New · Entra Verified ID + Face Check

The next enterprise breach
starts with a phone call.

Fctr verifies who’s calling before anyone acts.

Helpdesks verify employees before resets and other sensitive actions; employees verify callers claiming to be IT support. Both use Microsoft Authenticator or Okta Verify already enrolled by the organization, so trust does not depend on conversation—even during social engineering, vishing, or AI-cloned voice attacks.

Verify callers in under 60 seconds · No new authenticator to deploy
Technology ecosystem
Identity providers Microsoft Entra ID Okta Entra Verified ID
Integrations ServiceNow Freshdesk Slack Zendesk Microsoft Teams

Voice phishing is now the #2 initial intrusion vector.

ShinyHunters campaigns impersonate both sides of support: employees calling helpdesks and IT calling employees.

Replace caller judgment with enforced verification.

Before an agent can reset, unlock, or recover an account, Fctr requires the employee to verify with an MFA factor already enrolled by the organization.

  1. 01
    Lookup

    Pull live identity context from Entra ID or Okta.

    AUTHORITATIVE DIRECTORY
  2. 02
    Verify

    Challenge the employee’s already-enrolled MFA factor.

    DEVICE-BOUND PROOF
  3. 03
    Authorize

    Release only the action allowed by the agent’s role and policy.

    ONE TARGET · ONE ACTION
  4. 04
    Record

    Record the actor, factor, action, and outcome with sensitive values masked.

    AUDIT-READY EVIDENCE
No security questions No new authenticator No action before MFA No standing admin rights for agents

Use the factors already enrolled in Entra ID or Okta.

Fctr sends verification through Microsoft Authenticator or Okta Verify using the enrollment employees already have. The result returns directly to the support workflow—without a second authenticator or enrollment campaign.

EMPLOYEEExisting enrolled proofNo new application or enrollment campaign
Microsoft Entra ID
Core verification

Microsoft Authenticator

ChallengePush notification
Verified
Also supportedTOTP · SMS · Email OTP

Uses the employee’s current Entra enrollment

Okta Identity Cloud
Core verification

Okta Verify

ChallengeNumber challenge
Verified
Also supportedTOTP · SMS · Email OTP

Uses the employee’s current Okta enrollment

Entra Verified ID
Policy-driven step-up

Verified ID + Face Check

ProofCredential + face match
Assured
PurposeHigher-assurance verification

Applied when organizational policy requires it

FCTR VERIFY · ACTIVE SESSION

Is this really IT?

Your support agent is requesting approval to continue this call.

Verify IT caller
I did not request support

04Verification, both ways

When IT calls an employee, require the caller to verify.

When a caller claims to be IT support, the employee can require verification through an organization-managed enrolled factor before the support conversation continues.

  1. 01IT starts verification from the active support session.
  2. 02The employee receives an MFA challenge on an enrolled device.
  3. 03Both sides see the result before the call continues.

One portal—or verification inside the tools you already use.

Helpdesk agents often switch among Entra or Okta, HRIS, spreadsheets, and ITSM tools to resolve one request. Fctr brings verification, live identity context, and approved actions into one workspace—or embeds verification inside the support tools already in use.

01 / PORTALFull identity operations

Verify, view live context, and take approved actions without jumping between admin consoles and spreadsheets.

02 / INTEGRATIONSVerification inside existing tools
ServiceNow Freshdesk Slack Zendesk Microsoft Teams REST API

Bring MFA-gated verification into helpdesk and collaboration workflows through marketplace apps or the REST API.

Zero workforce PII stored. Every decision connected.

The Fctr verification product retrieves only what the active support session needs and does not persist customer workforce PII or identity profiles. PII-masked audit evidence connects the actor, factor, policy, action, and outcome.

No shadow identity directoryCurrent context comes from the system of record.
No pooled privileged credentialsAccess is delegated, short-lived, and constrained.
PII-masked audit evidenceActor, factor, policy, action, and result remain connected.
CONNECTED SUPPORT RECORD Why the action was allowed
EventActorControlOutcome
Identity context retrievedHelpdesk agentDirectory readCOMPLETE
Device proof acceptedEmployeeExisting MFAVERIFIED
Scoped action recordedHelpdesk agentPolicy + targetRECORDED
Illustrative product view · sensitive values masked by design

One platform. Two ways to use it.

Use the full Portal with per-agent pricing, or embedded Verify with active-user pricing. Both use the same verification engine and identity-provider connections.

02 / VERIFY For embedded verification $12 / active user / month

Embed verification directly into your existing ITSM, helpdesk, and communication tools. 200 active-user minimum.

  • Verification only — no portal, no identity data
  • Marketplace apps — Freshdesk, ServiceNow & more
  • API access for custom integrations
  • Structured audit logs (PII-masked)
Discuss Verify
CUSTOM 03 / ENTERPRISE For scale and compliance Let’s talk

For teams with 10+ agents or advanced compliance needs.

  • Volume licensing for larger teams
  • SaaS security and deployment review
  • Integration planning for complex environments
  • Dedicated onboarding and support
Contact sales
Operational case Replace manual caller checks with one controlled verification path.
~5 minCurrent manual flow <60 secCaller verification target
Model your workflow →

Common questions

The answers buyers need before a pilot.

Doesn’t Okta or Microsoft Entra already have caller verification?

Neither Okta nor Microsoft provides a native, helpdesk-facing identity operations portal. They provide authentication infrastructure; Fctr provides a purpose-built workspace where agents verify callers, view identity data, and take approved account actions without using the identity provider’s admin console.

Why does Microsoft Authenticator Push support matter?

Fctr supports Microsoft Authenticator Push and TOTP for Entra ID users, so helpdesks can verify employees with a factor they already use without introducing another application or enrollment campaign.

What data does Fctr access from our identity provider?

Fctr uses scoped API access to retrieve the identity context needed for an active support session. It avoids building a persistent identity directory, keeps operational records minimized, and masks personal data in audit evidence. Every session is authenticated through the organization’s identity provider.

How is Fctr deployed and integrated?

Organizations can connect a pilot to Okta or Entra ID with scoped tokens or OAuth 2.0, then use the cloud-hosted Portal, marketplace integrations, or the REST API. A pilot can begin in hours; production timing depends on integration, policy, and change-management requirements.

Does Fctr detect AI voice cloning or deepfakes?

No. Fctr does not judge whether a voice is human or synthetic. It requires the caller to complete an organization-managed enrolled-factor challenge, so the verification decision does not depend on how convincing the caller sounds.

How do employees verify callers claiming to be IT support?

IT starts verification from the active support session. The employee receives a challenge through an existing enrolled factor, and both sides receive the result before the conversation continues or any sensitive action is taken.

View all frequently asked questions

Close the helpdesk reset path to account takeover.

Replace security questions with enrolled-factor verification before sensitive support actions—without giving helpdesk agents standing admin rights.

60-day free trial · No credit card required

Tailored product demo

See Fctr in your helpdesk workflow.

Share your work email and we’ll tailor the walkthrough to your identity stack, caller-verification flow, and support operations.

Entra ID or OktaBoth verification directionsPolicy-gated actions

We’ll use your email only to coordinate the walkthrough.