Frequently asked questions
Clear answers for security and identity teams.
How Fctr verifies employee and IT support callers with existing enrolled factors, gates sensitive actions, and fits into enterprise support operations.
These answers describe Fctr’s standard product approach. Provider capabilities, tenant policy, and approved integrations determine the exact options available in a customer environment.
01 / Product & fit
Where Fctr fits.
What does Fctr do?
Fctr is an identity operations platform for high-risk support workflows. It helps helpdesk agents verify employees calling for support, lets employees verify callers claiming to be IT support, and gates approved account actions behind verification.
Doesn’t Okta or Microsoft Entra already have caller verification?
Neither Okta nor Microsoft provides a native, helpdesk-facing identity operations portal. They provide authentication infrastructure; Fctr provides a purpose-built workspace where agents verify callers, view identity data, and take approved account actions without using the identity provider’s admin console.
Does Fctr replace our helpdesk and collaboration tools?
Not necessarily. Organizations can use the Fctr Portal as a single identity operations workspace or bring verification into supported ITSM, helpdesk, and collaboration tools through integrations and the REST API.
How is Fctr deployed and integrated?
Organizations can connect a pilot to Okta or Entra ID with scoped tokens or OAuth 2.0, then use the cloud-hosted Portal, marketplace integrations, or the REST API. A pilot can begin in hours; production timing depends on integration, policy, and change-management requirements.
02 / Verification & threats
Proof instead of caller judgment.
Why aren’t security questions or awareness training enough?
Training helps people recognize suspicious calls, but it does not prove who is calling or enforce a technical gate. Security-question answers can be researched, purchased, or elicited. Fctr requires proof through an organization-managed enrolled factor before a supported sensitive action can proceed.
Does Fctr detect AI voice cloning or deepfakes?
No. Fctr does not judge whether a voice is human or synthetic. It requires the caller to complete an organization-managed enrolled-factor challenge, so the verification decision does not depend on how convincing the caller sounds.
How do employees verify callers claiming to be IT support?
IT starts verification from the active support session. The employee receives a challenge through an existing enrolled factor, and both sides receive the result before the conversation continues or any sensitive action is taken.
Can an agent perform a sensitive action before verification?
No. Fctr evaluates verification state, role, provider capability, and customer policy before exposing or releasing a supported sensitive action. The decision and outcome are recorded in the support workflow.
03 / Factors & data
Use what the organization already manages.
Why does Microsoft Authenticator Push support matter?
Fctr supports Microsoft Authenticator Push and TOTP for Entra ID users, so helpdesks can verify employees with a factor they already use without introducing another application or enrollment campaign.
Which existing factors can Fctr use?
Supported options depend on the configured provider and tenant policy. Fctr supports workflows using Microsoft Authenticator Push and TOTP for Entra ID, Okta Verify and number challenge for Okta, additional one-time-code methods where configured, and Entra Verified ID with Face Check for higher-assurance step-up.
What data does Fctr access and store?
Fctr uses scoped API access to retrieve the identity context needed for an active support session. It avoids building a persistent identity directory, keeps operational records minimized, and masks personal data in audit evidence. Every session is authenticated through the organization’s identity provider.
04 / Commercial
Start with a focused workflow.
How are pricing and pilots structured?
Fctr offers Portal agent pricing, Verify active-user pricing, and custom Enterprise pricing. A 60-day trial is available, and a pilot can begin in hours. Production timing depends on integration, policy, security review, and change-management requirements.