Register and connect to the BlastShield™ Orchestrator

Register and connect to the BlastShield™ Orchestrator

Welcome to the BlastShield™ Enterprise and Professional Plan Quick Start Guide. In this series of articles you will learn how to setup your BlastShield™ protected network. To get your BlastShield network up and running, the following workflows are required.

  1. Sign up for a BlastShield™ Enterprise or Professional plan. Once your account has been created, you will receive your .bsi invitation file.
  2. Register and connect to the BlastShield™ Orchestrator (this article)
  3. Add BlastShield™ Agents and Gateways to protect your servers
  4. Create policy for zero-trust access
  5. Add new users to your protected network


  1. Make sure you have received the Administrator .bsi file from BlastWave.
  2. Download and install the BlastShield Desktop Client on your local computer. The Desktop Client is available for Linux, Mac and Windows. Download it here.
  3. Install the BlastShield Mobile Authenticator app for multi-factor authentication on your Android phone or iPhone. Download it here.


This step-by-step guide shows you how to register and connect to your BlastShield™ network and then launch the Orchestrator. There are two steps:

  1. Register and connect to the BlastShield™ network.  
  2. Launch the Orchestrator.

Step 1: Register and connect to BlastShield™

To register for the first time you will use the Desktop client to register and create a name for the new network. The desktop client will ask for the invitation BSI file to validate the registration. You will be asked to authenticate your biometrics on your phone to complete the authentication process.

To find out how to do this, watch the following video or read the instructions below.

  1. Launch the BlastShield™ Authenticator Mobile App
  2. Launch the BlastShield™ Desktop App
  3. From within the BlastShield™ Desktop App Select the "Mobile App" Authentication Method
  4. You will be prompted to scan a QR Code with your Mobile App
  5. Scan the QR Code with your BlastShield™ Authenticator Mobile App
  6. Select "Add new" - this is when you will register this key to the network
  7. Locate and select the invitation file (BSI) you received
  8. Enter a name for this network (Note: this can be any name of your choosing)
  9. You will be prompted to verify your facial or biometric identification (mobile device dependent)
  10. Once your identification is verified you will be logged into the BlastShield™ network

Once you have registered and authenticated for the first time, you will no longer require the .bsi invitation file.

If you would like the BlastShield™ Client to stay connected when your screen is locked then you can configure this in the Client as described below:

  1. Click on the BlastShield icon on your desktop
  2. Click on the Settings menu
  3. Uncheck the option for 'Disconnect from network when desktop is locked'

Step 2: Launch the Orchestrator

Once you have connected to BlastShield™, you can launch the Orchestrator to begin managing your new BlastShield™ network.

To launch the Orchestrator simply click on the 'Launch Orchestrator' buton in the Desktop Client. This will trigger an additional authentication step with a QR code scan and biometric check using the Mobile Authenticator app. Please remember that you must be connected to BlastShield™ before you can launch the Orchestrator. See the video below to learn how to launch the Orchestrator.

The Orchestrator will launch in your web browser at

The Dashboard will be displayed as shown below.Now you can move on to the next step where you will add BlastShield™ Agents to protect your servers.

Now you can move on to the next step where you will add BlastShield™ Agents and Gateways to protect your servers.


If you have any problems, please review the troubleshooting guide which addresses the common questions regarding registration, authentication and connecting.

Other connectivity and authentication options

Most users will use the Desktop Client and the Mobile Authenticator to connect, but we also offer two other methods for connections and authentication. These are:

  1. Network access using the BlastShield™ Mobile Client. Allows you to access the network via your mobile device, eg tablet.
  2. Authentication using a FIDO2 compliant key. This is for users who do not have biometric Id support on their mobile device.