New · Entra Verified ID + Face Check
The next enterprise breach
starts with a phone call.
Fctr verifies who’s calling before anyone acts.
Helpdesks verify employees before resets and other sensitive actions; employees verify callers claiming to be IT support. Both use Microsoft Authenticator or Okta Verify already enrolled by the organization, so trust does not depend on conversation—even during social engineering, vishing, or AI-cloned voice attacks.
Voice phishing is now the #2 initial intrusion vector.
ShinyHunters campaigns impersonate both sides of support: employees calling helpdesks and IT calling employees.
Replace caller judgment with enforced verification.
Before an agent can reset, unlock, or recover an account, Fctr requires the employee to verify with an MFA factor already enrolled by the organization.
-
01
LookupAUTHORITATIVE DIRECTORY
Pull live identity context from Entra ID or Okta.
-
02
VerifyDEVICE-BOUND PROOF
Challenge the employee’s already-enrolled MFA factor.
-
03
AuthorizeONE TARGET · ONE ACTION
Release only the action allowed by the agent’s role and policy.
-
04
RecordAUDIT-READY EVIDENCE
Record the actor, factor, action, and outcome with sensitive values masked.
Use the factors already enrolled in Entra ID or Okta.
Fctr sends verification through Microsoft Authenticator or Okta Verify using the enrollment employees already have. The result returns directly to the support workflow—without a second authenticator or enrollment campaign.
Microsoft Authenticator
Uses the employee’s current Entra enrollment
Okta Identity CloudOkta Verify
Uses the employee’s current Okta enrollment
Verified ID + Face Check
Applied when organizational policy requires it
Is this really IT?
Your support agent is requesting approval to continue this call.
04Verification, both ways
When IT calls an employee, require the caller to verify.
When a caller claims to be IT support, the employee can require verification through an organization-managed enrolled factor before the support conversation continues.
- 01IT starts verification from the active support session.
- 02The employee receives an MFA challenge on an enrolled device.
- 03Both sides see the result before the call continues.
One portal—or verification inside the tools you already use.
Helpdesk agents often switch among Entra or Okta, HRIS, spreadsheets, and ITSM tools to resolve one request. Fctr brings verification, live identity context, and approved actions into one workspace—or embeds verification inside the support tools already in use.
Verify, view live context, and take approved actions without jumping between admin consoles and spreadsheets.
Bring MFA-gated verification into helpdesk and collaboration workflows through marketplace apps or the REST API.
Zero workforce PII stored. Every decision connected.
The Fctr verification product retrieves only what the active support session needs and does not persist customer workforce PII or identity profiles. PII-masked audit evidence connects the actor, factor, policy, action, and outcome.
One platform. Two ways to use it.
Use the full Portal with per-agent pricing, or embedded Verify with active-user pricing. Both use the same verification engine and identity-provider connections.
The full identity operations portal for helpdesk teams. Verify, view, and act. Five-agent minimum.
- ✓MFA-gated caller verification (Push, TOTP, Face Check)
- ✓Live identity data, groups, apps & devices
- ✓Account actions — reset, unlock, suspend
- ✓5-tier RBAC, PII shielding & full audit trails
Embed verification directly into your existing ITSM, helpdesk, and communication tools. 200 active-user minimum.
- ✓Verification only — no portal, no identity data
- ✓Marketplace apps — Freshdesk, ServiceNow & more
- ✓API access for custom integrations
- ✓Structured audit logs (PII-masked)
For teams with 10+ agents or advanced compliance needs.
- ✓Volume licensing for larger teams
- ✓SaaS security and deployment review
- ✓Integration planning for complex environments
- ✓Dedicated onboarding and support
Common questions
The answers buyers need before a pilot.
Doesn’t Okta or Microsoft Entra already have caller verification?
Neither Okta nor Microsoft provides a native, helpdesk-facing identity operations portal. They provide authentication infrastructure; Fctr provides a purpose-built workspace where agents verify callers, view identity data, and take approved account actions without using the identity provider’s admin console.
Why does Microsoft Authenticator Push support matter?
Fctr supports Microsoft Authenticator Push and TOTP for Entra ID users, so helpdesks can verify employees with a factor they already use without introducing another application or enrollment campaign.
What data does Fctr access from our identity provider?
Fctr uses scoped API access to retrieve the identity context needed for an active support session. It avoids building a persistent identity directory, keeps operational records minimized, and masks personal data in audit evidence. Every session is authenticated through the organization’s identity provider.
How is Fctr deployed and integrated?
Organizations can connect a pilot to Okta or Entra ID with scoped tokens or OAuth 2.0, then use the cloud-hosted Portal, marketplace integrations, or the REST API. A pilot can begin in hours; production timing depends on integration, policy, and change-management requirements.
Does Fctr detect AI voice cloning or deepfakes?
No. Fctr does not judge whether a voice is human or synthetic. It requires the caller to complete an organization-managed enrolled-factor challenge, so the verification decision does not depend on how convincing the caller sounds.
How do employees verify callers claiming to be IT support?
IT starts verification from the active support session. The employee receives a challenge through an existing enrolled factor, and both sides receive the result before the conversation continues or any sensitive action is taken.
Close the helpdesk reset path to account takeover.
Replace security questions with enrolled-factor verification before sensitive support actions—without giving helpdesk agents standing admin rights.
60-day free trial · No credit card required