# Features

## Overview

BlueFletch Identity streamlines onboarding and simplifies secure access for frontline workers by integrating with the organization’s existing Identity Providers (IDPs).

### Support for Complex Login Scenarios

BlueFletch Identity is built to handle diverse and secure login methods tailored to the needs of dynamic workforces. It supports:

* **PIV/CAC Card Login:** Enable secure access using government-issued smart cards, ideal for regulated industries or government contractors.
* **Biometric Authentication:** Provide fast and secure logins with facial recognition or fingerprint scanning, reducing reliance on passwords.
* **QR Codes and Badge Scans:** Simplify access for temporary or seasonal workers with scannable credentials that are easy to issue and revoke.

### Seamless Seasonal Vendor Access

BlueFletch Identity simplifies the management of temporary users, such as seasonal staff, contractors, and vendors, by offering:

* **Flexible Role-Based Access Controls:** Assign permissions based on job function, location, or shift without compromising security or efficiency.
* **Session Limits:** Automatically deactivate accounts when no longer needed, reducing administrative overhead during peak periods.
* **Quick Provisioning and Deprovisioning:** Onboard and offboard users efficiently with bulk enrollment tools or activation codes.

### Native Support for BlueFletch Quick Auth

BlueFletch Identity integrates seamlessly with Quick Auth, designed specifically for shared Android devices. This enables:

* **Fast Authentication:** Reduce login times for frontline workers in high-turnover environments with streamlined methods like PIN codes or biometrics.
* **Secure Shared Device Access:** Ensure that only authorized users can access shared devices, protecting sensitive data and applications.

### Enterprise Directory Sync

BlueFletch Identity connects with existing identity providers (IDPs) to ensure seamless integration into your organization’s infrastructure. Key capabilities include:

* **Hybrid Identity Support:** Operate in tandem with IDPs like Azure AD and Okta, allowing for centralized identity management.
* **Standalone Operation:** For organizations without an existing IDP, BlueFletch Identity can function independently to manage user authentication.
* **Real-Time Syncing:** Keep user data up-to-date across systems, ensuring accurate permissions and reducing manual updates.

### Security & Compliance

BlueFletch Identity enforces advanced security measures to protect your systems and ensure compliance with data security regulations. Features include:

* **Multi-Factor Authentication (MFA):** Add an extra layer of security by requiring multiple forms of verification.
* **Session Expiration:** Automatically log users out after a set period of inactivity to prevent unauthorized access.
* **Device-Based Access Controls:** Restrict access to specific devices, ensuring that only approved hardware can be used.
* **Comprehensive Audit Logging:** Track all authentication events and access attempts for full visibility and compliance reporting.

### Cross-Platform Readiness

BlueFletch Identity is designed to support authentication flows across Android, iOS, and web environments, providing flexibility for diverse device ecosystems.

* **Android and iOS Compatibility:** Enable secure access on mobile devices, whether shared or individually assigned.
* **Web Environment Support:** Extend authentication capabilities to web-based applications, ensuring a consistent experience across platforms.

### Role-Based Access Control

BlueFletch Identity offers granular permission management to ensure users only access what they need. Features include:

* **Customizable Roles:** Define access levels based on job function, location, or other attributes.
* **Dynamic Permissions:** Adjust access in real-time to accommodate changes in roles or responsibilities.
* **Targeted Security Controls:** Limit exposure to sensitive systems by ensuring users only interact with the tools and data relevant to their role.

### Comprehensive Audit Trail

BlueFletch Identity provides full visibility into workforce access with detailed logging of authentication events and activities. Key features include:

* **Authentication Event Tracking:** Record every login, logout, and access attempt for complete transparency.
* **Session Activity Monitoring:** Track user activity during authenticated sessions to identify potential security risks.

## User Guide

BlueFletch Identity enables administrators to configure enrollment profiles through the BlueFletch Portal while streamlining registration for device users. Follow the steps below.

