Our heylogin guideline for MSP's
As a Managed Service Provider, you are the first point of contact for all technical questions for your customers. To help you get up to speed quickly and easily with heylogin, this article bundles all the information and sources you need. This includes:
- Technical information - how heylogin works in a nutshell
- Instructions - setting heylogin up for and handing it over to your customer
- Organization management - tips and sources with further information
heylogin system in a nutshell
heylogin is very easy to use, for end users without IT knowledge, but also the organization admins or you as MSP. The following information will help in understanding how heylogin works.
heylogin uses the smartphone's or security keys security chip instead of a master password to encrypt the stored data. This also means that when you first set up heylogin, your account is bound to the device.
Of course, it is common to provide customers with their email address when setting up the software, but that does not work here. You have to use your own email, because this is where you set up your personal account. With this, you can subsequently create the organizations for your customers, hand them over, and also manage them as an admin if you wish. But more about that later.
📶On and offline availability.
heylogin is a cloud software, so the application works to its full extent only when the Internet is accessible. In our Compliance Whitepaper we assure our customers a minimum availability of 99.9%. Even if the web app + browser extension does not work in case of an outage, the logins on the smartphone are still available. So, one can open the mobile app even in the event of an internet outage and either type in the logins or log in to their other mobile apps.
✔Security without a master password
As mentioned in the device binding, instead of a human generated and managed master password, heylogin uses the smartphone’s or or security key’s secure element. There, a randomly generated lenghty secret code is created, which is then used to encrypt the data.
This means that this secret can only be accessed with your heylogin account on the smartphone plus PIN or biometrics (unlock). When the app is uninstalled, this access is locked and can only be restored by disconnecting the device by an org admin. For more technical details, feel free to check out our Security Whitepaper or read the summary in our Blog Post.
The setup of heylogin
Create your own account
To be able to manage heylogin for your customers, you first need to create an account for yourself.
Important: Use your own email address for your account, not the customer's. As explained above, there is device binding.
The smartphone is mandatory, however, you can additionally secure access to your account after successful setup. First, install the mobile app from the Play or Appstore; you will then be guided through all the steps during setup. You can also find detailed step-by-step instructions in our Helpcenter.
Securing your account access
Once your account is successfully created, you can then set up additional login devices. This way, you can still access your account even if the smartphone is lost or broken.
To do this, go to https://heylogin.app/settings/devices. Here you can set up either one or two security keys that will work with any of your connected devices. Alternatively, Windows Hello or Apple Touch ID can also be used for individual devices, but these must then be set up several times accordingly.
Info: "Device" in this case means connected browser, as most users do not use more than one browser on their computer.
Create organization for a customer
To create an organization, go to "Settings", select "Accounts" and create a new organization at the very bottom.
Enter the organization name and your email address and the organization is ready. You are currently the admin of this organization, but you can leave it if needed once you have given admin status to your customer. However, in order to do this, the customer must first be invited.
Invite customers to organization
Go to the Management tab (a) and there to "Users"(b), then to "Add user"(c).
Now you can enter your customer's email address, they will receive an invitation email after clicking the "Add User" button, which will guide them through the onboarding process.
If your customer has completed the onboarding and is part of the organization, you can make him an org admin. To do this, simply click on the account in the user overview and activate the toggle in the menu that then opens.
Only now you can leave the organization, because always one member must be Org-Admin. However, you can remain as one of the organizations admins for your customer (if they want that), in order to continue managing the software and to provide support in case of problems such as lost smartphones.
Organization administration and sources for customers.
Regardless of whether you continue to be an org admin of the organization as an IT service provider or just act as a point of contact, there are a few things to keep in mind for heylogin administration. In addition to disconnecting smartphone or security key in case of loss, permissions, control of audit log to detect usage issues and integration of various services such as Azure AD or Google Workspace are also possible.
Admin Best Practices
First things first: heylogin is a security product. No one can easily gain access to the data, not even we as operators. That's why as an organization it is important to set up one or preferably more of our provided backup facilities:
- At least 2 org admins should be in the organization. This way they can reset each other in case of problems
- Set additional login devices to still have access to logins in case of device loss. Possible devices include security keys, Windows Hello, or Apple Touch ID.
Additional measures and best practices for admins can also be found in our blog article on the topic.
What to do in case of device loss?
If a member has lost the login device, i.e. smartphone or security key, the admin can disconnect the device from the member's corporate account in just a few steps. Afterwards, a new device can be connected to the account via an invitation email, and without losing any data. Detailed instructions can be found in this blog article.
In the web app you can reach the personal settings for your heylogin account via the gear icon in the lower left corner. Here you (or your customers) can activate additional login devices, as already explained, but also import old passwords from previously used solutions.
In heylogin confidential data is stored and managed, so in case of a shared pool of data an access restriction makes sense. In heylogin, three other permissions are possible in addition to Org-Admin:
- Login only
For a general introduction as well as an overview of this and other features, it is also worth taking a look at our blog article "First steps in heylogin for companies".
This will tell you everything you need to get started with heylogin, as well as how to support customers. If you have further questions, just contact your heylogin contact person or write to our support.