Best practices for rolling Keyless to your organization after you've completed the initial integration.
Notifying employees and providing clarity around the deployment.
Get your IT or Support teams ready
Everything you need to know and do to help you deploy Keyless seamlessly in your organization
Keyless is committed to providing you with the best experience possible. We want to be sure you have what you need, whether that be guidance on how to use our product, or where to go for help. By deploying Keyless, you will take a big step toward safeguarding yourself and your organization from data theft and account takeover, while improving the user experience across the organization.
Prepare your internal workforce ahead of the Keyless deployment
Mobile device for each employee
Whether it’s company’s property or employee-owned, a mobile device per person with internet connection is needed for the optimal password-less MFA experience. Currently iOS 13.4 or higher, on iPhone 6 or newer, and Android 7.0 or higher are supported.
Keyless app installed for each employee
Employees will use the Keyless mobile app for authenticating. It’s available in the App Store and Google Play Store.
Use these email templates to inform your team that you're rolling out Keyless.
To be sent 1-2 weeks before rollout.
Subject:
Keyless Passwordless Authentication is coming!
Content:
Dear [name] The IT team is notifying you that your login experience will soon improve. Keyless is being deployed to make your login experience faster, safer, and easier.
Why are things changing? The modern day employee wastes on average 24 hours per year logging into systems and apps. With Keyless, you no longer have to worry about passwords, writing them down, resetting them, or the time it takes to type them in. Keyless protects you against phishing, credential reuse, and account takeover by taking passwords out of the equation.
Starting [month, day] you will use your mobile device with the Keyless mobile app installed to login to your SSO. Say goodbye to your security hardware token or typing of usernames, passwords or codes at every login.
Keyless is the leading provider of best in class privacy-preserving passwordless authentication. Keyless lets you log into your desktop, mobile and web applications with your mobile device. Your personal data can never be accessed by anyone, except yourself. More information is coming soon!
To be sent on the week of the rollout.
Subject:
Keyless Authentication is here!
Content:
In a couple of days we will be rolling out Keyless the new authentication solution which will remove your need to use passwords. Keyless will make your login experience faster, safer and easier.
Starting [month, day] you will use your mobile device with the Keyless mobile app installed to approve every login to your SSO.
Enroll by downloading the Keyless Authenticator from the Apple Store or the Google Play Store and by following the in-app steps and the User Guide.
Any questions, please reach out to the support team at
{insert email alias}
.
This message should be sent on the enrollment date.
Subject:
Keyless is Live!
Content:
Today you will enroll in Keyless, the new passwordless authentication solution! Keyless will make your login experience faster, safer and easier. Follow the below steps to begin:
Step 1: If you haven't done so yet, please download the Keyless application. Search for “Keyless” on the iOS App Store or in your Google Play Store to install the app.
Step 2: Use the following link
{insert link}
to link your account and complete the enrollment using the app. Congrats, you are now enrolled in Keyless. To learn how to use Keyless, please refer to this User Guide. Any questions, please reach out to the support team at{insert email alias}
.
This guide is for Admins, IT managers and Help Desk staff who are supporting a Keyless deployment.
User Experience is at the forefront of Keyless products, and we understand that the experience of using Keyless can be new and confusing in certain environments, especially if people have grown accustomed to insecure passwords such as qwerty
, password
, and 123456
.
Rolling out passwordless MFA to your company can produce questions from your end-users. This document is designed to provide you with quick answers to issues experienced by users and a structure for diagnosing and supporting their passwordless journey.
Help desk and IT staff are an important component of any Keyless deployment. Education and awareness are key factors in ensuring their success and ultimately your success in deploying Keyless. Use these resources to train your team in supporting Keyless users throughout the deployment.
Some terms you may encounter in this documentation, among your internal IT team, or from end users
The process of adding an account to the Keyless Authenticator application. In a quick, 30 second process, the end user can add an account by scanning a QR code and authentication using the Keyless Authenticator application.
The process of using the Keyless Authenticator application to gain access to certain applications, service or workstation.
The act of removing a Keyless account associated to a specific users.
The web or workstation service which an administration uses to generate policies and access for users of a specific service.
A user’s authentication device type (iPhone, Android, etc).
This is an out-of-band authentication request that is sent to the Keyless Authenticator App on an enrolled device
The Keyless team is available to assist with any request through our help service portal available online. There, you will be able to view existing requests submitted for your organization and can request new tickets.
