New · Entra Verified ID + Face Check
The next enterprise breach
starts with a phone call.
Fctr verifies callers both ways—before anyone acts.
Helpdesks verify employees before resets and other sensitive actions. Employees verify callers claiming to be IT support. Both use Microsoft Authenticator or Okta Verify factors already enrolled in the organization’s identity provider, so the decision does not depend on conversation—even during social engineering, vishing, or AI-cloned voice attacks.
Voice phishing is now the #2 initial intrusion vector.
ShinyHunters campaigns impersonate both sides of support: employees calling helpdesks and IT calling employees.
Entra ID and Okta secure access. Fctr secures sensitive support actions.
Before an agent resets a password, unlocks an account, or starts recovery, Fctr requires the employee’s enrolled factor and releases only what role and policy allow. It complements the identity provider without another authenticator or a separate workforce directory.
-
01
DirectoryAUTHORITATIVE DIRECTORY
Confirm the caller is a current employee.
-
02
Factor proofDEVICE-BOUND PROOF
Require verification through the employee’s enrolled device.
-
03
Policy gateONE TARGET · ONE ACTION
Allow only the action role and policy approve.
-
04
Audit recordAUDIT-READY EVIDENCE
Keep a masked record of the decision and outcome.
Use the factors already enrolled in Entra ID or Okta.
Fctr sends verification through Microsoft Authenticator or Okta Verify using the employee’s existing enrollment. The result returns directly to the support workflow.
Microsoft Authenticator
Uses the employee’s current Entra enrollment
Okta Identity CloudOkta Verify
Uses the employee’s current Okta enrollment
Verified ID + Face Check
Applied when organizational policy requires it
Is this really IT?
Your support agent is ready to verify this call before it continues.
04Verification, both ways
Vishing works both ways. Verification should too.
Attackers call helpdesks pretending to be employees—and call employees pretending to be IT. Fctr lets employees require an IT caller to complete an organization-managed enrolled-factor challenge before the support conversation continues.
- 01IT starts verification from the active support session.
- 02The IT caller completes a challenge through their enrolled factor.
- 03Both sides see the result before the call continues.
Zero workforce PII stored. Every decision connected.
Fctr retrieves only what the active support session needs and does not persist customer workforce PII or identity profiles. PII-masked audit evidence connects the actor, factor, policy, action, and outcome.
Pricing for the way your team works.
Use the browser-based Portal with per-agent pricing, or add Fctr Verify to existing tools with active-user pricing. Both use the same verification engine and identity-provider connections.
For helpdesk teams that want to verify callers, view live identity context, and take approved actions from one place. Five-agent minimum.
- ✓MFA-gated caller verification (Push, TOTP, Face Check)
- ✓Live identity data, groups, apps & devices
- ✓Account actions — reset, unlock, suspend
- ✓5-tier RBAC, PII shielding & audit evidence
Add verification to your existing ITSM, helpdesk, and communication tools. 200 active-user minimum.
- ✓Verification only — no Portal workspace or live identity context
- ✓Marketplace apps — Freshdesk, ServiceNow & more
- ✓API access for custom integrations
- ✓Structured audit logs (PII-masked)
For teams with 10+ agents or advanced compliance needs.
- ✓Volume licensing for larger teams
- ✓SaaS security and deployment review
- ✓Integration planning for complex environments
- ✓Dedicated onboarding and support
Common questions
The answers buyers need before a pilot.
We already use Okta or Microsoft Entra ID. Why do we need Fctr?
Entra ID and Okta secure access to systems. Fctr adds enrolled-factor verification and policy enforcement to the support session before an agent takes a sensitive action. It complements the identity provider; agents can work through Fctr Portal or supported integrations without using the provider’s admin console for each workflow.
Why does Microsoft Authenticator Push support matter?
Fctr supports Microsoft Authenticator Push and TOTP for Entra ID users, so helpdesks can verify employees with a factor they already use without introducing another application or enrollment campaign.
What data does Fctr access from our identity provider?
Fctr uses scoped API access to retrieve the identity context needed for an active support session. It avoids building a persistent identity directory, keeps operational records minimized, and masks personal data in audit evidence. Every session is authenticated through the organization’s identity provider.
How is Fctr deployed and integrated?
Organizations can connect a pilot to Okta or Entra ID with scoped tokens or OAuth 2.0, then use the browser-based, cloud-hosted Portal, marketplace integrations, or the REST API. A pilot can begin in hours; production timing depends on integration, policy, and change-management requirements.
Does Fctr detect AI voice cloning or deepfakes?
Fctr does not attempt to classify a voice as human or synthetic. It requires organization-managed enrolled-factor verification before a sensitive support action, so the decision is based on factor evidence and policy rather than voice authenticity alone.
How do employees verify callers claiming to be IT support?
IT starts verification from the active support session. The IT caller completes a challenge through their enrolled factor, and both sides receive the result before the conversation continues or any sensitive action is taken.
Close the helpdesk reset path to account takeover.
Replace security questions with enrolled-factor verification before sensitive support actions—without giving helpdesk agents standing admin rights.
60-day free trial · No credit card required

