Identity verification for the deepfake era.
Stop vishing and helpdesk takeovers by replacing broken security questions with device-bound MFA. Fctr gives helpdesks one portal to verify callers and securely execute account actions across Microsoft Entra ID and Okta, while IT, HR, and finance teams protect high-risk interactions directly inside their existing tools.
Identity Orchestration Platform.
Fctr is the identity operations control plane for support teams. Agents verify callers, see live identity context, and take approved account actions from one place without ever touching an admin console. It replaces security questions and caller trivia with enforced, device-bound verification across resets, unlocks, recovery flows, and other high-risk support moments. The platform is extensible by design: verification, identity operations, and audit trails today, with the architecture to add new controls as the threat landscape evolves.
Stop IT Support Impersonation
Helpdesk agents verify callers with device-bound MFA — push, TOTP, or biometrics. And when someone calls your employees claiming to be IT, they can challenge the caller to prove it. If they can't pass device-bound MFA, it's not your team.
Identity Attributes
Groups, apps, devices, account status, and event logs — pulled live from your IDP. No admin console needed.
Take Action
Reset passwords. Unlock accounts. Resolve calls without escalation or admin console access.
Revoke Admin Rights from Tier-1 Support.
Fctr is the abstraction layer — agents verify, reset, and unlock through Fctr while the backend proxies actions to Okta or Entra ID. Permanently revoke native admin credentials. Five-tier RBAC scopes each agent to exactly what their job requires.
Audit Trail
Every verification, lookup, and action — logged with PII-masked records. Prove exactly who called and what happened.
Zero PII
No data stored. No credentials cached. No database to breach. We orchestrate your IDP without owning sensitive data.
Works with your entire stack.
The Fctr Portal is the core product — a single workspace that replaces every admin console your agents touch. Integrations extend the portal's verification engine into the tools your team already uses, and the platform is built to add new capabilities as your needs grow.
Portal, Verify, or both. You choose.
Start with the full orchestration portal, or embed verification directly into the tools your team already uses. Either path connects to the same platform — and new capabilities extend both.
The full identity operations hub.
Verify callers, see live identity data, and take account actions from one screen — instead of bouncing between admin consoles, spreadsheets, and chat. Recommended for teams that want the complete workflow.
- Live identity attributes, groups, apps, and events
- Account actions like reset, unlock, and suspend
- 5-tier RBAC with no admin console exposure
Verify inside your existing tools.
Already running Freshdesk, ServiceNow, or Zendesk? Add MFA-gated verification directly into those platforms — no portal required. A standalone product for teams that want verification inside their existing workflow.
- Marketplace apps for major helpdesks
- REST API for custom integrations
- MAU-based pricing — pay for what you use
Both paths share the same verification engine, the same zero-data architecture, and the same IDP connections. Use them independently or combine them. The portal is the foundation — start with what you need today, and the platform grows with you as new capabilities are added.
Calculate your savings.
See how much time and money Fctr saves your organization by reducing your Average Handle Time (AHT) and cutting verification from 8 minutes to under 60 seconds.
Your Organization
* Social engineering attacks account for 70% of all account takeovers, with the average cost of an account compromise reaching $12,000 per incident and recovery taking 115+ hours according to the 2023 Verizon DBIR.
Simple, transparent pricing.
From embedded verification apps to the full identity operations portal — pick what fits. Every plan includes full MFA enforcement, audit logging, and access to new capabilities as they're released.
The full identity operations portal for helpdesk teams. Verify, view, and act. 5-agent minimum.
- MFA-gated caller verification (Push, TOTP, TAP)
- Live identity data, groups, apps & devices
- Account actions — reset, unlock, suspend
- 5-tier RBAC, PII shielding & full audit trails
Embed verification directly into your existing ITSM, helpdesk, and communication tools.
- Verification only — no portal, no identity data
- Marketplace apps — Freshdesk, ServiceNow & more
- API access for custom integrations
- Structured audit logs (PII-masked)
* 200 active users/mo minimum
Get StartedFor teams with 10+ agents or advanced compliance needs.
- Volume licensing discounts
- Self-hosted or air-gapped deployment
- Custom log retention & IP whitelisting
- Dedicated onboarding & support
Questions? Talk to the team that built it — no scripts, no pressure, no 12-email sequences.
MGM. Caesars. Clorox. Every breach started with a phone call.
Your helpdesk is still using security questions. Attackers aren't waiting for you to upgrade.
