entra or Google Workspace is the only authorised login method? In that case, Multifactor Authentication can be set up by the administrator, and not via Blue10 itself. Read more here.
What is MFA and what is it used for?
Multifactor authentication, or MFA, is an additional verification on top of your standard password. A user must successfully complete several steps to gain access to an account. This makes it much more difficult for unauthorised persons to access an account, even if they have your password.
There are various forms of MFA. These differ considerably, but they all provide extra security for an account. Examples include security questions, a fingerprint scan or even presence at a specific location. Blue10 uses a Time-Based One-Time Password (TOTP). A TOTP is a unique code that is generated from a personal device, such as a smartphone, with an authenticator app. This means you never use the same code twice, and you never know in advance which code you will receive. This makes it one of the most secure forms of multi-factor authentication.
Who can use MFA in Blue10?
The MFA functionality is available to users with all types of Blue10 subscriptions who log in with an email address and password. An exception applies to users who work in an Enterprise environment in which Microsoft Entra/Azure AD or Google Workspace is the only permitted login method. This integration also has an MFA functionality. The Blue10 MFA does not apply here.
What is the difference between the multifactor authentication via Blue10 and via the integration with Microsoft Entra/Azure AD and Google Workspace?
By using the integration with Microsoft Entra/Azure AD in combination with an Enterprise subscription in Blue10, a system or application administrator can manage users centrally. The option for multi-factor authentication when logging in is also managed in this way. The organisation therefore chooses the way in which a user logs in to Blue10. Furthermore, the integration with Microsoft Entra/Azure AD offers other advantages for organisations, such as a single sign-on option. Read more here (in Dutch). The multifactor authentication that this blog is about is part of Blue10 itself and can be set up there by an administrator.
What can an administrator set up regarding Blue10 multifactor authentication?
Users with administrator rights can activate multifactor authentication for the users within their environment and determine the conditions.
For example, it is possible to keep MFA optional for all users, or to make it mandatory. In addition, an administrator can determine how often an authentication code is requested: at each login attempt, every 7 days or every 14 days. Furthermore, the Blue10 audit log records which users log in with (optional) multi-factor authentication.
Would you like to set up MFA for the users in your environment? Read more here (in Dutch).
What can a user set up regarding MFA?
Depending on what the administrator has set up, there are various settings available for users who work with multifactor authentication. If MFA is optional for the user, they can disconnect the MFA and set it up again if desired. Read more here.
Trusted device
Because it is possible to log in to Blue10 via multiple devices such as a computer or tablet, Blue10 will ask whether it is a ‘trusted device’ when logging in. If it is indeed a device that is used to log in more often, check the box next to ‘trusted device’. The preset period during which a verification code is not requested will be reset for all devices at that time. If a device has not been used to log in for 30 days, it will be automatically removed from the list of trusted devices. This list can be found under ‘My Settings’. It is also possible to remove a device yourself here.
Authentication apps
Users who work with multi-factor authentication must download an authentication app to a device themselves. Each user is free to choose an app from the App Store or Play Store. Many suitable authentication apps can be downloaded for free, such as Microsoft Authenticator and Google Authenticator.
Are you unable to log in to your account?
Is multi-factor authentication enabled and you can no longer access your account? You can solve this yourself by following a few steps. Read more here (in Dutch).
