New · Entra Verified ID + Face Check

The next enterprise breach
starts with a phone call.

Fctr verifies callers both ways—before anyone acts.

Helpdesks verify employee callers before resets and other sensitive actions. Employees verify callers claiming to be IT support. Both use factors already enrolled in Entra ID or Okta. Verification does not depend on what the caller says or sounds like—even during vishing or AI-cloned voice attacks.

Verify callers in under 60 seconds No new authenticator to deploy
Technology ecosystem
Identity providers Microsoft Entra ID Okta Entra Verified ID
Integrations ServiceNow Freshdesk Slack Zendesk Microsoft Teams

Voice phishing is now the #2 observed initial intrusion vector.

ShinyHunters campaigns use social engineering to impersonate both sides of support: employees calling helpdesks and IT calling employees.

Entra ID and Okta secure application access. Fctr secures sensitive support actions.

Before an agent resets a password, unlocks an account, or starts recovery, Fctr verifies the employee using an enrolled factor, then allows the agent to proceed only with actions permitted by role and policy. It complements the identity provider without another authenticator or a separate workforce directory.

  1. 01
    Directory lookup

    Confirm an active employee record and display live profile details.

    AUTHORITATIVE DIRECTORY
  2. 02
    Factor verification

    Verify the caller through an enrolled factor managed by the organization.

    ORGANIZATION-MANAGED FACTOR
  3. 03
    Action authorization

    Allow only actions permitted by policy and the agent’s assigned role.

    ONE TARGET · ONE ACTION
  4. 04
    Audit record

    Record a PII-masked audit trail of the verification, authorized action, and outcome.

    AUDIT-READY EVIDENCE
No security questions No new authenticator No action before MFA No standing admin rights for agents

Verify callers with the factors your workforce already uses.

Fctr verifies the caller using an existing Entra ID or Okta enrollment, then returns the result directly to the support workflow.

EMPLOYEEExisting enrolled factorAlready managed by the organization
Microsoft Entra ID
Core verification

Microsoft Authenticator

ChallengePush notification
Verified
Also supportedTOTP · SMS · Email OTP

Uses the employee’s current Entra enrollment

Okta Identity Cloud
Core verification

Okta Verify

ChallengeNumber challenge
Verified
Also supportedTOTP · SMS · Email OTP

Uses the employee’s current Okta enrollment

Entra Verified ID
Policy-driven step-up

Verified ID + Face Check

ProofCredential + face match
Assured
PurposeHigher-assurance verification

Applied when organizational policy requires it

FCTR VERIFY · ACTIVE SESSION

Is this really IT?

Your support agent is ready to verify this call before it continues.

Verify IT caller
I did not request support

04Verification, both ways

Vishing works both ways. Verification should too.

Attackers call helpdesks pretending to be employees—and call employees pretending to be IT. Fctr lets employees require an IT caller to complete an organization-managed enrolled-factor challenge before the support conversation continues.

  1. 01IT starts verification from the active support session.
  2. 02The IT caller completes a challenge through their enrolled factor.
  3. 03Both sides see the result before the call continues.

Use Fctr Portal—or bring Fctr Verify into your existing tools.

Choose where agents work. The same enrolled-factor verification, policy enforcement, and PII-masked audit evidence apply in both.

INCLUDED IN BOTH
Existing Entra ID or Okta factors Policy enforcement PII-masked audit evidence
01 / FCTR PORTAL

Identity operations workspace

Use Fctr Portal to verify callers, view live identity context, and take approved account actions in one governed web application.

BEST WHENYou want to replace admin-console and spreadsheet handoffs with one controlled path.

02 / FCTR VERIFY

Verification where agents already work

Trigger an enrolled-factor challenge from the active ticket, support interaction, or customer application.

Customer-deployed integrationsONE INCLUDED WITH FCTR VERIFY
ServiceNow
Freshdesk
Zendesk
Slack
Microsoft Teams
APIExternal Verification API

BEST WHENYou want to preserve the current agent experience while adding a reusable security control.

Use Fctr Portal, Fctr Verify, or both. Keep escalations and higher-privilege support actions in Portal while other agents trigger verification from their existing queues. Both paths share the same provider connection, policy enforcement, and PII-masked audit evidence.