Enter your work email here and we'll reach out.
60-day free trial · Deploy in hours · No credit card required.
Commonly asked questions.
Everything you need to know about the Fctr Identity Platform and how it works.
Fctr (pronounced “factor”) comes from “factor” as in multi-factor authentication. Your IDP manages the factors — Fctr enforces them on every helpdesk interaction.
Training is essential, but human judgment is the weak link. Fctr adds an enforcement layer that makes social engineering technically impossible by requiring device-bound MFA before any high-risk action can be taken.
Neither Okta nor Microsoft provide a native, helpdesk-facing identity operations portal. They provide the authentication "plumbing" — Fctr provides a purpose-built portal where agents verify callers, view identity data, and take account actions without ever touching the admin console.
The Fctr Portal is the recommended starting point — it's a full identity operations hub, not just verification. If your team prefers to stay in existing tools, you can use the Fctr Portal alongside ServiceNow, Freshdesk, or Slack integrations, or use embedded verification alone through marketplace apps and our REST API. Either way, it connects to your existing Okta or Entra ID — no new identity infrastructure required.
Two fronts: (1) Operational efficiency — saving 5–8 minutes per call across your helpdesk. Use the ROI calculator above to see the numbers for your organization. (2) Risk reduction — the Clorox breach ($380M), MGM ($100M+), and Caesars ($15M ransom) all started with a phone call to the helpdesk. Fctr makes those attacks fail by requiring device-bound MFA through the caller's enrolled authenticator.
Fctr uses scoped API tokens and OAuth2 to connect to your IDP. We pull user details — groups, apps, account status, event logs — in real-time and never persist them. No admin credentials stored, no user PII stored. Every session is authenticated natively by your IDP.
Fctr isn't a point verification tool — it's an identity operations portal built to grow. (1) Full identity portal — verify callers, view user details (groups, apps, licenses, event logs), and take action (reset passwords, unlock accounts) — all from one screen, no admin console required. (2) IT support impersonation defense — employees can challenge callers claiming to be IT to prove their identity through device-bound MFA. (3) Helpdesk integrations — embed verification directly into ServiceNow, Freshdesk, Slack, and more via marketplace apps or REST API. (4) Microsoft Authenticator Push + TOTP — the only third-party platform that natively triggers Microsoft Authenticator for Entra ID users. (5) Zero-data architecture — no database, no PII stored, no data at rest to breach. The platform is designed to be extensible — new verification methods and identity capabilities are added to the same portal over time.
Two options: (1) Portal — cloud-hosted SaaS, agents log in and work immediately. Connect your Okta or Entra ID tenant via scoped API tokens or OAuth2. (2) Integrations — install marketplace apps for ServiceNow, Freshdesk, or Slack, or use the REST API for custom integrations. Both options share the same verification engine and IDP connections. Typical deployment takes 2–4 weeks.
Portal is $200 per agent per month (5-agent minimum). Verify — embedded verification via marketplace apps and API — is $12 per active user per month (200 active user minimum). Enterprise plans with custom pricing are available for 10+ agents. All plans include the same verification engine, zero-data architecture, and IDP connections.
Most Entra ID environments have Microsoft Authenticator as the primary enrolled factor. Third-party helpdesk tools that can only trigger SMS or email OTP are verifying users with their weakest factor. Fctr is the only third-party portal that triggers Microsoft Authenticator Push notifications and TOTP directly — verifying users with the same strong factor they use every day.
Standard helpdesks rely on human judgment — "does this sound like John?" — which is exactly why voice phishing, vishing, and IT support impersonation keep working. Mandiant reported that highly interactive voice phishing accounted for 11% of intrusions in 2025, making it the second-most observed initial infection vector. Fctr removes the guesswork. Instead of trusting what the caller sounds like, Fctr requires cryptographic proof through device-bound MFA: a push notification or TOTP code from the caller's enrolled authenticator. An attacker can clone a voice, but they cannot approve a push on a device they do not possess.
IT support impersonation — where attackers call employees pretending to be from IT and ask them to share credentials, approve MFA prompts, or install remote access tools — is now one of the most common social engineering vectors. Fctr flips the flow: when someone calls claiming to be from IT, the employee can trigger a verification challenge back to the caller's enrolled device. If the caller can't pass device-bound MFA, the employee knows to hang up. Same verification engine your helpdesk already uses, pointed in the other direction.