Partner Passkey Sign-In
This page is written for partners — people outside Veho who have been invited to use a Vulcan app. If you're a Veho employee adding a partner to your app, see Partner Access instead.
You don't need to install anything, create a Vulcan account, or remember a password. The whole sign-in flow uses a passkey — a credential stored on your device, unlocked by your biometric (Touch ID, Face ID, Windows Hello, or a phone fingerprint).
What a passkey is, briefly
A passkey is a cryptographic credential held by your device's password manager — iCloud Keychain on Apple devices, Google Password Manager on Android, Windows Hello on Windows, or a third-party manager like 1Password. When a site asks you to sign in with a passkey, your device shows the same biometric prompt you'd use to unlock your phone. There is no password to type, remember, or leak.
Passkeys are phishing-resistant: the credential is cryptographically bound to vulcan.shipveho.com. A lookalike site can't trick your device into using it.
Your first sign-in
- You get an invite link from the app owner — usually via Slack, email, or however they normally contact you. The link looks something like
https://vulcan.shipveho.com/auth/guest-claim/.... - Click the link within 24 hours. The invite is single-use and expires after a day.
- A page appears that says "Welcome to Vulcan" and shows your email. Click Set up passkey.
- Your device prompts you for a biometric — Touch ID on a Mac, Face ID on an iPhone, Windows Hello, your phone's fingerprint reader, etc. Confirm it.
- You're done. Your device stores the passkey, Vulcan signs you in, and the page redirects to a confirmation screen. You can now open the app URL the owner shared with you.
After this, you don't need the invite link again — it's already been used.
Future sign-ins
Once your passkey is enrolled, signing in is much shorter:
- Open the app URL the owner shared (e.g.
https://your-app.nyx.shipveho.com). - You'll see a chooser with two options — Sign in with Google (Veho employee) and Sign in with passkey (Partner). Click the Sign in with passkey option.
- You can optionally type your email, then click Sign in with passkey.
- Confirm with your device biometric when prompted. You're in.
Your sign-in lasts 90 days. After that, repeat the same passkey ceremony to refresh it.
Using multiple devices
A passkey is created on the device you used to enroll. Whether it's available on your other devices depends on which password manager you used:
- iCloud Keychain (Apple devices signed into the same Apple ID) — your passkey syncs to your iPhone, iPad, and Mac automatically.
- Google Password Manager (Android + Chrome) — your passkey syncs across devices signed into the same Google account.
- 1Password / Bitwarden / other cross-platform managers — sync across whichever devices you've signed the manager into.
- Windows Hello — passkey stays on that one Windows machine (does not sync).
If your passkey doesn't sync to a device you want to use, ask the app owner to issue you a fresh invite link from that device — you can enroll multiple passkeys (up to five) on the same email, one per device.
What to expect from the browser
The most reliable combinations during testing have been:
- Safari + iCloud Keychain on macOS and iOS — works first try in nearly every case.
- Chrome + system password manager (Touch ID on macOS, Windows Hello on Windows) — also reliable.
- Chrome with a password-manager extension installed (1Password, Bitwarden, etc.) — can sometimes intercept the passkey prompt and show the extension's own UI instead of the system biometric. If that happens and you'd rather use the system passkey, try an incognito/private window, or disable the extension temporarily on
vulcan.shipveho.com.
The browser prompt looks slightly different on every OS, but the core action is the same: confirm with your biometric.
If you lose access
You lost your device
Your passkey is on the device you enrolled with. If you no longer have that device:
- If your passkey was syncing (iCloud Keychain, Google Password Manager, 1Password, etc.), sign into the same password manager on another device — the passkey should be there.
- If your passkey was device-bound (Windows Hello, single-device manager), it's gone with the device. Ask the app owner to issue a fresh invite link, and enroll a new passkey on your new device.
You deleted the passkey by accident
Same fix — ask the app owner for a fresh invite link. The owner can also see which passkeys are enrolled against your email and revoke the missing one if you ask them to clean up.
The invite link doesn't work
A few common cases:
- "Invite link already used" — someone (you or someone with the link) already clicked it. The link is single-use; ask for a fresh one.
- "Invite link expired" — over 24 hours since the owner generated it. Ask for a fresh one.
- "Access revoked" — your email isn't on this app's partner list anymore. Contact the app owner.
- "Invalid invite link" — the URL got mangled in transit (line-wrapped in a chat client, cut off in copy/paste). Ask the owner to send it through a different channel.
The biometric prompt never appears
If you click Set up passkey or Sign in with passkey and nothing seems to happen:
- The OS prompt may have opened behind another window — bring the browser tab to the front.
- A password-manager extension may be intercepting silently — try incognito mode.
- After about 60 seconds, the browser will time out with an error like "The operation either timed out or was not allowed." Just click the button again.
Why no password or email code?
Passkeys are intentionally the only sign-in method for partners. They're more secure than passwords (nothing to leak), faster than email or SMS codes (no waiting), and they can't be phished. The trade-off is that they're tied to a device or a password-manager account — which is why losing access to your device means asking the owner for a new invite, rather than resetting a password.
Privacy
When you enroll a passkey:
- Your biometric (fingerprint, face) never leaves your device. Vulcan never sees it.
- Vulcan only stores the public half of the cryptographic key pair, along with your email and a label (your browser's user-agent string, used to help the owner identify which passkey came from which device).
- Your sign-in is scoped to the specific Vulcan apps you were invited to. You can't see, list, or reach any other app on the platform.