Add new users to your protected network

Add new users to your protected network

Welcome to the BlastShield™ Quick Start Guide. In this series of articles you will learn how to setup your BlastShield™ protected network. To get your BlastShield network up and running, the following workflows are required.

  1. Sign-up and register for a BlastShield account
  2. Authenticate and connect to BlastShield™
  3. Launch your Orchestrator and add BlastShield™ Agents to protect your servers
  4. Create policy for zero-trust access
  5. Add new users to your protected network (this article)


New users are registered on the BlastShield™ network using a secure, invitation-based methodology that uses multi-factor authentication and is password-free.

This process will create a new user account, and will generate an invitation (.bsi) file for the new user. You must send the invitation file to the new user so that they can activate their account. The invitation files are personal to each user, so you will have to generate one invitation file for each new user. The process looks like this:

  1. Create a profile for the new user in the Orchestrator and download the BSI invitation file
  2. Give the invitation file to the new user
  3. The new user registers using the BlastShield™ Desktop Client and BlastShield Authenticator app using the BSI file.

The invitation files are single-use, so if for any reason you want to repeat the registration step for a user you must generate a new invitation file.

1. Add new users to your protected network

First, add the new user in the Orchestrator, and save the invitation (.bsi) file as described below:

  1. Select "Users" from the left menu.
  2. Select "Add New User" from the user list.
  3. Enter the user name for the new user.
  4. Confirm or enter the IP address for your new user (You can override auto-selected IP addresses).
  5. Select Orchestrator Admin Privileges (None, Read-Only, Read-Write).
  6. Assign the new user to Groups (Note: groups can be added or modified later if you wish).
  7. Select "Save and Download Invitation" and download the invitation .bsi file.
  8. Note: Save this .bsi file in a convenient location. The new user will use it to register to the network the first time.

This process is shown in the following video:

2. Give the invitation file to the new user

Next, you will share the invitation (.bsi) file with your remote user, and they will register to the network using this invitation file. 

Here you will find an article which helps new users learn how to connect for the first time. You can share this article with your new users.

3. The new user registers using the invitation file.

The new user will install the Desktop client on their computer and the Mobile Authenticator App on their phone and use them register to the BlastShield network. The desktop client will ask for the invitation BSI file during the process to validate the registration and the user will also be required to authenticate biometrics on their mobile device.

To learn how to do this, watch the following video or read the instructions below.

  1. Launch the BlastShield™ Authenticator Mobile App
  2. Launch the BlastShield™ Desktop App
  3. From within the BlastShield™ Desktop App Select the "Mobile App" Authentication Method
  4. You will be prompted to scan a QR Code with your Mobile App
  5. Scan the QR Code with your BlastShield™ Authenticator Mobile App
  6. Select "Add new" - this is when you will register this key to the network
  7. Locate and select the invitation file (BSI) you received
  8. Enter a name for this network (Note: this can be any name of your choosing)
  9. You will be prompted to verify your facial or biometric identification (mobile device dependent)
  10. Once your identification is verified you will be logged into the BlastShield™ network

Once you have registered and authenticated for the first time, you will no longer require the .bsi invitation file.

If you would like the BlastShield™ Client to stay connected when your screen is locked then you can configure this in the Client as described below:

  1. Click on the BlastShield icon on your desktop
  2. Click on the Settings menu
  3. Uncheck the option for 'Disconnect from network when desktop is locked'

Other connectivity options

Most users will use the Desktop Client and the Mobile Authenticator to connect, but we also offer two other methods for connections and authentication. These are:

  1. Network access using the BlastShield™ Mobile Client. Allows you to access the network via your mobile device, eg tablet.
  2. Authentication using a FIDO2 compliant key. This is for users who do not have biometric Id support on their mobile device.


If you have any problems, please review the troubleshooting guide which addresses the common questions regarding registration, authentication and connecting.

Instructions for new users

Here you will find an article which helps new users learn how to connect for the first time