This guide is for Admins, IT managers and Help Desk staff who are supporting a Keyless deployment.
User Experience is at the forefront of Keyless products, and we understand that the experience of using Keyless can be new and confusing in certain environments, especially if people have grown accustomed to insecure passwords such as qwerty, password, and 123456.
Rolling out passwordless MFA to your company can produce questions from your end-users. This document is designed to provide you with quick answers to issues experienced by users and a structure for diagnosing and supporting their passwordless journey.
Help desk and IT staff are an important component of any Keyless deployment. Education and awareness are key factors in ensuring their success and ultimately your success in deploying Keyless. Use these resources to train your team in supporting Keyless users throughout the deployment.
Once a user is enrolled, authentication with Keyless is fast and secure. The user simply logs in to the relying party service using only his username. The user will then get a push notification to the Keyless Authenticator app asking him to authenticate by showing his face. Upon successful authentication, the user will be granted access to the relying part service.
For a full walkthrough of the authentication flow, please refer to the End User Guide.
Some terms you may encounter in this documentation, among your internal IT team, or from end users
The process of adding an account to the Keyless Authenticator application. In a quick, 30 second process, the end user can add an account by scanning a QR code and authentication using the Keyless Authenticator application.
The process of using the Keyless Authenticator application to gain access to certain applications, service or workstation.
The act of removing a Keyless account associated to a specific users.
The web or workstation service which an administration uses to generate policies and access for users of a specific service.
A user’s authentication device type (iPhone, Android, etc).
This is an out-of-band authentication request that is sent to the Keyless Authenticator App on an enrolled device
The Keyless team is available to assist with any request through our help service portal available online. There, you will be able to view existing requests submitted for your organization and can request new tickets.
Users will begin with the link provided in their enrollment email. Users will be asked to login with their corporate account credentials:
Once successfully signed in with their existing username and password, users can scan a QR code with their mobile authentication device using the Keyless Authenticator app:
If a user says that they cannot scan the QR code, ask them to verify that they have allowed the app access to the phone’s camera; otherwise they will not be able to scan the code. More information on this process is available in our Account Linking Guide
The user will then be prompted to authenticate by showing his face in the Keyless Authenticator application. If successfully authenticated, the following screen will appear. The user is now enrolled and his account is activated.
Emails can be re-sent to users. If an existing user tries to re-enroll, Keyless will notify him that he cannot re-enroll before deleting his previous account.
If an existing user tries to re-enroll with his existing device, Keyless will notify him that he cannot re-enroll before deleting his previous account.
Pieces of information that could help you provide better support for your employess.
Enabling backups is highly recommended.
To enable the backup functionality, please make sure that the user has the most updated Keyless App from the App Store or Google Play and follow the steps below:
Make sure that iCloud Drive is enabled on your device and you have enough space to perform the backup (at least 1 Mb):
Go to Settings - [Your Name] - iCloud - and make sure iCloud Drive is enabled.
Open the Keyless app and click the gear icon in the top right corner to go to “Settings”.
Check "Enable Backups" and wait a few seconds for the operation to be completed successfully.
Make sure that you have enough space on Google Drive to perform a backup (at least 1 Mb)
Open the Keyless app and click the gear icon in the top right corner to go to “Settings”
Check "Enable Backups" and wait a few seconds for the operation to be completed successfully.
Users must make sure they are using one of the supported web browsers. If the problem persists, users may need to clear their cache and cookies.
The user needs to make sure that the face:
is fully visible in the preview on the screen.
is not covered by hair, a scarf, a hat, or a mask.
is adequately illuminated.
Make sure that there are no direct light sources on the device's internal camera as these light sources may compromise the enrolment process.
The user must ensure that he/she has entered their email correctly, and that the phone has internet connection.
The user must disable "Do not disturb", "Do not disturb while driving" on the smartphone.
The user must verify that they have enabled notifications for Keyless Authenticator:
On Android devices:
Long press on the Keyless Authenticator icon
Open the "App info" item in the menu
Open the "Notifications" item
Make sure that "Show notifications" is enabled
On iOS devices:
Open the Settings application
Open Notifications -> Keyless
Make sure "Allow Notifications" is enabled
Timeouts are a common foundation for security and a consistent source of hidden risk to an end user’s experience.
On Authentication: Most timeouts can be resolved by having the user repeat the action, such as authentication, and quickly proceeding to their next action – such as authenticating. On Pairing: Timeouts equally serve to limit the exposure of a user’s active enrollment.
Users may experience timeouts during registration for several reasons:
A user has reached an active QR scan screen – and is downloading the mobile application and this has led to a timeout of the QR screen. Simply have the user have their app open with their scan QR camera ready and select try again on the workstation.
A user has reached the QR screen, and the QR screen has vanished – or timed out – while the user is in the middle of enrolling or registering an authenticator. The user is unfortunately taking too long to complete the pairing. Try and have the user do this again during a troubleshooting session and identify which part of the process is taking the user the most amount of time.
Make sure to visit the Keyless Support Center. In the Support Center you will find links to documentation, guides, and important information. In addition, you can contact Keyless support via our help desk service.
The Keyless team is available to assist with any request through our help service portal available online. There, you will be able to view existing requests submitted for your organization and can request new tickets:
Step 1: Start from our Support Center available online at http://keyless.io/support.
Step 2: Click “Support Request” from the main support page. This will redirect you to the Keyless service desk:
Step 3: Click create a ticket - provide as much context and we will be well positioned to provide speedy support.
Step 4: Upon successful creation - you should receive an email with confirmation on creation that includes a link you can use to track the support request. A support team member will reach out to you about your new request and work with you to make sure it is addressed.
Step 5: To view tickets you have raised or have been added to - once signed in, tap "Requests" button at the top right corner of the screen. This page provides an overview of all requests you have submitted including information on creation time, activity, and status.
Level 3 Support has the ability to contact Keyless Support directly to raise issues that have no clear resolution. Keyless support will work with your teams to reach rapid resolution. You can access the support portal. The support portal serves several purposes. You can:
Raise and monitor support requests
Browse our documentation and knowledge baseFind the latest Keyless product offering
Once you are logged into the portal you can submit a request by tapping the “Submit Request” button.
Use the description text that best matches the scenario. An example of a request containing information which will reduce the time to resolution may include:
Phone Model: IPhone 8
Phone OS: iOS 13.2.2
Time of Issue: I experience the issue as early as 4:30 am EST to trying after hours as late 9:30 p.m. EST
Place of Issue: Office
Relevant Log Files/Screenshots: as attachments
Issue: User Is unable to unlock their workstation using Keyless
Steps taken when issue is experienced:
Step 1 ....
Step 2...
Step 3...
The Keyless Authenticator application contains an easy to use menu to enable the user to provide help desk teams with information about the user's associated software and devices.
Encouraging users to upgrade to the latest version of the Keyless Authenticator application and the latest available operating system may improve application performance and reduce the risk of bugs while improving the security of the user experience.
To guide a user in how to submit mobile information to your organization, ask the user to select the Settings menu, or gear in the top right corner of the main screen of their mobile app. From here, have the user select “Contact Support” and the user’s email service will appear with the contents of the message.
If the user receives an error message and their email service does not appear, this indicates the user’s email client is not currently configured. Inform the user and ask them if they would be interested in setting up their email client on their mobile device.