No workforce PII persisted. Every decision connected.

Fctr retrieves only what the active support session needs and does not persist customer workforce PII or identity profiles. PII-masked audit evidence connects the actor, factor, policy, action, and outcome. Review the public assurance overview.

No shadow identity directoryCurrent context comes from the system of record.
No pooled privileged credentialsAccess is delegated, short-lived, and constrained.
PII-masked audit evidenceActor, factor, policy, action, and result remain connected.
CONNECTED SUPPORT RECORD Why the action was allowed
EventActorControlOutcome
Identity context retrievedHelpdesk agentDirectory readCOMPLETE
Device proof acceptedEmployeeExisting MFAVERIFIED
Scoped action recordedHelpdesk agentPolicy + targetRECORDED
Illustrative product view · sensitive values masked by design

Pricing for the way your team works.

Simple, predictable pricing for Fctr Portal, Fctr Verify, or both.

02 / FCTR VERIFY Standalone for teams without Fctr Portal $25,000 / year ONE INTEGRATION INCLUDED
  • Sandbox environment for setup and integration testing
  • Enrolled-factor verification in an existing support workflow
  • Predictable annual pricing—not user-based or per-verification
  • +Additional integrations — $10,000/year each
Discuss Verify
CUSTOM 03 / ENTERPRISE For scale and compliance Let’s talk

For larger deployments or advanced compliance needs.

  • Custom connectors and implementation support
  • Dedicated deployment options
  • Premium support and SLA options
  • Complex multi-environment planning
Contact sales
Operational case Fctr Portal starts at $1,000/month for five agents.
~5 minCurrent manual flow <60 secCaller verification
Discuss your workflow →

Common questions

The answers buyers need before a pilot.

We already use Okta or Microsoft Entra ID. Why do we need Fctr?

Entra ID and Okta secure application access. Fctr adds enrolled-factor verification and policy enforcement before sensitive support actions. Agents work in Fctr Portal or use Fctr Verify through customer-deployed integrations—without returning to the provider’s admin console for each workflow.

Why does Microsoft Authenticator Push support matter?

Fctr supports Microsoft Authenticator Push and TOTP for Entra ID users, so helpdesks can verify employees with a factor they already use without introducing another application or enrollment campaign.

What data does Fctr access from our identity provider?

Fctr uses scoped API access to retrieve the identity context needed for an active support session. It avoids building a persistent identity directory, keeps operational records minimized, and masks personal data in audit evidence. Every session is authenticated through the organization’s identity provider.

How is Fctr deployed and integrated?

Organizations can connect a pilot to Okta or Entra ID with scoped tokens or OAuth 2.0, then use the browser-based, cloud-hosted Fctr Portal or Fctr Verify through a customer-deployed integration or the External Verification API. A pilot can begin in hours; rollout timing depends on integration, policy, and change-management requirements.

How are Fctr Portal and Fctr Verify priced?

Fctr Portal starts at $200 per agent per month with a five-agent minimum. Fctr Portal customers add Fctr Verify integrations for $10,000 per year each. Teams without Portal can license Fctr Verify for $25,000 per year with one integration included; additional integrations are $10,000 per year each. Fctr Verify uses predictable annual pricing rather than user-based or per-verification pricing.

Does Fctr detect AI voice cloning or deepfakes?

Fctr does not attempt to classify a voice as human or synthetic. It requires organization-managed enrolled-factor verification before a sensitive support action, so the decision is based on factor evidence and policy rather than voice authenticity alone.

How do employees verify callers claiming to be IT support?

IT starts verification from the active support session. The IT caller completes a challenge through their enrolled factor, and both sides receive the result before the conversation continues or any sensitive action is taken.

View all frequently asked questions

Close the helpdesk path to account takeover.

Replace security questions with enrolled-factor verification before sensitive support actions—without giving helpdesk agents standing admin rights.

Free 60-day pilot available after the demo · No credit card required

Tailored product demo

See Fctr in your helpdesk workflow.

Share your work email and we’ll tailor the walkthrough to your identity stack, caller-verification flow, and support operations.

Entra ID or OktaBoth verification directionsPolicy-gated actions

We’ll use your email only to coordinate the walkthrough.