Healthie Sign-In Update: What White-Label Customers Need to Know

Healthie is transitioning to a new authentication platform, strengthening login security and expanding our MFA method offerings.

What's Changing

An updated sign-in experience and enhanced login security is rolling out to all accounts. Customers will be migrated on a rolling basis over the coming months — you'll receive a follow-up email at least two weeks in advance with your specific release date.

Your authentication system will include multiple layers of security monitoring and enforcement, which may include:

  • Bot detection
  • Recognizing unknown devices
  • Multiple failed password attempts
  • Breached password detection
  • Impossible travel detection
  • Suspicious IP analysis
  • Stale account management
  • Email credibility checks

These controls may prompt additional verification, restrict access, or flag activity for review. These security rules apply to all users in Healthie — provider, support, and client accounts.

Users will also have the option to set up a passkey — a secure, device-based alternative to entering a password using biometrics or a device PIN.

The vast majority of your users will notice little to no change in their day-to-day experience outside of occasional notification emails, which are purely informational and do not block or interrupt access to care.

As a white-label customer, these security notification emails will be branded to your company, consistent with how all Healthie emails currently send on your behalf.

Single Sign-On

If your organization uses SSO for both staff and client accounts and no users log in with an email and password, you will not be impacted by this update. The new authentication experience applies to password-based logins only.

Multi-Factor Authentication (MFA)

If you have MFA today

  • MFA will remain enabled and providers will see expanded verification options, including authenticator apps and SMS
  • Providers will be guided to select their preferred method and save a backup recovery code — a straightforward process
  • Providers will also have the option to set up a passkey as a secure alternative to entering a password. Note that passkeys do not replace MFA — if MFA is enabled, providers will still be required to complete their verification step

If you do not have MFA today

  • If you'd like to enable MFA for all provider and support seats at the time of your migration, please reach out to your Customer Success Manager
  • If MFA is enabled on your transition date, we recommend providing guidance to your providers and support staff ahead of time so they know what to expect at login
  • MFA will be required for all provider and support accounts later this Spring — we'll communicate ahead of time before this requirement goes into effect

How to Prepare

  1. Let your providers and support team know that they will see an updated sign-in screen and may occasionally receive security notification emails
  2. We recommend establishing an internal pathway for staff to ask questions or report issues
  3. Ensure every provider and team member has their own Healthie account with a valid, accessible email address — shared logins are not supported
  4. Review Healthie's updated security and MFA documentation: Account Protection & Multi-Factor Authentication (MFA)

If you have questions or specific requirements ahead of your migration date, please reply to your migration email or contact your account manager at hello@gethealthie.com.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.