Remote Access
BlastShield™ Remote User access is highly secure and convenient. In just a few simple steps your remote users are quickly authenticated and connected to the BlastShield™ network of their choice. Below, you will find basic information about remote users, and remote user access into a BlastShield™ network.
Note
User identification in the BlastShield™ network is based on public-private keypairs. All network users identify themselves using a combination of a randomized 64-bit node identifier and a 256-bit elliptic curve keypair. A public-private keypair is generated when a new user registers with the BlastShield™ network. When you register as a new BlastShield™ user using the Mobile Authenticator app, your private key is created on your mobile device and stored in it's secure enclave.
Summary of Remote Access Methods
Once a new remote user has been added to the BlastShield™ network they will perform a one-time registration, and can then access the network as often as they wish. Remote access into a BlastShield™ network leverages a highly secure three-surface password-less authentication process, and can be accomplished by one of three methods:
Here you can find a summary of all the available methods to connect to BlastShield™. The following pages provide more information and provide more detailed instructions and how-to videos.
Accessing the network using the BlastShield™ Desktop Client.
Remote users can use the BlastShield™ Authenticator Mobile App combined with the the BlastShield™ Desktop Client to quickly access the network.
Accessing the network using your BlastShield™ Mobile Client App.
Remote users can use the BlastShield™ Authenticator Mobile Client App installed on their mobile device to conveniently access the network from their iOS or Android phone or tablet.
Accessing the network using a FIDO2 Key.
Remote users can use their FIDO2 Compliant key, and the BlastShield™ Desktop App to quickly access the network
Remote User Basics
Below are a few basics to remember when managing remote users.
Remote users cannot access a BlastShield™ network unless they have been added from within the Orchestrator.
By default, remote users are not associated with any Group. In order to access protected assets they must be added to a group and policy.
Which protected assets a user may connect to depends on the policy configured for that user in the Orchestrator.