Users will begin with the link provided in their enrollment email. Users will be asked to login with their corporate account credentials:
Once successfully signed in with their existing username and password, users can scan a QR code with their mobile authentication device using the Keyless Authenticator app:
If a user says that they cannot scan the QR code, ask them to verify that they have allowed the app access to the phone’s camera; otherwise they will not be able to scan the code. More information on this process is available in our Account Linking Guide
The user will then be prompted to authenticate by showing htheir face in the Keyless Authenticator application. If successfully authenticated, the following screen will appear. The user is now enrolled and their account is activated.
If an existing user tries to re-enroll, Keyless will notify them that they cannot re-enroll, before providing an option to unlink the previous account.
Once a user is enrolled, authentication with Keyless is fast and secure. The user logs in to the relying party service using only their username. The user will then get a push notification to the Keyless Authenticator app asking them to authenticate by showing their face. Upon successful authentication, the user will be granted access to the relying part service.
For direct support from Keyless, visit the Keyless Support Center.
Level 3 Support has the ability to contact Keyless Support directly to raise issues that have no clear resolution. Keyless support will work with your teams to reach rapid resolution.
Use the description text that best matches the scenario. An example of a request containing information which will reduce the time to resolution may include:
Phone Model: IPhone 8
Phone OS: iOS 13.2.2
Time of Issue: I experience the issue as early as 4:30 am EST to trying after hours as late 9:30 p.m. EST
Place of Issue: Office
Relevant Log Files/Screenshots: as attachments
Issue: User Is unable to unlock their workstation using Keyless
Steps taken when issue is experienced:
Step 1 ....
Step 2...
Step 3...
The Keyless Authenticator application contains an easy to use menu to enable the user to provide help desk teams with information about the user's associated software and devices.
Encouraging users to upgrade to the latest version of the Keyless Authenticator application and the latest available operating system may improve application performance and reduce the risk of bugs while improving the security of the user experience.
To guide a user in how to submit mobile information to your organization, ask the user to select the Settings menu, or gear in the top right corner of the main screen of their mobile app. From here, have the user select “Contact Support” and the user’s email service will appear with the contents of the message.
If the user receives an error message and their email service does not appear, this indicates the user’s email client is not currently configured. Inform the user and ask them if they would be interested in setting up their email client on their mobile device.
Enabling backups is highly recommended.
To enable the backup functionality, please make sure that the user has the most up to date Keyless App from the App Store or Google Play and follow the steps below:
Make sure that you have enough space on Google Drive to perform a backup (at least 1 Mb)
Open the Keyless app and click the gear icon in the top right corner to go to “Settings”
Check "Enable Backups" and wait a few seconds for the operation to be completed successfully.
Make sure that iCloud Drive is enabled on your device and you have enough space to perform the backup (at least 1 Mb):
Go to Settings - [Your Name] - iCloud - and make sure iCloud Drive is enabled.
Open the Keyless app and click the gear icon in the top right corner to go to “Settings”.
Check "Enable Backups" and wait a few seconds for the operation to be completed successfully.
Users must make sure they are using one of the supported web browsers. If the problem persists, users may need to clear their cache and cookies.
The user needs to make sure that the face
is fully visible in the preview on the screen.
is not covered by hair, a scarf, a hat, or a mask.
is adequately illuminated.
Make sure that there are no direct light sources on the device's internal camera as these light sources may compromise the enrollment process.
The user must ensure that they has entered their email correctly, and that the phone has internet connection.
The user must disable "Do not disturb" and "Do not disturb while driving" on the smartphone.
The user must verify that they have enabled notifications for Keyless Authenticator:
On Android devices
Long press on the Keyless Authenticator icon
Open the "App info" item in the menu
Open the "Notifications" item
Make sure that "Show notifications" is enabled
On iOS devices:
Open the Settings application
Open Notifications -> Keyless
Make sure "Allow Notifications" is enabled
Timeouts are a common foundation for security and a consistent source of hidden risk to an end user’s experience.
On Authentication: Most timeouts can be resolved by having the user repeat the action, such as authentication, and quickly proceeding to their next action – such as authenticating.
On Pairing: Timeouts equally serve to limit the exposure of a user’s active enrollment.
Users may experience timeouts during registration for several reasons:
A user has reached an active QR scan screen – and is downloading the mobile application and this has led to a timeout of the QR screen. Simply have the user have their app open with their scan QR camera ready and select try again on the workstation.
A user has reached the QR screen, and the QR screen has vanished – or timed out – while the user is in the middle of enrolling or registering an authenticator. The user is unfortunately taking too long to complete the pairing. Try and have the user do this again during a troubleshooting session and identify which part of the process is taking the user the most amount of time.