### For Portal Administrators

1. Log in to the **BlueFletch Portal** and navigate to the **Identity Manager > Manage** page.

<figure><img src="/files/kAv3Rk7rfdhEYvJ5iBN7" alt="" width="250"><figcaption></figcaption></figure>

2. Create a [new user](#enrolling-users):

* For bulk enrollment, use the **Import CSV file** option.
* For single or individual enrollment, use the **Add User** option.

<figure><img src="/files/cMbWQ0BQiM66k30wRoV7" alt="" width="563"><figcaption></figcaption></figure>

3. Provide the required details:&#x20;

* First Name, Last Name, Email, Phone Number, and Start/End Dates.
* Appropriate device roles to the user (e.g., Pick and Pack, Driver, Associate).

<figure><img src="/files/3sOXLSidv28BwbNIlZ3l" alt="" width="375"><figcaption></figcaption></figure>

3. Send the activation code to the user via email.
4. Monitor user activation:

* Once the user completes registration at a kiosk using their activation code, verify their status in the Portal as "Active".

<figure><img src="/files/aMK1Xd3NzKpIUoXALrCB" alt=""><figcaption></figcaption></figure>

### For Device Users

#### Before Registration:

1. Check your email for an activation code sent by your administrator.
2. Go to the onsite kiosk and tap the screen to begin.

#### During Registration:

3. Enter your email along with the activation code.
4. Verify your personal details as shown on screen (name, phone, email).
5. Create a [4-digit PIN code](#guidelines-for-creating-secure-pins) to act as your password.
6. Take a photo for your ID badge.

#### After Registration:

7. Your badge will be printed with a QR code or barcode.
8. Use the printed badge to scan into a workforce device.
9. Enter your PIN code on the device when prompted to complete the login process.

### How BF Identity Enables Secure Access

* OpenID Connect (OIDC): Supports integration with modern identity systems for secure and scalable authentication.
* Multi-Factor Authentication (MFA): Provides an additional layer of security to verify user identity.
* FIDO2 Authentication: Enables passwordless, phishing-resistant authentication for enhanced workforce security.

### Types of Hardware

To streamline authentication and badge creation for frontline workers, BlueFletch Identity uses the following devices:

#### Kiosks

Enables temporary employees to create badges and authenticate their identity quickly and securely.

#### Printer

Prints lightweight paper badges, similar to a receipt printer, for temporary employees.

#### Badges

Serves as temporary credentials with a QR code and user name for authentication and access.

#### Workforce Devices

Allows employees to securely log in, log out, and access work tools using role-based applications.

### Enrolling Users

There are two ways to enroll users into the system:

<figure><img src="/files/TfGww4wgh9fIwOtb5GRK" alt="" width="563"><figcaption></figcaption></figure>

#### Import CSV File

This method allows administrators to bulk enroll multiple users by uploading a CSV file containing user details. It’s ideal for onboarding large groups, such as new hires or seasonal workers.

#### Add User

This method enables administrators to manually add individual users by entering their details, assigning roles, and generating an activation code. It’s best suited for one-off cases like adding a single new hire or contractor.

### Guidelines for Creating Secure PINs

To protect access and ensure compliance, BlueFletch Identity applies the following PIN security rules:

#### Sequential Digit Rule&#x20;

* pinEnforceSequentialRule: PINs with 4 or more ascending (e.g., 1234, 5678) or descending digits (e.g., 4321, 9876) are not allowed, even if part of a longer PIN (e.g., 001234, 123210).

#### Consecutive Digit Rule&#x20;

* (pinEnforceConsecutiveRule): PINs with 4 or more of the same digit in a row (e.g., 1111, 5555) or within the sequence (e.g., 123111, 990000) are rejected.

**Examples of Rejected PINs:**

* 1111 (4 repeated digits)
* 1234 (4 ascending digits)
* 4321 (4 descending digits)
* 123111 (contains "1111")
* 123210 (contains "3210")

**Examples of Allowed PINs:**

* 1123 (only 2 ones together)
* 1357 (non-sequential digits)
* 112233 (max 2 consecutive repeated digits)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.bluefletch.com/bluefletch-enterprise/product-guides/workforce-identity/bluefletch-identity/features.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.