# Getting Started
Contact your BlueFletch sales representative to activate BlueFletch Identity for your organization's Portal. Once your request has been completed, you can log in to the Portal again to access the Identity Manager sidebar option.
The Bluefletch Identity system requires three applications: Identity Kiosk, BF Identity Auth, and Portal. Users are added and managed through the Portal. Afterward, they take an activation code to the Identity Kiosk to activate and print credentials. With these credentials, users can access mobile devices with the BF Identity Auth application.
### Portal IdP Roles/Permissions Setup
Once BlueFletch Identity is activated within the Portal, a user with permissions to set roles in the Portal must assign the BF IdP Admin role to a user or create a new role with the same permissions. A user with this role will be able to generate API keys, manage users, and view audit logs. Other users who need to manage or view users should be assigned role permissions that match the desired access level.
### Device Configuration and Setup
#### Kiosk:
1. On the kiosk device (ex. Zebra KC50 or Zebra CC610) with a hardware scanner, install the following applications:
* Launcher: Creates the device folders where configuration files, such as launcher.json, are placed during installation.
* Auth: Enables login and logout functionality within Launcher.
* Support Application: Allows administrators to monitor events and issues encountered by Chat users on their devices.
* Device ID: Grants the Support Application the ability to identify devices using Identity Kiosk.
* Identity Kiosk v1.1.5+: You can find it on the[ BF Portal Downloads](https://ems.bluefletch.com/launcher/configurations) page.
2. Open your "launcher.json" file (IDE or BlueFletch Portal editor). If you don't have one, follow the[ Getting Started with a Launcher](https://open-2c.gitbook.com/url/preview/site_6kGuV/product-guides/bluefletch-launcher/getting-started) guide.
3. Ensure the "orgId" property within the "bfSupportAgent” object under the “appConfigs” object matches your company's BlueFletch ID (found in BF Portal[ Admin Organization](https://ems.bluefletch.com/admin/organization) page).
```json
"appConfig":{
"bfSupportAgent": {
"orgId": "[ORG ID HERE]",
"eventUrl": "...",
"logUrl": "...",
"samplingTimer": 30
}
```
4. Include the “bfIdentity” object under “appConfigs” in the configuration file and set the relevant configuration values. An API key for BlueFletch Identity can be generated on the Portal > Identity Manager > Api Keys page. Copy the generated key and place it in the config.
```json
"appConfig":{
"bfSupportAgent": {
"orgId": "[ORG ID HERE]",
"eventUrl": "...",
"logUrl": "...",
"samplingTimer": 30
},
"bfIdentity": {
"apiUrl": "https://idp.bluefletch.com",
"apiKey": "[YOUR API KEY HERE]",
"enableUserPhoto": false,
"kioskInactivityAlertInSeconds": 45,
"kioskInactivityEndSessionInSeconds": 15
}
},
"settings": {
"pinMaxLength": 6,
"pinAutoSubmit": true,
"pinEnforceSequentialRule": false,
"pinEnforceConsecutiveRule": true,
"pinEnforceBlackList": "1111,9111",
}
```
{% hint style="info" %}
The configuration also includes a `settings` block for PIN length and complexity rules. For more details, refer to the Technical Guide.
{% endhint %}
#### Mobile Device
1. On the mobile devices that will use BlueFletch Identity for authentication, install the following:
* Launcher: Creates the device folders where configuration files, such as launcher.json, are placed during installation.
* BF Identity Auth v4.16.11+: Enables login and logout functionality within the Launcher. You can find it on the[ BF Portal Downloads](https://ems.bluefletch.com/launcher/configurations) page.
* Support Application: Allows administrators to monitor events and issues encountered by Chat users on their devices.
* Device ID: Grants the Support Application the ability to identify devices using Identity Kiosk.
2. Open your "launcher.json" file (IDE or BlueFletch Portal editor). If you don't have one, follow the[ Getting Started with a Launcher](https://open-2c.gitbook.com/url/preview/site_6kGuV/product-guides/bluefletch-launcher/getting-started) guide. The mobile device will require the same settings as the kiosk, with a couple of required additions in the “settings” block of the configuration:
```json
"settings":{
"useSecondaryAuth": "pin",
"secondaryAuthPinLength": 6
}
```
{% hint style="info" %}
These settings are required so that users can reauthenticate with their PIN. The "secondaryAuthPinLength" MUST match the “pinMaxLength”.
{% endhint %}
With the devices installed with the required apps and properly configured files, the system is set up to create and manage users, as well as allow users to authenticate with devices. Users can be added in the Portal within the Identity Manager -> Manage section.
**Alternative device authentication method:**
Authentication of kiosk or mobile devices can also be done using device tokens instead of generated API keys. See [Key Management](https://app.gitbook.com/o/2muMW9c5lsjUIFGQklsF/sites/site_6kGuV/preview).
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.bluefletch.com/bluefletch-enterprise/product-guides/workforce-identity/bluefletch-identity/getting-started.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.